Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Checking for any possible virus/trojan/malware... FRST attached


  • This topic is locked This topic is locked
18 replies to this topic

#1 FlimFlam69

FlimFlam69

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 18 November 2016 - 12:35 AM

This is a continuation off of:
 
http://www.bleepingcomputer.com/forums/t/631962/am-i-infected-pc-running-slow-sometimes-apps-hang-like-ie-chrome-wow/#entry4119723

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2016
Ran by James (administrator) on FLIMFLAM69 (18-11-2016 00:26:51)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James & XSIOAHQLD9 & 4FEGM2WER0)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.8142\Battle.net.exe
(SplitMediaLabs) C:\Program Files\SplitMediaLabs\XSplit\XSplit.Core.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5296\Agent.exe
() C:\Program Files\Battle.net\Battle.net.8142\Battle.net Helper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [LVCOMS] => C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [127022 2002-12-10] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-11-12] (AVAST Software)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_23_0_0_185_Plugin.exe [1224896 2016-10-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-11-12] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AA8CE6D-AD17-4679-A08F-74DD40C9D2FD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> DefaultScope {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} -> No File
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7358c659.default
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default [2016-11-17]
FF NewTab: Mozilla\Firefox\Profiles\7358c659.default -> about:newtab
FF Keyword.URL: Mozilla\Firefox\Profiles\7358c659.default -> user_pref("keyword.URL", true);
FF Extension: (No Name) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\Extensions\abs@avira.com [2016-11-11]
FF Extension: (Asynchronous Plugin Rendering) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\features\{81e44e56-16e1-4f9a-86e2-359b9a01994d}\asyncrendering@mozilla.org.xpi [2016-10-28]
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\searchplugins\google-lavasoft.xml [2016-10-14]
FF Extension: (Multi-process staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2016-10-21] [not signed]
FF Extension: (Pocket) - C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2016-10-21] [not signed]
FF Extension: (Web Compat) - C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2016-10-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2412800826-1674594253-1344594430-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (Flash Video Downloader) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-10-27]
CHR Extension: (Yahoo Partner) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2016-10-14]
CHR Extension: (iPad Simulator) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-10-23]
CHR Extension: (Android Application) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmmncpgjaaloalbpijeaphmmpmdpcjkf [2016-10-22]
CHR Extension: (Video Downloader professional) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-11]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-10-27]
CHR Extension: (Google Hangouts) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Yahoo Partner) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-10-21]
CHR HKLM\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2014-06-02] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-12] (AVAST Software)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [133120 2013-07-07] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [802304 2015-07-31] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [444928 2013-10-10] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [174080 2014-12-05] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [153600 2014-12-05] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [602112 2015-08-05] (Microsoft Corporation) [File not signed]
R2 TermService; C:\Windows\System32\termsrv.dll [449536 2014-10-09] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\Windows\System32\webclnt.dll [199680 2015-07-01] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2014-05-30] (Microsoft Corporation) [File not signed]
R3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-11-12] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-11-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-11-12] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-11-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-11-12] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-11-12] (AVAST Software)
R3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-11-12] (AVAST Software)
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [143360 2014-09-04] (Microsoft Corporation) [File not signed]
R3 LVBulk; C:\Windows\System32\DRIVERS\LVBulk.sys [10254 2002-06-10] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVVI500A; C:\Windows\System32\DRIVERS\lvvi500a.sys [188592 2002-06-10] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-11] (Malwarebytes)
R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115200 2014-12-18] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [107008 2015-01-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [217088 2015-06-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [81408 2015-06-27] (Microsoft Corporation) [File not signed]
S3 sonydcam; C:\Windows\System32\DRIVERS\sonydcam.sys [26624 2008-01-20] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [24064 2013-06-15] (Microsoft Corporation) [File not signed]
R3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73344 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2011-05-05] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [197632 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2011-05-05] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 00:26 - 2016-11-18 00:27 - 00023263 _____ C:\Users\James\Downloads\FRST.txt
2016-11-18 00:25 - 2016-11-18 00:26 - 00000000 ____D C:\FRST
2016-11-18 00:25 - 2016-11-18 00:25 - 01761280 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2016-11-12 02:57 - 2016-11-12 02:57 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-11-12 02:57 - 2016-11-12 02:57 - 00000858 _____ C:\Users\Public\Desktop\Avast SafeZone 1 Browser.lnk
2016-11-12 02:57 - 2016-11-12 02:57 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00001791 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00000000 ____D C:\Users\James\AppData\Roaming\AVAST Software
2016-11-12 02:55 - 2016-11-12 02:57 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-12 02:55 - 2016-11-12 02:56 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-11-12 02:55 - 2016-11-12 02:55 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-11-12 02:54 - 2016-11-12 02:54 - 06334848 _____ (AVAST Software) C:\Users\James\Downloads\avast_free_antivirus_setup_online.exe
2016-11-12 01:35 - 2016-11-17 06:37 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2016-11-12 01:31 - 2016-11-12 01:35 - 00008978 _____ C:\Users\James\Desktop\New Text Document (3).txt
2016-11-12 01:25 - 2016-11-12 01:25 - 00006844 _____ C:\Users\James\Desktop\rk_D6EF.tmp
2016-11-12 01:07 - 2016-11-12 01:07 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (2).exe
2016-11-12 01:06 - 2016-11-12 01:06 - 00000000 ____D C:\Users\James\AppData\Local\Avira
2016-11-12 00:17 - 2016-11-12 00:17 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-12 00:16 - 2016-11-12 01:35 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (1).exe
2016-11-12 00:16 - 2016-11-12 00:16 - 00000802 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-12 00:15 - 2016-11-12 00:15 - 00003826 _____ C:\Users\James\Desktop\FSS.txt
2016-11-12 00:15 - 2016-11-12 00:15 - 00003823 _____ C:\Users\James\Downloads\FSS.txt
2016-11-12 00:14 - 2016-11-12 00:14 - 00899584 _____ (Farbar) C:\Users\James\Downloads\FSS.exe
2016-11-12 00:14 - 2016-11-12 00:14 - 00001176 _____ C:\Users\James\Desktop\checkup.txt
2016-11-12 00:10 - 2016-11-12 00:10 - 00852798 _____ C:\Users\James\Downloads\SecurityCheck.exe
2016-11-12 00:08 - 2016-11-12 00:08 - 00092218 _____ C:\Users\James\Documents\cc_20161112_000819.reg
2016-11-11 23:39 - 2016-11-12 00:39 - 01368548 _____ C:\Windows\system32\winapp2_disk.csv
2016-11-11 23:28 - 2016-11-12 01:38 - 00000000 ____D C:\Program Files\Avira
2016-11-11 23:28 - 2016-11-12 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-11 23:28 - 2016-11-12 01:10 - 00000000 ____D C:\ProgramData\Avira
2016-11-11 23:28 - 2016-11-11 23:28 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\James\Downloads\avira_en_fass0_58269a4206a60__ws.exe
2016-11-11 23:26 - 2016-11-11 23:26 - 08141704 _____ C:\Users\James\Downloads\bitdefender_online.exe
2016-11-11 23:26 - 2016-11-11 23:26 - 00012730 _____ C:\ProgramData\1478924804.bdinstall.bin
2016-11-11 23:26 - 2016-11-11 23:26 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-11-11 23:19 - 2016-11-11 23:19 - 00000000 ____D C:\Users\James\Downloads\SafeZone Installer
2016-11-11 17:47 - 2016-11-11 17:47 - 00030071 _____ C:\Users\James\Desktop\MTB.txt
2016-11-11 17:44 - 2016-11-11 19:43 - 00000576 _____ C:\Users\James\Desktop\Malware Log.txt
2016-11-11 16:36 - 2016-11-11 16:36 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-11 16:35 - 2016-11-11 16:35 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-11 16:32 - 2016-11-11 16:32 - 00020880 _____ C:\Users\James\Desktop\AdwCleaner[C0].txt
2016-11-11 06:24 - 2016-11-11 06:24 - 00007771 _____ C:\Users\James\Desktop\JRT.txt
2016-11-11 06:06 - 2016-11-11 06:06 - 00892416 _____ (Farbar) C:\Users\James\Desktop\MiniToolBox.exe
2016-11-11 06:05 - 2016-11-11 06:06 - 22851472 _____ (Malwarebytes ) C:\Users\James\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-11-11 06:05 - 2016-11-11 06:05 - 01631928 _____ (Malwarebytes) C:\Users\James\Desktop\JRT.exe
2016-11-11 06:03 - 2016-11-11 06:03 - 03910208 _____ C:\Users\James\Desktop\AdwCleaner.exe
2016-10-22 22:39 - 2016-10-22 22:39 - 03003904 _____ (Microsoft Corporation) C:\Users\James\Downloads\ipadians.exe
2016-10-22 22:19 - 2016-10-22 22:19 - 00172316 ____H C:\Windows\system32\mlfcache.dat
2016-10-22 11:51 - 2016-10-22 11:51 - 00000000 ____D C:\Users\James\Downloads\CBTL_TwitterImageDownloader_Installer
2016-10-21 17:45 - 2016-10-22 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 00:24 - 2015-05-29 23:31 - 00000000 ____D C:\Users\James\AppData\Local\Battle.net
2016-11-17 23:39 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-17 23:39 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-17 17:40 - 2016-06-10 23:09 - 00000000 ____D C:\Program Files\World of Warcraft
2016-11-15 06:11 - 2012-07-13 21:23 - 00103424 _____ C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-14 18:07 - 2009-10-31 11:10 - 00000000 ____D C:\Pathfinder
2016-11-13 17:53 - 2016-10-09 23:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-12 09:26 - 2016-05-30 19:08 - 00000000 ____D C:\Program Files\Battle.net
2016-11-12 02:54 - 2012-11-21 23:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-12 01:44 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-12 01:44 - 2006-11-02 05:33 - 00830432 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-12 01:39 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-12 01:39 - 2006-11-02 07:47 - 00377176 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-12 01:36 - 2006-11-02 08:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-12 01:10 - 2015-01-25 13:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-12 01:03 - 2012-06-25 14:41 - 00102848 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-11-11 23:12 - 2016-10-12 15:33 - 00000000 ____D C:\Program Files\DriverPack Notifier
2016-11-11 06:53 - 2013-09-29 13:13 - 00000000 ____D C:\AdwCleaner
2016-11-11 06:45 - 2016-01-24 08:29 - 00000000 ____D C:\Program Files\Yahoo!
2016-11-11 06:43 - 2013-02-05 18:59 - 00000000 ____D C:\Users\James\AppData\Roaming\Common
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\AI_RecycleBin
2016-11-10 22:37 - 2016-10-09 12:01 - 00000000 _____ C:\Windows\system32\last.dump
2016-11-10 22:32 - 2014-05-11 19:32 - 00000000 ____D C:\Users\James\AppData\Local\Deployment
2016-11-10 16:49 - 2012-06-25 20:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-29 09:54 - 2016-05-10 22:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-22 22:44 - 2006-11-02 05:23 - 00450220 ____R C:\Windows\system32\Drivers\etc\hosts.20161110-230643.backup
2016-10-22 15:16 - 2016-08-14 00:35 - 00000413 _____ C:\Users\James\Desktop\New Text Document (2).txt

==================== Files in the root of some directories =======

2014-04-21 10:51 - 2014-05-09 01:12 - 0003748 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2012-07-03 10:23 - 2015-02-13 16:47 - 0000000 _____ () C:\Users\James\AppData\Roaming\bitlord_log.txt
2013-05-12 13:29 - 2013-05-12 13:29 - 0000035 _____ () C:\Users\James\AppData\Roaming\SetValue.bat
2012-06-25 15:23 - 2016-10-15 01:30 - 0001356 _____ () C:\Users\James\AppData\Local\d3d9caps.dat
2012-07-13 21:23 - 2016-11-15 06:11 - 0103424 _____ () C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 16:48 - 2015-02-13 16:48 - 0000218 _____ () C:\Users\James\AppData\Local\recently-used.xbel
2016-11-11 23:26 - 2016-11-11 23:26 - 0012730 _____ () C:\ProgramData\1478924804.bdinstall.bin
2013-02-05 18:59 - 2013-02-05 18:59 - 0004995 _____ () C:\ProgramData\iqrjmdeq.fak
2016-10-13 17:44 - 2016-10-13 17:44 - 0004145 _____ () C:\ProgramData\mudtcpaz.vzs

Some files in TEMP:
====================
C:\Users\James\AppData\Local\temp\avgnt.exe
C:\Users\James\AppData\Local\temp\dllnt_dump.dll
C:\Users\James\AppData\Local\temp\libeay32.dll
C:\Users\James\AppData\Local\temp\msvcr120.dll
C:\Users\James\AppData\Local\temp\sqlite3.dll
C:\Users\James\AppData\Local\temp\whdiyarv.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe
[2016-01-24 08:57] - [2015-04-10 18:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5

C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-17 14:26

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2016
Ran by James (18-11-2016 00:28:19)
Running from C:\Users\James\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2012-06-25 19:34:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

4FEGM2WER0 (S-1-5-21-2412800826-1674594253-1344594430-1040 - Limited - Enabled) => C:\Users\4FEGM2WER0
Administrator (S-1-5-21-2412800826-1674594253-1344594430-500 - Administrator - Disabled)
Guest (S-1-5-21-2412800826-1674594253-1344594430-501 - Limited - Disabled)
James (S-1-5-21-2412800826-1674594253-1344594430-1000 - Administrator - Enabled) => C:\Users\James
XSIOAHQLD9 (S-1-5-21-2412800826-1674594253-1344594430-1039 - Limited - Enabled) => C:\Users\XSIOAHQLD9

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BitLord 2.4 (HKLM\...\BitLord) (Version: 2.4.3-305 - House of Life)
BitTorrent Sync (HKLM\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Curse Client (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version: 2.16 - NCH Software)
DownloadX ActiveX Download Control 1.6.5 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version: - DownloadXCtrl.com)
Free Mouse Auto Clicker 3.0 (HKLM\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version: - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
liteCam HD (HKLM\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.05.0000 - RSUPPORT)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Driver (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Path of Exile (Version: 2.3.0.57896 - Grinding Gear Games) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version: - www.PerfectUninstaller.com)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RMP4 (HKLM\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RogueKiller version 12.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.0.0 - Adlice Software)
RSCC (HKLM\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
XSplit (HKLM\...\{24570B2F-3937-47F0-A16A-E82B480A7699}) (Version: 1.1.1210.3101 - SplitMediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{8e87cee7-6147-40c5-ac62-2f2947f4b6b4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000D223F-8B3E-4E51-BDA1-E46C831F4A70} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: {05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D} - System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {224AA28D-CD01-4493-883A-15ADF4ED8B19} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd6193ecb510b4 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {22A5C59B-843D-4A98-94D4-20605A23DF59} - System32\Tasks\GoogleUpdateTaskMachineCore1cef1ac54fd9c00 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {27482DA8-2F2E-4F73-A9FF-7B97E9080BB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
Task: {275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} - \GreatArcadeHits -> No File <==== ATTENTION
Task: {2804C193-5E5D-44E8-8FDB-0EDC8E475313} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd8b316e621b10 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {28D7953B-B1CB-498E-814A-92C5A3B10CA4} - System32\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2B611B01-D0E7-486C-B9F2-CABB50C9E0C8} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2CB3EC9D-D46B-4AB8-BF3E-8B8E691866A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33898899-5843-4CA1-B5E8-0DC87DDA3F74} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E6C22BD-03EB-4817-AA2B-FE0D434F5E9E} - System32\Tasks\SafeZone scheduled Autoupdate 1478937465 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {429EC9BE-F084-47BF-9B10-06F88A8F27C6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7a1741a601b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {433A3FE1-F0EB-475B-8BF7-469039216C9B} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: {4393A021-1A5A-4BBD-B220-80C681A811CB} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4C9BA408-FF1A-4B60-B530-38C502B81659} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {4E544DBD-87F6-4064-8F93-C1956E5D2632} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4ec3c0dddc0d => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {52883949-08D4-4EEE-8529-86CE4D03DA37} - System32\Tasks\GoogleUpdateTaskMachineCore1ceec18eab46854 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {591EABDF-78C4-4B74-B5A3-B6701888324D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6955869319d4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5D616C00-2219-4FAC-A59F-33CB11CF260E} - System32\Tasks\GoogleUpdateTaskMachineCore1cffee347552760 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {671178F8-E323-426A-B0EE-8C26A700547B} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {748E98D4-313D-4B6D-ABB8-A67BA9D32D06} - System32\Tasks\ReclaimerResumeInstall_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: {7C2167AA-C981-4FA4-B8AF-450436EC5925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7C21E93A-52C3-488D-8DDF-15118ACAE79D} - System32\Tasks\AVG_REG_1113a => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {8B83E8A2-C632-46D1-9230-DB8FF13AC128} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: {8C2940C3-0BFB-4795-9EEE-4592950CE71A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8D9BF34D-6FA5-4E0C-9C94-1CD5E4487528} - System32\Tasks\SafeZone scheduled Autoupdate 1467973950
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
Task: {A2CB06B7-3412-4408-8AB2-238408274600} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A3EF12D1-49AF-490D-B917-A260B555C0E3} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: {A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854} - System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => pcalua.exe -a C:\Windows\system32\nvuninst.exe -c UninstallGUI
Task: {A61225C3-0ECD-4749-BDBA-1F8D762B5C55} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {A8AAFE8A-348A-4A0D-B3D9-DA8441751911} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AAE64384-D695-464E-9802-3274978DD8FD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AEC8FC4D-6B43-4986-9FFA-06F6D1883CFE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {AF19CA05-E2EA-4EE4-87B6-8648419D3A79} - System32\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B3F083BC-DD28-4DAA-81B4-8323B986059C} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: {B49EF589-3BB7-4030-B7B2-9481978DF68B} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: {B8400AC9-8409-45B3-BF34-513C200C7594} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {B9BC5A14-C9A7-45DF-8DDC-479E1251C229} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7f3155127890 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CA96D160-A103-47AF-A530-782E917836F2} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D0E6C65E-F231-4198-8837-EC2283477433} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D37CC357-FAA3-4101-8354-3254ED26079B} - System32\Tasks\ReclaimerUpdateXML_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: {D5A08672-2479-4AF1-992C-8EC00CEC1138} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D7ABE036-F7F3-4167-B983-F60E7185E67B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf3ef271627f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DB0609DB-0592-47F9-8197-9D3185B4A10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E38053AB-0866-417C-B29C-7FB409A55625} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a6ab2c7efb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E5E7AFD7-B7AE-4F87-B656-627EB7D112BD} - System32\Tasks\avast! Emergency Update
Task: {EB9F9855-7F0B-46BD-9F87-EA5C0C715C60} - System32\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {ED3CDED7-44B3-4097-8166-F6251ADF1C99} - System32\Tasks\GoogleUpdateTaskMachineCore1cdc8674e658900 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F158405F-059B-470A-9555-5CA14FE99440} - System32\Tasks\GoogleUpdateTaskMachineCore1ce0c6c119e025 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F36FEE2A-86F4-495D-8B05-DA1C0CB3E672} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F8FF98A2-78D2-4305-8488-44237872FDA9} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cffee347552760.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\James\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html

==================== Loaded Modules (Whitelisted) ==============

2012-07-03 17:45 - 2006-10-26 18:56 - 00033104 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 23:39 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-02-06 23:39 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-07-27 03:03 - 2010-07-27 03:03 - 00181592 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 08358400 _____ () C:\Program Files\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00151040 _____ () C:\Program Files\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 01152512 _____ () C:\Program Files\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00333824 _____ () C:\Program Files\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00026112 _____ () C:\Program Files\SplitMediaLabs\XSplit\swresample-0.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-12 02:55 - 2016-11-12 02:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-16 15:10 - 2016-11-16 15:10 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111601\algo.dll
2016-11-17 07:11 - 2016-11-17 07:11 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111700\algo.dll
2016-11-12 02:55 - 2016-11-12 02:55 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 00540336 _____ () C:\Program Files\Battle.net\Battle.net.8142\ortp.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 37247976 _____ () C:\Program Files\Battle.net\Battle.net.8142\libcef.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 06402560 _____ () C:\Program Files\Battle.net\Battle.net.8142\battle.net.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 00133632 _____ () C:\Program Files\Battle.net\Battle.net.8142\libEGL.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 03384832 _____ () C:\Program Files\Battle.net\Battle.net.8142\libGLESv2.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00028672 _____ () C:\Program Files\SplitMediaLabs\XSplit\AxShockwaveFlashObjects.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00073216 _____ () C:\Program Files\SplitMediaLabs\XSplit\Addins\Facebook.Winforms.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00545792 _____ () C:\Program Files\SplitMediaLabs\XSplit\Addins\Facebook.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00024576 _____ () C:\Program Files\SplitMediaLabs\XSplit\ExternalInterfaceProxy.dll
2012-10-30 12:31 - 2012-10-30 12:31 - 00179712 _____ () C:\Program Files\SplitMediaLabs\XSplit\vtRCM.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00886272 _____ () C:\Program Files\SplitMediaLabs\XSplit\System.Data.SQLite.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 01484776 _____ () C:\Program Files\Battle.net\Battle.net.8142\Battle.net Helper.exe
2016-11-09 00:05 - 2016-11-09 00:05 - 00990696 _____ () C:\Program Files\Battle.net\Battle.net.8142\ffmpegsumo.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7917 more sites.

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123simsen.com -> www.123simsen.com

There are 7917 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2016-11-10 23:06 - 00452630 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15559 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AD5CFB18-5D42-4032-ADB9-EDF4969E3EA7}] => (Allow) LPort=80
FirewallRules: [{8FC3E496-32D4-4404-9A9E-66167CDA935C}] => (Allow) LPort=80
FirewallRules: [{E974353A-C32F-4379-9E0B-168CDDFB689D}] => (Allow) LPort=80
FirewallRules: [{4AAF4F84-619E-4CEC-97F5-D4A36E9B574D}] => (Allow) C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{43865D8A-9487-49B6-8BB2-533048A5B499}] => (Allow) C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{C3546DDD-A5C7-4710-AF5B-590FE16985BD}] => (Allow) LPort=50000
FirewallRules: [{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6926BA80-A964-41DF-A0B7-CD30C38E6CDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{06669F6E-EBEE-4EBE-A9A9-EBFE45867606}] => (Allow) LPort=41780
FirewallRules: [{ED7AF588-65A5-42E1-A897-417CD26FF781}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1EFEE741-B554-4195-B0F6-F24C34AC05C9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{03A9E871-C65D-494B-8291-DDB2E265437F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{B83B6DE1-22E9-4ED7-BBC8-5EBC4226F8D2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3D2CC0AE-F4BA-4B4C-9E1E-1AAD601949DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FECD84B-323E-4DFD-A705-F3AF19EA9C22}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{AC5B262E-D7C5-431F-9B90-D8CE1DDAD9DB}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{1BC7AEC6-85BF-4A89-A5B3-3E1232DDA895}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FE3CF677-636A-43F7-839E-45515AC62774}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [TCP Query User{44E2A2FA-0F12-4F89-BADC-938F2BD56424}C:\program files\bitlord\bitlord.exe] => (Allow) C:\program files\bitlord\bitlord.exe
FirewallRules: [UDP Query User{FC46AEBA-05C8-4EC2-B2CD-691088E5C668}C:\program files\bitlord\bitlord.exe] => (Allow) C:\program files\bitlord\bitlord.exe
FirewallRules: [{1A402A0E-143D-4663-BA98-27B929D7DFF5}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{5EF95858-98F6-4A53-B9BE-1DB4727E3626}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{952769C5-5C9E-4297-8174-AE8238E751C9}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AAA473B7-AAF4-470B-B263-27284CEA769C}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AF1372E4-EAA5-4AB2-A881-F5E5707C181B}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{29794F81-1B4D-4241-BC71-9D898E28A211}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe

==================== Restore Points =========================

29-10-2016 10:42:13 Scheduled Checkpoint
30-10-2016 02:01:21 Scheduled Checkpoint
11-11-2016 06:18:14 JRT Pre-Junkware Removal
11-11-2016 23:38:45 Avira System Speedup 2.7.0

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2016 06:41:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1520
Start Time: 01d240c713bf4b30
Termination Time: 13

Error: (11/17/2016 06:38:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1ca8
Start Time: 01d240c714805140
Termination Time: 12

Error: (11/17/2016 06:37:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, time stamp 0x5807c043, faulting module mozglue.dll, version 49.0.2.6136, time stamp 0x5807b9a7, exception code 0x80000003, fault offset 0x0000e83e,
process id 0x15bc, application start time 0x01d240c6dda33660.

Error: (11/17/2016 06:37:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, time stamp 0x5807c043, faulting module mozglue.dll, version 49.0.2.6136, time stamp 0x5807b9a7, exception code 0x80000003, fault offset 0x0000e83e,
process id 0x1518, application start time 0x01d240c6f4862130.

Error: (11/14/2016 04:40:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\James\Downloads\ipadians.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 02:49:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\James\Downloads\ipadians.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/12/2016 01:39:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/12/2016 01:35:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.1.3.6, time stamp 0x55f3f4a9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x3f700f80,
process id 0x1470, application start time 0x01d23caa66119b10.

Error: (11/12/2016 01:09:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 456: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (11/12/2016 01:09:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10093


System errors:
=============
Error: (11/12/2016 01:39:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (11/11/2016 11:24:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (11/11/2016 11:24:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ManyCam Service service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/11/2016 04:32:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (11/11/2016 04:32:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ManyCam Service service failed to start due to the following error:
The system cannot find the path specified.

Error: (11/11/2016 06:28:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-11-18 00:28:09.480
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:28:09.145
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:28:08.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:28:08.718
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:28:08.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:28:07.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:28:07.567
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:28:07.242
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:06:30.555
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SplitMediaLabs\XSplit\XSplitGameSource32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-18 00:06:30.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SplitMediaLabs\XSplit\XSplitGameSource32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3324.57 MB
Available physical RAM: 1484.07 MB
Total Virtual: 9389.46 MB
Available Virtual: 5837.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.69 GB) (Free:92.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 November 2016 - 09:16 PM.


BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 18 November 2016 - 01:23 AM

Hi FlimFlam69,

 

My name is TsVk!, but you can call me John. I'll be helping you with your issue. :)

 

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please backup all essential data now. We are are removing software designed to damage/compromise your system, it's inherently risky business.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

 

I've looked at your post and will respond as soon as possible with instructions.

 

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

John



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 21 November 2016 - 10:41 PM

Hi FlimFlam69,
 
Thanks for your patience with my response.
 
Let's clean up your machine. :)
 
---------------------
Torrent Warning!
 
Torrent software downloads often contains malware and other nasties. It's a really effective way of getting infected with malware. Right up the list there, next to deliberately infecting yourself.
 
It's up to you whether you want to run the risk by keeping this software on your machine, but I ask you not to run any torrent transfers until we are finished please.
----------------------
 
First, please uninstall this program. (how do I uninstall?)
  • Perfect Uninstaller
If you have any problems please let me know. Another free software that does does the same thing is Revo Uninstaller Free
 
I also recommend uninstalling
  • Avast SafeZone Stable
It is an offshoot of the Chrome software you already have installed and is unlikely to provide any tangible benefit imo. You may not have even realised this is installed on your machine as it commonly installs without consent.
 
If you want to remove this please follow these instructions.
 
 
Then...
 
i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.
CreateRestorePoint:
FF NewTab: Mozilla\Firefox\Profiles\7358c659.default -> about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =  
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Start Page =  
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =  
BHO: No Name -> {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} -> No File
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com/"
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
C:\Windows\System32\DRIVERS\mcvidrv.sys
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
2016-11-11 23:12 - 2016-10-12 15:33 - 00000000 ____D C:\Program Files\DriverPack Notifier
2014-04-21 10:51 - 2014-05-09 01:12 - 0003748 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
Task: {000D223F-8B3E-4E51-BDA1-E46C831F4A70} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
C:\ProgramData\Avg_Update_0215tb
Task: {05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
C:\ProgramData\AVG 1113a Campaign
Task: {0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D} - System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Real
Task: {433A3FE1-F0EB-475B-8BF7-469039216C9B} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: {671178F8-E323-426A-B0EE-8C26A700547B} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {748E98D4-313D-4B6D-ABB8-A67BA9D32D06} - System32\Tasks\ReclaimerResumeInstall_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
C:\Users\James\AppData\Roaming\Real
Task: {7C21E93A-52C3-488D-8DDF-15118ACAE79D} - System32\Tasks\AVG_REG_1113a => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {A3EF12D1-49AF-490D-B917-A260B555C0E3} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: {8B83E8A2-C632-46D1-9230-DB8FF13AC128} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
C:\ProgramData\Avg_Update_0615tb
Task: {F8FF98A2-78D2-4305-8488-44237872FDA9} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
C:\Program Files\Razer
Task: {8C2940C3-0BFB-4795-9EEE-4592950CE71A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854} - System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => pcalua.exe -a C:\Windows\system32\nvuninst.exe -c UninstallGUI
Task: {D5A08672-2479-4AF1-992C-8EC00CEC1138} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
C:\Program Files\AVG SafeGuard toolbar
Task: {B3F083BC-DD28-4DAA-81B4-8323B986059C} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: {B49EF589-3BB7-4030-B7B2-9481978DF68B} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: {CA96D160-A103-47AF-A530-782E917836F2} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D37CC357-FAA3-4101-8354-3254ED26079B} - System32\Tasks\ReclaimerUpdateXML_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
MSCONFIG\Services: SBSDWSCService => 2
FirewallRules: [{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6926BA80-A964-41DF-A0B7-CD30C38E6CDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Popcorn Time
EmptyTemp:
If you don't want Yahoo as your default search engine, nor the word "Yahoo" as your default search term please add these lines to the end of the file and save it again.
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your machine may reboot automatically to complete the processes.
  • Please note the removal log named fixlog.txt.
149nkg7.jpg Please download Farbar Service Scanner and run it
  • Please check all of the boxes then click Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log into your reply.
i5r8d1.jpg  Please run Farbar Recovery Scan Tool again.
  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply.
t7gadx.jpg If you want Windows to prompt you before installing software please enable UAC by following this guide. Set the protection level as pictured.
 
t7gadx.jpg Did you change your default command icon ?
 
Please include in your reply
  • copy and paste the FRST fixlog.txt (do not use spoilers!)
  • copy and paste the FSS.txt (do not use spoilers!)
  • copy and paste the new FRST scan (do not use spoilers!)
  • Did you change your default icon?
  • How did you go? How is your machine running now?
John

Edited by Chris Cosgrove, 25 November 2016 - 05:34 PM.


#4 FlimFlam69

FlimFlam69
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 22 November 2016 - 05:29 PM

Hope I got this all right...

 

FRST fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-11-2016 01
Ran by James (22-11-2016 16:57:38) Run:1
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James & XSIOAHQLD9 & 4FEGM2WER0)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
FF NewTab: Mozilla\Firefox\Profiles\7358c659.default -> about:newtab
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =  
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Start Page =  
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =  
BHO: No Name -> {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} -> No File
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com/"
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-10] (ManyCam LLC)
C:\Windows\System32\DRIVERS\mcvidrv.sys
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
2016-11-11 23:12 - 2016-10-12 15:33 - 00000000 ____D C:\Program Files\DriverPack Notifier
2014-04-21 10:51 - 2014-05-09 01:12 - 0003748 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
Task: {000D223F-8B3E-4E51-BDA1-E46C831F4A70} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
C:\ProgramData\Avg_Update_0215tb
Task: {05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
C:\ProgramData\AVG 1113a Campaign
Task: {0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D} - System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Real
Task: {433A3FE1-F0EB-475B-8BF7-469039216C9B} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: {671178F8-E323-426A-B0EE-8C26A700547B} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {748E98D4-313D-4B6D-ABB8-A67BA9D32D06} - System32\Tasks\ReclaimerResumeInstall_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
C:\Users\James\AppData\Roaming\Real
Task: {7C21E93A-52C3-488D-8DDF-15118ACAE79D} - System32\Tasks\AVG_REG_1113a => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {A3EF12D1-49AF-490D-B917-A260B555C0E3} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: {8B83E8A2-C632-46D1-9230-DB8FF13AC128} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
C:\ProgramData\Avg_Update_0615tb
Task: {F8FF98A2-78D2-4305-8488-44237872FDA9} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
C:\Program Files\Razer
Task: {8C2940C3-0BFB-4795-9EEE-4592950CE71A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854} - System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => pcalua.exe -a C:\Windows\system32\nvuninst.exe -c UninstallGUI
Task: {D5A08672-2479-4AF1-992C-8EC00CEC1138} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
C:\Program Files\AVG SafeGuard toolbar
Task: {B3F083BC-DD28-4DAA-81B4-8323B986059C} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: {B49EF589-3BB7-4030-B7B2-9481978DF68B} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: {CA96D160-A103-47AF-A530-782E917836F2} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D37CC357-FAA3-4101-8354-3254ED26079B} - System32\Tasks\ReclaimerUpdateXML_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
MSCONFIG\Services: SBSDWSCService => 2
FirewallRules: [{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6926BA80-A964-41DF-A0B7-CD30C38E6CDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
C:\Program Files\Popcorn Time
EmptyTemp:
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
*****************
 
Restore point was successfully created.
Firefox "newtab" removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}" => key removed successfully.
HKCR\CLSID\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully.
HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found. 
"HKLM\Software\MozillaPlugins\@nexon.net/NxGame" => key removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => key removed successfully.
Chrome StartupUrls => removed successfully.
ManyCam => service removed successfully.
C:\Windows\System32\DRIVERS\mcvidrv.sys => moved successfully
BTCFilterService => service removed successfully.
EagleXNt => service removed successfully.
IpInIp => service removed successfully.
motccgp => service removed successfully.
motccgpfl => service removed successfully.
motmodem => service removed successfully.
MotoSwitchService => service removed successfully.
Motousbnet => service removed successfully.
motusbdevice => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
usbbus => service removed successfully.
UsbDiag => service removed successfully.
USBModem => service removed successfully.
VBoxNetFlt => service removed successfully.
WinRing0_1_2_0 => service removed successfully.
C:\Program Files\DriverPack Notifier => moved successfully
C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{000D223F-8B3E-4E51-BDA1-E46C831F4A70}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000D223F-8B3E-4E51-BDA1-E46C831F4A70}" => key removed successfully.
C:\Windows\System32\Tasks\0215tbUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215tbUpdateInfo" => key removed successfully.
"C:\ProgramData\Avg_Update_0215tb" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637}" => key removed successfully.
C:\Windows\System32\Tasks\AVG_SYS_TASK => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK" => key removed successfully.
"C:\ProgramData\AVG 1113a Campaign" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D}" => key removed successfully.
C:\Windows\System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000" => key removed successfully.
C:\Program Files\Real => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{433A3FE1-F0EB-475B-8BF7-469039216C9B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{433A3FE1-F0EB-475B-8BF7-469039216C9B}" => key removed successfully.
C:\Windows\System32\Tasks\1214tbUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1214tbUpdateInfo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{671178F8-E323-426A-B0EE-8C26A700547B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{671178F8-E323-426A-B0EE-8C26A700547B}" => key removed successfully.
C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_DELETE" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{748E98D4-313D-4B6D-ABB8-A67BA9D32D06}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{748E98D4-313D-4B6D-ABB8-A67BA9D32D06}" => key removed successfully.
C:\Windows\System32\Tasks\ReclaimerResumeInstall_James => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReclaimerResumeInstall_James" => key removed successfully.
C:\Users\James\AppData\Roaming\Real => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C21E93A-52C3-488D-8DDF-15118ACAE79D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C21E93A-52C3-488D-8DDF-15118ACAE79D}" => key removed successfully.
C:\Windows\System32\Tasks\AVG_REG_1113a => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_REG_1113a" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3EF12D1-49AF-490D-B917-A260B555C0E3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3EF12D1-49AF-490D-B917-A260B555C0E3}" => key removed successfully.
C:\Windows\System32\Tasks\0615tbUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0615tbUpdateInfo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B83E8A2-C632-46D1-9230-DB8FF13AC128}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B83E8A2-C632-46D1-9230-DB8FF13AC128}" => key removed successfully.
C:\Windows\System32\Tasks\0415tbUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0415tbUpdateInfo" => key removed successfully.
"C:\ProgramData\Avg_Update_0615tb" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8FF98A2-78D2-4305-8488-44237872FDA9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8FF98A2-78D2-4305-8488-44237872FDA9}" => key removed successfully.
C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Razer_Game_Booster_AutoUpdate" => key removed successfully.
C:\Program Files\Razer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C2940C3-0BFB-4795-9EEE-4592950CE71A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C2940C3-0BFB-4795-9EEE-4592950CE71A}" => key removed successfully.
C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854}" => key removed successfully.
C:\Windows\System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81A49A90-AC2F-4AA8-9763-EE66F562A183}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5A08672-2479-4AF1-992C-8EC00CEC1138}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5A08672-2479-4AF1-992C-8EC00CEC1138}" => key removed successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rmv" => key removed successfully.
"C:\Program Files\AVG SafeGuard toolbar" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3F083BC-DD28-4DAA-81B4-8323B986059C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F083BC-DD28-4DAA-81B4-8323B986059C}" => key removed successfully.
C:\Windows\System32\Tasks\1114tbUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1114tbUpdateInfo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B49EF589-3BB7-4030-B7B2-9481978DF68B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B49EF589-3BB7-4030-B7B2-9481978DF68B}" => key removed successfully.
C:\Windows\System32\Tasks\0814tbUpdateInfo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0814tbUpdateInfo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA96D160-A103-47AF-A530-782E917836F2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA96D160-A103-47AF-A530-782E917836F2}" => key removed successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rel" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D37CC357-FAA3-4101-8354-3254ED26079B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D37CC357-FAA3-4101-8354-3254ED26079B}" => key removed successfully.
C:\Windows\System32\Tasks\ReclaimerUpdateXML_James => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReclaimerUpdateXML_James" => key removed successfully.
C:\Windows\Tasks\0215tbUpdateInfo.job => moved successfully
C:\Windows\Tasks\0415tbUpdateInfo.job => moved successfully
C:\Windows\Tasks\0615tbUpdateInfo.job => moved successfully
C:\Windows\Tasks\0814tbUpdateInfo.job => moved successfully
C:\Windows\Tasks\1114tbUpdateInfo.job => moved successfully
C:\Windows\Tasks\1214tbUpdateInfo.job => moved successfully
"C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe" => not found.
"C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe" => not found.
"C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe" => not found.
"C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe" => not found.
"C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe" => not found.
"C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SBSDWSCService" => key removed successfully.
HKLM\System\CurrentControlSet\Services\SBSDWSCService => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6926BA80-A964-41DF-A0B7-CD30C38E6CDC} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4} => value removed successfully.
C:\Program Files\Popcorn Time => moved successfully
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5753654 B
Java, Flash, Steam htmlcache => 6020 B
Windows/system/drivers => 2997919 B
Edge => 0 B
Chrome => 700264247 B
Firefox => 376910279 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35613 B
LocalService => 0 B
NetworkService => 0 B
James => 36712069 B
XSIOAHQLD9 => 66228 B
4FEGM2WER0 => 66228 B
 
RecycleBin => 3353660779 B
EmptyTemp: => 4.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:06:04 ====
 
FSS.txt
 
Farbar Service Scanner Version: 27-01-2016
Ran by James (administrator) on 22-11-2016 at 17:14:59
Running from "C:\Users\James\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
 
Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
 
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys
[2014-08-23 06:47] - [2014-05-30 01:53] - 0273408 ____A (Microsoft Corporation) F5272A105F59A7B3B345D9D6D87DA7AD
 
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
FRST Scan
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2016 01
Ran by James (administrator) on FLIMFLAM69 (22-11-2016 17:16:15)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James & XSIOAHQLD9 & 4FEGM2WER0)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [LVCOMS] => C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [127022 2002-12-10] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-19] (AVAST Software)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-11-12] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AA8CE6D-AD17-4679-A08F-74DD40C9D2FD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> DefaultScope {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} 
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7358c659.default
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default [2016-11-22]
FF Keyword.URL: Mozilla\Firefox\Profiles\7358c659.default -> user_pref("keyword.URL", true);
FF Extension: (No Name) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\Extensions\abs@avira.com [2016-11-11]
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\searchplugins\google-lavasoft.xml [2016-10-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2412800826-1674594253-1344594430-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2016-11-22]
CHR Extension: (Avira Browser Safety) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-22]
CHR Extension: (Yahoo Partner) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-11-22]
CHR HKLM\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2014-06-02] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-12] (AVAST Software)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [133120 2013-07-07] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [802304 2015-07-31] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [444928 2013-10-10] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [174080 2014-12-05] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [153600 2014-12-05] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [602112 2015-08-05] (Microsoft Corporation) [File not signed]
R2 TermService; C:\Windows\System32\termsrv.dll [449536 2014-10-09] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\Windows\System32\webclnt.dll [199680 2015-07-01] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2014-05-30] (Microsoft Corporation) [File not signed]
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-11-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-11-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-11-12] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-11-12] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-11-12] (AVAST Software)
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [143360 2014-09-04] (Microsoft Corporation) [File not signed]
R3 LVBulk; C:\Windows\System32\DRIVERS\LVBulk.sys [10254 2002-06-10] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVVI500A; C:\Windows\System32\DRIVERS\lvvi500a.sys [188592 2002-06-10] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-11] (Malwarebytes)
R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115200 2014-12-18] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [107008 2015-01-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [217088 2015-06-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [81408 2015-06-27] (Microsoft Corporation) [File not signed]
S3 sonydcam; C:\Windows\System32\DRIVERS\sonydcam.sys [26624 2008-01-20] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [24064 2013-06-15] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73344 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2011-05-05] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [197632 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2011-05-05] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-22 16:57 - 2016-11-22 17:06 - 00022805 _____ C:\Users\James\Downloads\Fixlog.txt
2016-11-22 16:57 - 2016-11-22 16:57 - 00000000 ____D C:\Users\James\Downloads\FRST-OlderVersion
2016-11-21 06:02 - 2016-11-21 06:02 - 00008885 _____ C:\Users\James\Downloads\1156_CustomerConcernsReport (5).pdf
2016-11-18 00:34 - 2016-11-18 00:34 - 00053165 _____ C:\Users\James\Desktop\Addition.txt
2016-11-18 00:34 - 2016-11-18 00:34 - 00035334 _____ C:\Users\James\Desktop\FRST.txt
2016-11-18 00:28 - 2016-11-18 00:31 - 00053162 _____ C:\Users\James\Downloads\Addition.txt
2016-11-18 00:26 - 2016-11-22 17:17 - 00018476 _____ C:\Users\James\Downloads\FRST.txt
2016-11-18 00:25 - 2016-11-22 17:16 - 00000000 ____D C:\FRST
2016-11-18 00:25 - 2016-11-22 16:57 - 01762304 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2016-11-12 02:57 - 2016-11-12 02:57 - 00000858 _____ C:\Users\Public\Desktop\Avast SafeZone 1 Browser.lnk
2016-11-12 02:57 - 2016-11-12 02:57 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00001791 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00000000 ____D C:\Users\James\AppData\Roaming\AVAST Software
2016-11-12 02:55 - 2016-11-22 16:48 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-12 02:55 - 2016-11-12 02:56 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-11-12 02:55 - 2016-11-12 02:55 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-11-12 02:54 - 2016-11-12 02:54 - 06334848 _____ (AVAST Software) C:\Users\James\Downloads\avast_free_antivirus_setup_online.exe
2016-11-12 01:35 - 2016-11-17 06:37 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2016-11-12 01:31 - 2016-11-12 01:35 - 00008978 _____ C:\Users\James\Desktop\New Text Document (3).txt
2016-11-12 01:25 - 2016-11-12 01:25 - 00006844 _____ C:\Users\James\Desktop\rk_D6EF.tmp
2016-11-12 01:07 - 2016-11-12 01:07 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (2).exe
2016-11-12 01:06 - 2016-11-12 01:06 - 00000000 ____D C:\Users\James\AppData\Local\Avira
2016-11-12 00:17 - 2016-11-12 00:17 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-12 00:16 - 2016-11-12 01:35 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (1).exe
2016-11-12 00:16 - 2016-11-12 00:16 - 00000802 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-12 00:15 - 2016-11-22 17:15 - 00003835 _____ C:\Users\James\Desktop\FSS.txt
2016-11-12 00:15 - 2016-11-22 17:15 - 00003832 _____ C:\Users\James\Downloads\FSS.txt
2016-11-12 00:14 - 2016-11-12 00:14 - 00899584 _____ (Farbar) C:\Users\James\Downloads\FSS.exe
2016-11-12 00:14 - 2016-11-12 00:14 - 00001176 _____ C:\Users\James\Desktop\checkup.txt
2016-11-12 00:10 - 2016-11-12 00:10 - 00852798 _____ C:\Users\James\Downloads\SecurityCheck.exe
2016-11-12 00:08 - 2016-11-12 00:08 - 00092218 _____ C:\Users\James\Documents\cc_20161112_000819.reg
2016-11-11 23:39 - 2016-11-12 00:39 - 01368548 _____ C:\Windows\system32\winapp2_disk.csv
2016-11-11 23:28 - 2016-11-12 01:38 - 00000000 ____D C:\Program Files\Avira
2016-11-11 23:28 - 2016-11-12 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-11 23:28 - 2016-11-12 01:10 - 00000000 ____D C:\ProgramData\Avira
2016-11-11 23:28 - 2016-11-11 23:28 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\James\Downloads\avira_en_fass0_58269a4206a60__ws.exe
2016-11-11 23:26 - 2016-11-11 23:26 - 08141704 _____ C:\Users\James\Downloads\bitdefender_online.exe
2016-11-11 23:26 - 2016-11-11 23:26 - 00012730 _____ C:\ProgramData\1478924804.bdinstall.bin
2016-11-11 23:26 - 2016-11-11 23:26 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-11-11 23:19 - 2016-11-11 23:19 - 00000000 ____D C:\Users\James\Downloads\SafeZone Installer
2016-11-11 17:47 - 2016-11-11 17:47 - 00030071 _____ C:\Users\James\Desktop\MTB.txt
2016-11-11 17:44 - 2016-11-11 19:43 - 00000576 _____ C:\Users\James\Desktop\Malware Log.txt
2016-11-11 16:36 - 2016-11-11 16:36 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-11 16:35 - 2016-11-11 16:35 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-11 16:32 - 2016-11-11 16:32 - 00020880 _____ C:\Users\James\Desktop\AdwCleaner[C0].txt
2016-11-11 06:24 - 2016-11-11 06:24 - 00007771 _____ C:\Users\James\Desktop\JRT.txt
2016-11-11 06:06 - 2016-11-11 06:06 - 00892416 _____ (Farbar) C:\Users\James\Desktop\MiniToolBox.exe
2016-11-11 06:05 - 2016-11-11 06:06 - 22851472 _____ (Malwarebytes ) C:\Users\James\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-11-11 06:05 - 2016-11-11 06:05 - 01631928 _____ (Malwarebytes) C:\Users\James\Desktop\JRT.exe
2016-11-11 06:03 - 2016-11-11 06:03 - 03910208 _____ C:\Users\James\Desktop\AdwCleaner.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-22 17:08 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-22 17:08 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-22 17:08 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-22 17:06 - 2006-11-02 08:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-22 17:05 - 2012-11-14 21:53 - 00000000 ____D C:\Users\James\AppData\LocalLow\Temp
2016-11-22 16:55 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-22 16:55 - 2006-11-02 05:33 - 00830432 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-22 16:53 - 2016-10-09 23:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-22 16:49 - 2012-06-25 20:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-22 16:41 - 2012-06-29 21:48 - 00000000 ____D C:\Program Files\Perfect Uninstaller
2016-11-22 16:37 - 2015-05-29 23:31 - 00000000 ____D C:\Users\James\AppData\Local\Battle.net
2016-11-20 11:26 - 2016-06-10 23:09 - 00000000 ____D C:\Program Files\World of Warcraft
2016-11-15 06:11 - 2012-07-13 21:23 - 00103424 _____ C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-14 18:07 - 2009-10-31 11:10 - 00000000 ____D C:\Pathfinder
2016-11-12 09:26 - 2016-05-30 19:08 - 00000000 ____D C:\Program Files\Battle.net
2016-11-12 02:54 - 2012-11-21 23:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-12 01:39 - 2006-11-02 07:47 - 00377176 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-12 01:10 - 2015-01-25 13:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-12 01:03 - 2012-06-25 14:41 - 00102848 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-11-11 06:53 - 2013-09-29 13:13 - 00000000 ____D C:\AdwCleaner
2016-11-11 06:45 - 2016-01-24 08:29 - 00000000 ____D C:\Program Files\Yahoo!
2016-11-11 06:43 - 2013-02-05 18:59 - 00000000 ____D C:\Users\James\AppData\Roaming\Common
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\AI_RecycleBin
2016-11-10 22:37 - 2016-10-09 12:01 - 00000000 _____ C:\Windows\system32\last.dump
2016-11-10 22:32 - 2014-05-11 19:32 - 00000000 ____D C:\Users\James\AppData\Local\Deployment
2016-10-29 09:54 - 2016-05-10 22:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2012-07-03 10:23 - 2015-02-13 16:47 - 0000000 _____ () C:\Users\James\AppData\Roaming\bitlord_log.txt
2013-05-12 13:29 - 2013-05-12 13:29 - 0000035 _____ () C:\Users\James\AppData\Roaming\SetValue.bat
2012-06-25 15:23 - 2016-10-15 01:30 - 0001356 _____ () C:\Users\James\AppData\Local\d3d9caps.dat
2012-07-13 21:23 - 2016-11-15 06:11 - 0103424 _____ () C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 16:48 - 2015-02-13 16:48 - 0000218 _____ () C:\Users\James\AppData\Local\recently-used.xbel
2016-11-11 23:26 - 2016-11-11 23:26 - 0012730 _____ () C:\ProgramData\1478924804.bdinstall.bin
2013-02-05 18:59 - 2013-02-05 18:59 - 0004995 _____ () C:\ProgramData\iqrjmdeq.fak
2016-10-13 17:44 - 2016-10-13 17:44 - 0004145 _____ () C:\ProgramData\mudtcpaz.vzs
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe
[2016-01-24 08:57] - [2015-04-10 18:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5
 
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-22 17:15
 
==================== End of FRST.txt ============================
 
Addition.txt
(You didn't ask for this but thought I'd add it as it popped up)
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2016 01
Ran by James (22-11-2016 17:18:36)
Running from C:\Users\James\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2012-06-25 19:34:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
4FEGM2WER0 (S-1-5-21-2412800826-1674594253-1344594430-1040 - Limited - Enabled) => C:\Users\4FEGM2WER0
Administrator (S-1-5-21-2412800826-1674594253-1344594430-500 - Administrator - Disabled)
Guest (S-1-5-21-2412800826-1674594253-1344594430-501 - Limited - Disabled)
James (S-1-5-21-2412800826-1674594253-1344594430-1000 - Administrator - Enabled) => C:\Users\James
XSIOAHQLD9 (S-1-5-21-2412800826-1674594253-1344594430-1039 - Limited - Enabled) => C:\Users\XSIOAHQLD9
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BitLord 2.4 (HKLM\...\BitLord) (Version: 2.4.3-305 - House of Life)
BitTorrent Sync (HKLM\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse Client (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version: 2.16 - NCH Software)
DownloadX ActiveX Download Control 1.6.5 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - DownloadXCtrl.com)
Free Mouse Auto Clicker 3.0 (HKLM\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
liteCam HD (HKLM\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.05.0000 - RSUPPORT)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Driver (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Path of Exile (Version: 2.3.0.57896 - Grinding Gear Games) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RMP4 (HKLM\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RogueKiller version 12.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.0.0 - Adlice Software)
RSCC (HKLM\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit (HKLM\...\{24570B2F-3937-47F0-A16A-E82B480A7699}) (Version: 1.1.1210.3101 - SplitMediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{8e87cee7-6147-40c5-ac62-2f2947f4b6b4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {224AA28D-CD01-4493-883A-15ADF4ED8B19} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd6193ecb510b4 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {22A5C59B-843D-4A98-94D4-20605A23DF59} - System32\Tasks\GoogleUpdateTaskMachineCore1cef1ac54fd9c00 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {27482DA8-2F2E-4F73-A9FF-7B97E9080BB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
Task: {275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} - \GreatArcadeHits -> No File <==== ATTENTION
Task: {2804C193-5E5D-44E8-8FDB-0EDC8E475313} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd8b316e621b10 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {28D7953B-B1CB-498E-814A-92C5A3B10CA4} - System32\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2B611B01-D0E7-486C-B9F2-CABB50C9E0C8} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2CB3EC9D-D46B-4AB8-BF3E-8B8E691866A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33898899-5843-4CA1-B5E8-0DC87DDA3F74} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E6C22BD-03EB-4817-AA2B-FE0D434F5E9E} - System32\Tasks\SafeZone scheduled Autoupdate 1478937465 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {429EC9BE-F084-47BF-9B10-06F88A8F27C6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7a1741a601b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4393A021-1A5A-4BBD-B220-80C681A811CB} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4C9BA408-FF1A-4B60-B530-38C502B81659} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {4E544DBD-87F6-4064-8F93-C1956E5D2632} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4ec3c0dddc0d => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {52883949-08D4-4EEE-8529-86CE4D03DA37} - System32\Tasks\GoogleUpdateTaskMachineCore1ceec18eab46854 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {591EABDF-78C4-4B74-B5A3-B6701888324D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6955869319d4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5D616C00-2219-4FAC-A59F-33CB11CF260E} - System32\Tasks\GoogleUpdateTaskMachineCore1cffee347552760 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7C2167AA-C981-4FA4-B8AF-450436EC5925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8D9BF34D-6FA5-4E0C-9C94-1CD5E4487528} - System32\Tasks\SafeZone scheduled Autoupdate 1467973950
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
Task: {A2CB06B7-3412-4408-8AB2-238408274600} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A61225C3-0ECD-4749-BDBA-1F8D762B5C55} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {A8AAFE8A-348A-4A0D-B3D9-DA8441751911} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AAE64384-D695-464E-9802-3274978DD8FD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AEC8FC4D-6B43-4986-9FFA-06F6D1883CFE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {AF19CA05-E2EA-4EE4-87B6-8648419D3A79} - System32\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B8400AC9-8409-45B3-BF34-513C200C7594} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {B9BC5A14-C9A7-45DF-8DDC-479E1251C229} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7f3155127890 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D0E6C65E-F231-4198-8837-EC2283477433} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7ABE036-F7F3-4167-B983-F60E7185E67B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf3ef271627f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DB0609DB-0592-47F9-8197-9D3185B4A10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E38053AB-0866-417C-B29C-7FB409A55625} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a6ab2c7efb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E5E7AFD7-B7AE-4F87-B656-627EB7D112BD} - System32\Tasks\avast! Emergency Update
Task: {EB9F9855-7F0B-46BD-9F87-EA5C0C715C60} - System32\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {ED3CDED7-44B3-4097-8166-F6251ADF1C99} - System32\Tasks\GoogleUpdateTaskMachineCore1cdc8674e658900 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F158405F-059B-470A-9555-5CA14FE99440} - System32\Tasks\GoogleUpdateTaskMachineCore1ce0c6c119e025 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F36FEE2A-86F4-495D-8B05-DA1C0CB3E672} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cffee347552760.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\James\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-12 02:55 - 2016-11-12 02:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-22 16:51 - 2016-11-22 16:51 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16112201\algo.dll
2016-11-12 02:55 - 2016-11-12 02:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2012-07-03 17:45 - 2006-10-26 18:56 - 00033104 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 23:39 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-02-06 23:39 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-07-27 03:03 - 2010-07-27 03:03 - 00181592 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 08358400 _____ () C:\Program Files\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00151040 _____ () C:\Program Files\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 01152512 _____ () C:\Program Files\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00333824 _____ () C:\Program Files\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00026112 _____ () C:\Program Files\SplitMediaLabs\XSplit\swresample-0.dll
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-07-12 17:40 - 2016-07-06 17:01 - 17602240 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7917 more sites.
 
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123simsen.com -> www.123simsen.com
 
There are 7917 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2016-11-10 23:06 - 00452630 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15559 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AD5CFB18-5D42-4032-ADB9-EDF4969E3EA7}] => (Allow) LPort=80
FirewallRules: [{8FC3E496-32D4-4404-9A9E-66167CDA935C}] => (Allow) LPort=80
FirewallRules: [{E974353A-C32F-4379-9E0B-168CDDFB689D}] => (Allow) LPort=80
FirewallRules: [{4AAF4F84-619E-4CEC-97F5-D4A36E9B574D}] => (Allow) C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{43865D8A-9487-49B6-8BB2-533048A5B499}] => (Allow) C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{C3546DDD-A5C7-4710-AF5B-590FE16985BD}] => (Allow) LPort=50000
FirewallRules: [{06669F6E-EBEE-4EBE-A9A9-EBFE45867606}] => (Allow) LPort=41780
FirewallRules: [{ED7AF588-65A5-42E1-A897-417CD26FF781}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1EFEE741-B554-4195-B0F6-F24C34AC05C9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{03A9E871-C65D-494B-8291-DDB2E265437F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{B83B6DE1-22E9-4ED7-BBC8-5EBC4226F8D2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3D2CC0AE-F4BA-4B4C-9E1E-1AAD601949DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FECD84B-323E-4DFD-A705-F3AF19EA9C22}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{AC5B262E-D7C5-431F-9B90-D8CE1DDAD9DB}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{1BC7AEC6-85BF-4A89-A5B3-3E1232DDA895}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FE3CF677-636A-43F7-839E-45515AC62774}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [TCP Query User{44E2A2FA-0F12-4F89-BADC-938F2BD56424}C:\program files\bitlord\bitlord.exe] => (Allow) C:\program files\bitlord\bitlord.exe
FirewallRules: [UDP Query User{FC46AEBA-05C8-4EC2-B2CD-691088E5C668}C:\program files\bitlord\bitlord.exe] => (Allow) C:\program files\bitlord\bitlord.exe
FirewallRules: [{952769C5-5C9E-4297-8174-AE8238E751C9}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AAA473B7-AAF4-470B-B263-27284CEA769C}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AF1372E4-EAA5-4AB2-A881-F5E5707C181B}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{29794F81-1B4D-4241-BC71-9D898E28A211}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{667D5661-C584-4D71-A2E3-31D50BB2C321}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{37022180-8BDE-4458-97BD-0B8FC7AFD2BB}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
 
==================== Restore Points =========================
 
29-10-2016 10:42:13 Scheduled Checkpoint
30-10-2016 02:01:21 Scheduled Checkpoint
11-11-2016 06:18:14 JRT Pre-Junkware Removal
11-11-2016 23:38:45 Avira System Speedup 2.7.0
22-11-2016 16:58:50 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/22/2016 05:09:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/22/2016 04:57:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {97b04c2a-d961-42ab-a5ab-a6a59ded2cbe}
 
Error: (11/22/2016 04:55:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\James\Downloads\ipadians.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/22/2016 04:49:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/17/2016 06:41:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1520
Start Time: 01d240c713bf4b30
Termination Time: 13
 
Error: (11/17/2016 06:38:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1ca8
Start Time: 01d240c714805140
Termination Time: 12
 
Error: (11/17/2016 06:37:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, time stamp 0x5807c043, faulting module mozglue.dll, version 49.0.2.6136, time stamp 0x5807b9a7, exception code 0x80000003, fault offset 0x0000e83e,
process id 0x15bc, application start time 0x01d240c6dda33660.
 
Error: (11/17/2016 06:37:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, time stamp 0x5807c043, faulting module mozglue.dll, version 49.0.2.6136, time stamp 0x5807b9a7, exception code 0x80000003, fault offset 0x0000e83e,
process id 0x1518, application start time 0x01d240c6f4862130.
 
Error: (11/14/2016 04:40:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\James\Downloads\ipadians.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/12/2016 02:49:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\James\Downloads\ipadians.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/22/2016 05:09:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/22/2016 04:49:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/12/2016 01:39:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/11/2016 11:24:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/11/2016 11:24:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ManyCam Service service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (11/11/2016 04:32:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/11/2016 04:32:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ManyCam Service service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (11/11/2016 06:28:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-22 17:18:13.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-22 17:18:12.938
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-22 17:18:12.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-22 17:18:12.121
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-22 17:18:11.609
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-22 17:18:11.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-22 17:18:11.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-22 17:18:10.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-20 15:35:26.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SplitMediaLabs\XSplit\XSplitGameSource32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-20 15:35:26.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SplitMediaLabs\XSplit\XSplitGameSource32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 3324.57 MB
Available physical RAM: 973.04 MB
Total Virtual: 9387.46 MB
Available Virtual: 6641.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.69 GB) (Free:97.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Did I change my default icon?  No.
How did you go?  How is your machine running not?  So far so good, but  I think it is too soon to tell.  If you have further instructions, I'll follow your recommendations and continue on.  Otherwise if have any further issues in the next few days, I will respond here.
 


#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 23 November 2016 - 06:00 PM

Hi FlimFlam69

 

Your machine is looking better.

 

t7gadx.jpg  Download the files linked below and save them to your desktop:

 

http://download.bleepingcomputer.com/win-services/vista/PolicyAgent.reg

http://download.bleepingcomputer.com/win-services/vista/RemoteAccess.reg

 

Run PolicyAgent.reg by double-clicking it and follow the instructions to merge the information into the registry.

Repeat the procedure with RemoteAccess.reg.

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> DefaultScope {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Yahoo Partner) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-11-22]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
2016-11-11 23:26 - 2016-11-11 23:26 - 08141704 _____ C:\Users\James\Downloads\bitdefender_online.exe
2016-11-11 23:26 - 2016-11-11 23:26 - 00012730 _____ C:\ProgramData\1478924804.bdinstall.bin
2016-11-11 23:26 - 2016-11-11 23:26 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-11-11 06:45 - 2016-01-24 08:29 - 00000000 ____D C:\Program Files\Yahoo!
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\AI_RecycleBin
2016-11-11 23:26 - 2016-11-11 23:26 - 0012730 _____ () C:\ProgramData\1478924804.bdinstall.bin
Task: {275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} - \GreatArcadeHits -> No File <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION

You have uninstalled Avira antivirus, but the browser plugin "Avira Browser safety" still remains. If you wish to remove this please add these lines to the file, then save it again

FF Extension: (No Name) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\Extensions\abs@avira.com [2016-11-11]
CHR Extension: (Avira Browser Safety) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
C:\Program Files\Avira
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
C:\ProgramData\Avira
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please copy and paste the log that appears into your reply.

2eeagd2.jpg Please download RogueKiller and run it

  • Click Scan and then Scan again to start the application
  • Please be patient the scan can take quite some time
  • When it completes close the browser pop up.
  • click Open Report then Open TXT
  • Copy and paste the output into your reply.

warning_16.png  There are 2 unusual user accounts on your PC

  • 4FEGM2WER0
  • XSIOAHQLD9

Do you know what/who they are?

 

i5r8d1.jpg  Please run Farbar Recovery Scan Tool again.

  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply.

Please include in your reply

  • FRST fix log
  • RogueKilller scan log
  • new FRST logs
  • Do you know those user accounts?
  • How did you go? How is your machine running now?

John



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 26 November 2016 - 06:02 PM

Hi FlimFlam,

 

It's been a few days, do you still require assistance?

 

John



#7 FlimFlam69

FlimFlam69
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 26 November 2016 - 06:52 PM

Yes im still here. Sorry, haven't had a chance to proceed with the next steps yet (holiday stuff, real life, etc)...

#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 26 November 2016 - 06:55 PM

No problems at all. Thanks for letting me know.



#9 FlimFlam69

FlimFlam69
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 28 November 2016 - 11:49 AM

FRST fixlog

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-11-2016
Ran by James (28-11-2016 10:30:22) Run:2
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James & XSIOAHQLD9 & 4FEGM2WER0)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> DefaultScope {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000 -> {E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Extension: (Yahoo Partner) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-11-22]
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
2016-11-11 23:26 - 2016-11-11 23:26 - 08141704 _____ C:\Users\James\Downloads\bitdefender_online.exe
2016-11-11 23:26 - 2016-11-11 23:26 - 00012730 _____ C:\ProgramData\1478924804.bdinstall.bin
2016-11-11 23:26 - 2016-11-11 23:26 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-11-11 23:14 - 2012-06-30 05:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-11-11 06:45 - 2016-01-24 08:29 - 00000000 ____D C:\Program Files\Yahoo!
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2016-11-11 06:23 - 2013-02-07 01:38 - 00000000 __SHD C:\AI_RecycleBin
2016-11-11 23:26 - 2016-11-11 23:26 - 0012730 _____ () C:\ProgramData\1478924804.bdinstall.bin
Task: {275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} - \GreatArcadeHits -> No File <==== ATTENTION
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
FF Extension: (No Name) - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\Extensions\abs@avira.com [2016-11-11]
CHR Extension: (Avira Browser Safety) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
C:\Program Files\Avira
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
C:\ProgramData\Avira
*****************
 
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4CF0A7C-237B-4A37-BBDA-4DBD817D6029}" => key removed successfully.
HKCR\CLSID\{E4CF0A7C-237B-4A37-BBDA-4DBD817D6029} => key not found. 
"HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin" => key removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
Chrome DefaultSuggestURL => removed successfully.
C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\nogdfjjfhknacchjpiccacoimeelkajb" => key removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep" => key removed successfully.
C:\Users\James\Downloads\bitdefender_online.exe => moved successfully
C:\ProgramData\1478924804.bdinstall.bin => moved successfully
C:\Program Files\Bitdefender Agent => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Program Files\Spybot - Search & Destroy => moved successfully
C:\Program Files\Yahoo! => moved successfully
C:\Windows\system32\AI_RecycleBin => moved successfully
C:\AI_RecycleBin => moved successfully
"C:\ProgramData\1478924804.bdinstall.bin" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{275B4500-BD28-43D4-B6C0-DE48AFAFA5D4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{275B4500-BD28-43D4-B6C0-DE48AFAFA5D4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits" => key removed successfully.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\Extensions\abs@avira.com => moved successfully
C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully.
C:\Program Files\Avira => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira => moved successfully
C:\ProgramData\Avira => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 10:31:05 ====
 
RogueKiller scan log
 
RogueKiller V12.8.0.0 [Nov  7 2016] (Free) by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : James [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 11/28/2016 10:37:24 (Duration : 00:52:02)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_BC19\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Replaced (explorer.exe)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA SCSI Disk Device +++++
--- User ---
[MBR] 7d4c335e5ceeabbb4293c77688a3b382
[BSP] e4f1a3792e18a93ded96ab613143948a : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 145408 | Size: 10240 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21116928 | Size: 466628 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 
FRST log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-11-2016
Ran by James (administrator) on FLIMFLAM69 (28-11-2016 11:31:04)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James & XSIOAHQLD9 & 4FEGM2WER0)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [LVCOMS] => C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [127022 2002-12-10] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-19] (AVAST Software)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-11-12] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AA8CE6D-AD17-4679-A08F-74DD40C9D2FD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} 
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7358c659.default
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default [2016-11-28]
FF Keyword.URL: Mozilla\Firefox\Profiles\7358c659.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\searchplugins\google-lavasoft.xml [2016-10-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2412800826-1674594253-1344594430-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2016-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2014-06-02] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-12] (AVAST Software)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [133120 2013-07-07] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [802304 2015-07-31] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [444928 2013-10-10] (Microsoft Corporation) [File not signed]
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [174080 2014-12-05] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [153600 2014-12-05] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [602112 2015-08-05] (Microsoft Corporation) [File not signed]
R2 TermService; C:\Windows\System32\termsrv.dll [449536 2014-10-09] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\Windows\System32\webclnt.dll [199680 2015-07-01] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2014-05-30] (Microsoft Corporation) [File not signed]
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-11-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-11-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-11-12] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-11-12] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-11-12] (AVAST Software)
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [143360 2014-09-04] (Microsoft Corporation) [File not signed]
R3 LVBulk; C:\Windows\System32\DRIVERS\LVBulk.sys [10254 2002-06-10] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVVI500A; C:\Windows\System32\DRIVERS\lvvi500a.sys [188592 2002-06-10] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-11] (Malwarebytes)
R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115200 2014-12-18] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [107008 2015-01-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [217088 2015-06-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [81408 2015-06-27] (Microsoft Corporation) [File not signed]
S3 sonydcam; C:\Windows\System32\DRIVERS\sonydcam.sys [26624 2008-01-20] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [24064 2013-06-15] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73344 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2011-05-05] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [197632 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2011-05-05] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-28 11:30 - 2016-11-28 11:30 - 00003402 _____ C:\Users\James\Desktop\rk_37A.tmp
2016-11-28 10:36 - 2016-11-28 10:31 - 00005896 _____ C:\Users\James\Desktop\Fixlog.txt
2016-11-28 10:26 - 2016-11-28 10:26 - 00035442 _____ C:\Users\James\Desktop\RemoteAccess.reg
2016-11-28 10:26 - 2016-11-28 10:26 - 00005244 _____ C:\Users\James\Desktop\PolicyAgent.reg
2016-11-22 16:57 - 2016-11-28 10:31 - 00005896 _____ C:\Users\James\Downloads\Fixlog.txt
2016-11-22 16:57 - 2016-11-28 10:30 - 00000000 ____D C:\Users\James\Downloads\FRST-OlderVersion
2016-11-21 06:02 - 2016-11-21 06:02 - 00008885 _____ C:\Users\James\Downloads\1156_CustomerConcernsReport (5).pdf
2016-11-18 00:34 - 2016-11-18 00:34 - 00053165 _____ C:\Users\James\Desktop\Addition.txt
2016-11-18 00:34 - 2016-11-18 00:34 - 00035334 _____ C:\Users\James\Desktop\FRST.txt
2016-11-18 00:28 - 2016-11-22 17:23 - 00047670 _____ C:\Users\James\Downloads\Addition.txt
2016-11-18 00:26 - 2016-11-28 11:32 - 00016646 _____ C:\Users\James\Downloads\FRST.txt
2016-11-18 00:25 - 2016-11-28 11:31 - 00000000 ____D C:\FRST
2016-11-18 00:25 - 2016-11-28 10:30 - 01760768 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2016-11-12 02:57 - 2016-11-12 02:57 - 00000858 _____ C:\Users\Public\Desktop\Avast SafeZone 1 Browser.lnk
2016-11-12 02:57 - 2016-11-12 02:57 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00001791 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00000000 ____D C:\Users\James\AppData\Roaming\AVAST Software
2016-11-12 02:55 - 2016-11-22 16:48 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-12 02:55 - 2016-11-12 02:56 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-11-12 02:55 - 2016-11-12 02:55 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-11-12 02:54 - 2016-11-12 02:54 - 06334848 _____ (AVAST Software) C:\Users\James\Downloads\avast_free_antivirus_setup_online.exe
2016-11-12 01:35 - 2016-11-17 06:37 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2016-11-12 01:31 - 2016-11-12 01:35 - 00008978 _____ C:\Users\James\Desktop\New Text Document (3).txt
2016-11-12 01:25 - 2016-11-12 01:25 - 00006844 _____ C:\Users\James\Desktop\rk_D6EF.tmp
2016-11-12 01:07 - 2016-11-12 01:07 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (2).exe
2016-11-12 01:06 - 2016-11-12 01:06 - 00000000 ____D C:\Users\James\AppData\Local\Avira
2016-11-12 00:17 - 2016-11-28 10:37 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-12 00:16 - 2016-11-12 01:35 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (1).exe
2016-11-12 00:16 - 2016-11-12 00:16 - 00000802 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-12 00:15 - 2016-11-22 17:15 - 00003835 _____ C:\Users\James\Desktop\FSS.txt
2016-11-12 00:15 - 2016-11-22 17:15 - 00003832 _____ C:\Users\James\Downloads\FSS.txt
2016-11-12 00:14 - 2016-11-12 00:14 - 00899584 _____ (Farbar) C:\Users\James\Downloads\FSS.exe
2016-11-12 00:14 - 2016-11-12 00:14 - 00001176 _____ C:\Users\James\Desktop\checkup.txt
2016-11-12 00:10 - 2016-11-12 00:10 - 00852798 _____ C:\Users\James\Downloads\SecurityCheck.exe
2016-11-12 00:08 - 2016-11-12 00:08 - 00092218 _____ C:\Users\James\Documents\cc_20161112_000819.reg
2016-11-11 23:39 - 2016-11-12 00:39 - 01368548 _____ C:\Windows\system32\winapp2_disk.csv
2016-11-11 23:28 - 2016-11-11 23:28 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\James\Downloads\avira_en_fass0_58269a4206a60__ws.exe
2016-11-11 23:19 - 2016-11-11 23:19 - 00000000 ____D C:\Users\James\Downloads\SafeZone Installer
2016-11-11 17:47 - 2016-11-11 17:47 - 00030071 _____ C:\Users\James\Desktop\MTB.txt
2016-11-11 17:44 - 2016-11-11 19:43 - 00000576 _____ C:\Users\James\Desktop\Malware Log.txt
2016-11-11 16:36 - 2016-11-11 16:36 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-11 16:35 - 2016-11-11 16:35 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-11 16:32 - 2016-11-11 16:32 - 00020880 _____ C:\Users\James\Desktop\AdwCleaner[C0].txt
2016-11-11 06:24 - 2016-11-11 06:24 - 00007771 _____ C:\Users\James\Desktop\JRT.txt
2016-11-11 06:06 - 2016-11-11 06:06 - 00892416 _____ (Farbar) C:\Users\James\Desktop\MiniToolBox.exe
2016-11-11 06:05 - 2016-11-11 06:06 - 22851472 _____ (Malwarebytes ) C:\Users\James\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-11-11 06:05 - 2016-11-11 06:05 - 01631928 _____ (Malwarebytes) C:\Users\James\Desktop\JRT.exe
2016-11-11 06:03 - 2016-11-11 06:03 - 03910208 _____ C:\Users\James\Desktop\AdwCleaner.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-28 10:53 - 2016-10-09 23:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-28 10:32 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-28 10:32 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-28 10:32 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-28 10:31 - 2006-11-02 08:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-28 09:34 - 2015-05-29 23:31 - 00000000 ____D C:\Users\James\AppData\Local\Battle.net
2016-11-28 04:19 - 2016-10-21 17:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-28 00:09 - 2016-06-10 23:09 - 00000000 ____D C:\Program Files\World of Warcraft
2016-11-22 17:31 - 2016-05-30 19:08 - 00000000 ____D C:\Program Files\Battle.net
2016-11-22 17:05 - 2012-11-14 21:53 - 00000000 ____D C:\Users\James\AppData\LocalLow\Temp
2016-11-22 16:55 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-22 16:55 - 2006-11-02 05:33 - 00830432 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-22 16:49 - 2012-06-25 20:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-22 16:41 - 2012-06-29 21:48 - 00000000 ____D C:\Program Files\Perfect Uninstaller
2016-11-15 06:11 - 2012-07-13 21:23 - 00103424 _____ C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-14 18:07 - 2009-10-31 11:10 - 00000000 ____D C:\Pathfinder
2016-11-12 02:54 - 2012-11-21 23:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-12 01:39 - 2006-11-02 07:47 - 00377176 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-12 01:10 - 2015-01-25 13:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-12 01:03 - 2012-06-25 14:41 - 00102848 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-11 06:53 - 2013-09-29 13:13 - 00000000 ____D C:\AdwCleaner
2016-11-11 06:43 - 2013-02-05 18:59 - 00000000 ____D C:\Users\James\AppData\Roaming\Common
2016-11-10 22:37 - 2016-10-09 12:01 - 00000000 _____ C:\Windows\system32\last.dump
2016-11-10 22:32 - 2014-05-11 19:32 - 00000000 ____D C:\Users\James\AppData\Local\Deployment
2016-10-29 09:54 - 2016-05-10 22:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2012-07-03 10:23 - 2015-02-13 16:47 - 0000000 _____ () C:\Users\James\AppData\Roaming\bitlord_log.txt
2013-05-12 13:29 - 2013-05-12 13:29 - 0000035 _____ () C:\Users\James\AppData\Roaming\SetValue.bat
2012-06-25 15:23 - 2016-10-15 01:30 - 0001356 _____ () C:\Users\James\AppData\Local\d3d9caps.dat
2012-07-13 21:23 - 2016-11-15 06:11 - 0103424 _____ () C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 16:48 - 2015-02-13 16:48 - 0000218 _____ () C:\Users\James\AppData\Local\recently-used.xbel
2013-02-05 18:59 - 2013-02-05 18:59 - 0004995 _____ () C:\ProgramData\iqrjmdeq.fak
2016-10-13 17:44 - 2016-10-13 17:44 - 0004145 _____ () C:\ProgramData\mudtcpaz.vzs
 
Some files in TEMP:
====================
C:\Users\James\AppData\Local\temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe
[2016-01-24 08:57] - [2015-04-10 18:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5
 
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-28 10:39
 
==================== End of FRST.txt ============================
 

Addiiton log (part of FRST)

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2016
Ran by James (18-11-2016 00:28:19)
Running from C:\Users\James\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2012-06-25 19:34:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
4FEGM2WER0 (S-1-5-21-2412800826-1674594253-1344594430-1040 - Limited - Enabled) => C:\Users\4FEGM2WER0
Administrator (S-1-5-21-2412800826-1674594253-1344594430-500 - Administrator - Disabled)
Guest (S-1-5-21-2412800826-1674594253-1344594430-501 - Limited - Disabled)
James (S-1-5-21-2412800826-1674594253-1344594430-1000 - Administrator - Enabled) => C:\Users\James
XSIOAHQLD9 (S-1-5-21-2412800826-1674594253-1344594430-1039 - Limited - Enabled) => C:\Users\XSIOAHQLD9
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BitLord 2.4 (HKLM\...\BitLord) (Version: 2.4.3-305 - House of Life)
BitTorrent Sync (HKLM\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse Client (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version: 2.16 - NCH Software)
DownloadX ActiveX Download Control 1.6.5 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - DownloadXCtrl.com)
Free Mouse Auto Clicker 3.0 (HKLM\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
liteCam HD (HKLM\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.05.0000 - RSUPPORT)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Driver (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Path of Exile (Version: 2.3.0.57896 - Grinding Gear Games) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RMP4 (HKLM\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RogueKiller version 12.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.0.0 - Adlice Software)
RSCC (HKLM\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit (HKLM\...\{24570B2F-3937-47F0-A16A-E82B480A7699}) (Version: 1.1.1210.3101 - SplitMediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{8e87cee7-6147-40c5-ac62-2f2947f4b6b4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {000D223F-8B3E-4E51-BDA1-E46C831F4A70} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: {05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D} - System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {224AA28D-CD01-4493-883A-15ADF4ED8B19} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd6193ecb510b4 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {22A5C59B-843D-4A98-94D4-20605A23DF59} - System32\Tasks\GoogleUpdateTaskMachineCore1cef1ac54fd9c00 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {27482DA8-2F2E-4F73-A9FF-7B97E9080BB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
Task: {275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} - \GreatArcadeHits -> No File <==== ATTENTION
Task: {2804C193-5E5D-44E8-8FDB-0EDC8E475313} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd8b316e621b10 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {28D7953B-B1CB-498E-814A-92C5A3B10CA4} - System32\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2B611B01-D0E7-486C-B9F2-CABB50C9E0C8} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2CB3EC9D-D46B-4AB8-BF3E-8B8E691866A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33898899-5843-4CA1-B5E8-0DC87DDA3F74} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E6C22BD-03EB-4817-AA2B-FE0D434F5E9E} - System32\Tasks\SafeZone scheduled Autoupdate 1478937465 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-12] (Avast Software)
Task: {429EC9BE-F084-47BF-9B10-06F88A8F27C6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7a1741a601b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {433A3FE1-F0EB-475B-8BF7-469039216C9B} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: {4393A021-1A5A-4BBD-B220-80C681A811CB} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4C9BA408-FF1A-4B60-B530-38C502B81659} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {4E544DBD-87F6-4064-8F93-C1956E5D2632} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4ec3c0dddc0d => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {52883949-08D4-4EEE-8529-86CE4D03DA37} - System32\Tasks\GoogleUpdateTaskMachineCore1ceec18eab46854 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {591EABDF-78C4-4B74-B5A3-B6701888324D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6955869319d4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5D616C00-2219-4FAC-A59F-33CB11CF260E} - System32\Tasks\GoogleUpdateTaskMachineCore1cffee347552760 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {671178F8-E323-426A-B0EE-8C26A700547B} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {748E98D4-313D-4B6D-ABB8-A67BA9D32D06} - System32\Tasks\ReclaimerResumeInstall_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: {7C2167AA-C981-4FA4-B8AF-450436EC5925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7C21E93A-52C3-488D-8DDF-15118ACAE79D} - System32\Tasks\AVG_REG_1113a => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {8B83E8A2-C632-46D1-9230-DB8FF13AC128} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: {8C2940C3-0BFB-4795-9EEE-4592950CE71A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8D9BF34D-6FA5-4E0C-9C94-1CD5E4487528} - System32\Tasks\SafeZone scheduled Autoupdate 1467973950
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
Task: {A2CB06B7-3412-4408-8AB2-238408274600} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A3EF12D1-49AF-490D-B917-A260B555C0E3} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: {A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854} - System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => pcalua.exe -a C:\Windows\system32\nvuninst.exe -c UninstallGUI
Task: {A61225C3-0ECD-4749-BDBA-1F8D762B5C55} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {A8AAFE8A-348A-4A0D-B3D9-DA8441751911} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AAE64384-D695-464E-9802-3274978DD8FD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AEC8FC4D-6B43-4986-9FFA-06F6D1883CFE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {AF19CA05-E2EA-4EE4-87B6-8648419D3A79} - System32\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B3F083BC-DD28-4DAA-81B4-8323B986059C} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: {B49EF589-3BB7-4030-B7B2-9481978DF68B} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: {B8400AC9-8409-45B3-BF34-513C200C7594} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {B9BC5A14-C9A7-45DF-8DDC-479E1251C229} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7f3155127890 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {CA96D160-A103-47AF-A530-782E917836F2} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D0E6C65E-F231-4198-8837-EC2283477433} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D37CC357-FAA3-4101-8354-3254ED26079B} - System32\Tasks\ReclaimerUpdateXML_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: {D5A08672-2479-4AF1-992C-8EC00CEC1138} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D7ABE036-F7F3-4167-B983-F60E7185E67B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf3ef271627f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DB0609DB-0592-47F9-8197-9D3185B4A10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E38053AB-0866-417C-B29C-7FB409A55625} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a6ab2c7efb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E5E7AFD7-B7AE-4F87-B656-627EB7D112BD} - System32\Tasks\avast! Emergency Update
Task: {EB9F9855-7F0B-46BD-9F87-EA5C0C715C60} - System32\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {ED3CDED7-44B3-4097-8166-F6251ADF1C99} - System32\Tasks\GoogleUpdateTaskMachineCore1cdc8674e658900 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F158405F-059B-470A-9555-5CA14FE99440} - System32\Tasks\GoogleUpdateTaskMachineCore1ce0c6c119e025 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F36FEE2A-86F4-495D-8B05-DA1C0CB3E672} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F8FF98A2-78D2-4305-8488-44237872FDA9} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cffee347552760.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\James\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-07-03 17:45 - 2006-10-26 18:56 - 00033104 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 23:39 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-02-06 23:39 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-07-27 03:03 - 2010-07-27 03:03 - 00181592 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 08358400 _____ () C:\Program Files\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00151040 _____ () C:\Program Files\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 01152512 _____ () C:\Program Files\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00333824 _____ () C:\Program Files\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00026112 _____ () C:\Program Files\SplitMediaLabs\XSplit\swresample-0.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00237352 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-12 02:55 - 2016-11-12 02:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-16 15:10 - 2016-11-16 15:10 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111601\algo.dll
2016-11-17 07:11 - 2016-11-17 07:11 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16111700\algo.dll
2016-11-12 02:55 - 2016-11-12 02:55 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 00540336 _____ () C:\Program Files\Battle.net\Battle.net.8142\ortp.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 37247976 _____ () C:\Program Files\Battle.net\Battle.net.8142\libcef.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 06402560 _____ () C:\Program Files\Battle.net\Battle.net.8142\battle.net.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 00133632 _____ () C:\Program Files\Battle.net\Battle.net.8142\libEGL.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 03384832 _____ () C:\Program Files\Battle.net\Battle.net.8142\libGLESv2.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00028672 _____ () C:\Program Files\SplitMediaLabs\XSplit\AxShockwaveFlashObjects.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00073216 _____ () C:\Program Files\SplitMediaLabs\XSplit\Addins\Facebook.Winforms.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00545792 _____ () C:\Program Files\SplitMediaLabs\XSplit\Addins\Facebook.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00024576 _____ () C:\Program Files\SplitMediaLabs\XSplit\ExternalInterfaceProxy.dll
2012-10-30 12:31 - 2012-10-30 12:31 - 00179712 _____ () C:\Program Files\SplitMediaLabs\XSplit\vtRCM.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00886272 _____ () C:\Program Files\SplitMediaLabs\XSplit\System.Data.SQLite.dll
2016-11-09 00:05 - 2016-11-09 00:05 - 01484776 _____ () C:\Program Files\Battle.net\Battle.net.8142\Battle.net Helper.exe
2016-11-09 00:05 - 2016-11-09 00:05 - 00990696 _____ () C:\Program Files\Battle.net\Battle.net.8142\ffmpegsumo.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7917 more sites.
 
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123simsen.com -> www.123simsen.com
 
There are 7917 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2016-11-10 23:06 - 00452630 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15559 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SLSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => (Allow) %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AD5CFB18-5D42-4032-ADB9-EDF4969E3EA7}] => (Allow) LPort=80
FirewallRules: [{8FC3E496-32D4-4404-9A9E-66167CDA935C}] => (Allow) LPort=80
FirewallRules: [{E974353A-C32F-4379-9E0B-168CDDFB689D}] => (Allow) LPort=80
FirewallRules: [{4AAF4F84-619E-4CEC-97F5-D4A36E9B574D}] => (Allow) C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{43865D8A-9487-49B6-8BB2-533048A5B499}] => (Allow) C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{C3546DDD-A5C7-4710-AF5B-590FE16985BD}] => (Allow) LPort=50000
FirewallRules: [{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6926BA80-A964-41DF-A0B7-CD30C38E6CDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{06669F6E-EBEE-4EBE-A9A9-EBFE45867606}] => (Allow) LPort=41780
FirewallRules: [{ED7AF588-65A5-42E1-A897-417CD26FF781}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1EFEE741-B554-4195-B0F6-F24C34AC05C9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{03A9E871-C65D-494B-8291-DDB2E265437F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{B83B6DE1-22E9-4ED7-BBC8-5EBC4226F8D2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3D2CC0AE-F4BA-4B4C-9E1E-1AAD601949DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FECD84B-323E-4DFD-A705-F3AF19EA9C22}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{AC5B262E-D7C5-431F-9B90-D8CE1DDAD9DB}] => (Allow) C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{1BC7AEC6-85BF-4A89-A5B3-3E1232DDA895}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FE3CF677-636A-43F7-839E-45515AC62774}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [TCP Query User{44E2A2FA-0F12-4F89-BADC-938F2BD56424}C:\program files\bitlord\bitlord.exe] => (Allow) C:\program files\bitlord\bitlord.exe
FirewallRules: [UDP Query User{FC46AEBA-05C8-4EC2-B2CD-691088E5C668}C:\program files\bitlord\bitlord.exe] => (Allow) C:\program files\bitlord\bitlord.exe
FirewallRules: [{1A402A0E-143D-4663-BA98-27B929D7DFF5}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{5EF95858-98F6-4A53-B9BE-1DB4727E3626}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{952769C5-5C9E-4297-8174-AE8238E751C9}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AAA473B7-AAF4-470B-B263-27284CEA769C}] => (Allow) C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AF1372E4-EAA5-4AB2-A881-F5E5707C181B}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{29794F81-1B4D-4241-BC71-9D898E28A211}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
 
==================== Restore Points =========================
 
29-10-2016 10:42:13 Scheduled Checkpoint
30-10-2016 02:01:21 Scheduled Checkpoint
11-11-2016 06:18:14 JRT Pre-Junkware Removal
11-11-2016 23:38:45 Avira System Speedup 2.7.0
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/17/2016 06:41:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1520
Start Time: 01d240c713bf4b30
Termination Time: 13
 
Error: (11/17/2016 06:38:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16633 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1ca8
Start Time: 01d240c714805140
Termination Time: 12
 
Error: (11/17/2016 06:37:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, time stamp 0x5807c043, faulting module mozglue.dll, version 49.0.2.6136, time stamp 0x5807b9a7, exception code 0x80000003, fault offset 0x0000e83e,
process id 0x15bc, application start time 0x01d240c6dda33660.
 
Error: (11/17/2016 06:37:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, time stamp 0x5807c043, faulting module mozglue.dll, version 49.0.2.6136, time stamp 0x5807b9a7, exception code 0x80000003, fault offset 0x0000e83e,
process id 0x1518, application start time 0x01d240c6f4862130.
 
Error: (11/14/2016 04:40:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\James\Downloads\ipadians.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/12/2016 02:49:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\James\Downloads\ipadians.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/12/2016 01:39:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2016 01:35:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.1.3.6, time stamp 0x55f3f4a9, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x3f700f80,
process id 0x1470, application start time 0x01d23caa66119b10.
 
Error: (11/12/2016 01:09:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 456: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (11/12/2016 01:09:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10093
 
 
System errors:
=============
Error: (11/12/2016 01:39:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/11/2016 11:24:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/11/2016 11:24:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ManyCam Service service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (11/11/2016 04:32:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/11/2016 04:32:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ManyCam Service service failed to start due to the following error: 
The system cannot find the path specified.
 
Error: (11/11/2016 06:28:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/11/2016 06:28:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-18 00:28:09.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:28:09.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:28:08.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:28:08.718
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:28:08.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:28:07.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:28:07.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:28:07.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:06:30.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SplitMediaLabs\XSplit\XSplitGameSource32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-18 00:06:30.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SplitMediaLabs\XSplit\XSplitGameSource32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3324.57 MB
Available physical RAM: 1484.07 MB
Total Virtual: 9389.46 MB
Available Virtual: 5837.55 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.69 GB) (Free:92.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
I do not know the User Accounts:
4FEGM2WER0
XSIOAHQLD9
 
Can you help me remove them?
 
One issue with the machine I am having (had since the beginning of this process and it is still happening) is that sometimes Windows Explorer hangs on me, and I have to do a hard reboot as everything locks up.  I can't bring up Task Manager to cancel out the process that is causing the hanging.  This tends to happen randomly and usually when I click on an instance of Google Chrome.


#10 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 28 November 2016 - 09:30 PM

Hi FlimFlam69

 

We're getting through your issues now. I will help you resolve additional technical issues, as much as possible, when we can call your machine malware free.

 

First,

 

Let's delete the unwanted accounts

  • 4FEGM2WER0
  • XSIOAHQLD9

Follow these instructions for each one

  • Click Start (Windows 8/10 hit the Windows key + X), Control Panel, then User Accounts
  • Click Manage another account
  • Left click on the user account you want to delete
  • Select Delete the account
  • Select Delete Files
  • Click Delete Account, then click Yes

Next...

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {000D223F-8B3E-4E51-BDA1-E46C831F4A70} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: {05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D} - System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} - \GreatArcadeHits -> No File <==== ATTENTION
Task: {433A3FE1-F0EB-475B-8BF7-469039216C9B} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: {4C9BA408-FF1A-4B60-B530-38C502B81659} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {671178F8-E323-426A-B0EE-8C26A700547B} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {7C21E93A-52C3-488D-8DDF-15118ACAE79D} - System32\Tasks\AVG_REG_1113a => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {8B83E8A2-C632-46D1-9230-DB8FF13AC128} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: {8C2940C3-0BFB-4795-9EEE-4592950CE71A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A3EF12D1-49AF-490D-B917-A260B555C0E3} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: {A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854} - System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => pcalua.exe -a C:\Windows\system32\nvuninst.exe -c UninstallGUI
Task: {B3F083BC-DD28-4DAA-81B4-8323B986059C} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: {B49EF589-3BB7-4030-B7B2-9481978DF68B} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: {CA96D160-A103-47AF-A530-782E917836F2} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D37CC357-FAA3-4101-8354-3254ED26079B} - System32\Tasks\ReclaimerUpdateXML_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: {D5A08672-2479-4AF1-992C-8EC00CEC1138} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {F8FF98A2-78D2-4305-8488-44237872FDA9} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
MSCONFIG\Services: SBSDWSCService => 2
FirewallRules: [{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6926BA80-A964-41DF-A0B7-CD30C38E6CDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log.

34hammr.jpg Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • please copy and paste the log into your reply.

If prompted by your firewall allow DIG.exe
If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

 

i5r8d1.jpg  Please run Farbar Recovery Scan Tool again.

  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply.

In your reply please include

  • FRST fix log
  • Security Check log
  • new FRST scan logs
  • How did you go removing the user accounts? All ok?

John



#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 01 December 2016 - 09:44 PM

Hi FlimFlam,

 

It's been a few days, you still with me?

 

John



#12 FlimFlam69

FlimFlam69
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 02 December 2016 - 06:37 AM

I could not find those User Accounts.  I am wondering if they are hidden?  I took a pic to show you but can't see an attachment option on this forum...

 

FRST fixlog

(the PC did not reboot this time)

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 30-11-2016

Ran by James (02-12-2016 06:17:05) Run:3
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James & XSIOAHQLD9 & 4FEGM2WER0)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {000D223F-8B3E-4E51-BDA1-E46C831F4A70} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: {05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637} - System32\Tasks\AVG_SYS_TASK => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D} - System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} - \GreatArcadeHits -> No File <==== ATTENTION
Task: {433A3FE1-F0EB-475B-8BF7-469039216C9B} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
Task: {4C9BA408-FF1A-4B60-B530-38C502B81659} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {671178F8-E323-426A-B0EE-8C26A700547B} - System32\Tasks\AVG_SYS_TASK_DELETE => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {7C21E93A-52C3-488D-8DDF-15118ACAE79D} - System32\Tasks\AVG_REG_1113a => C:\ProgramData\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
Task: {8B83E8A2-C632-46D1-9230-DB8FF13AC128} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: {8C2940C3-0BFB-4795-9EEE-4592950CE71A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A3EF12D1-49AF-490D-B917-A260B555C0E3} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: {A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854} - System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => pcalua.exe -a C:\Windows\system32\nvuninst.exe -c UninstallGUI
Task: {B3F083BC-DD28-4DAA-81B4-8323B986059C} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: {B49EF589-3BB7-4030-B7B2-9481978DF68B} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: {CA96D160-A103-47AF-A530-782E917836F2} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {D37CC357-FAA3-4101-8354-3254ED26079B} - System32\Tasks\ReclaimerUpdateXML_James => C:\Users\James\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-29] (RealNetworks, Inc.)
Task: {D5A08672-2479-4AF1-992C-8EC00CEC1138} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {F8FF98A2-78D2-4305-8488-44237872FDA9} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{42AD2A35-76B9-4157-A82E-44E66099571F}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{B3EA3FC5-A6E1-48DB-A1AD-2A6988CA5E6E}.exe
Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{05778251-B6D5-4553-A601-278A90BA53E2}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{BBB9E39E-4801-4C8D-B52B-28CF675EEEDC}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{0D69D515-9166-417A-B39E-AFBF090528E4}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{DAF65664-FA38-424D-93B4-45AA680C34CB}.exe
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\imageres.dll,-68 <===== ATTENTION
MSCONFIG\Services: SBSDWSCService => 2
FirewallRules: [{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{6926BA80-A964-41DF-A0B7-CD30C38E6CDC}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
FirewallRules: [{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4}] => (Allow) C:\Program Files\Popcorn Time\Updater.exe
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{000D223F-8B3E-4E51-BDA1-E46C831F4A70} => key not found. 
C:\Windows\System32\Tasks\0215tbUpdateInfo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215tbUpdateInfo => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05EF7E6E-DB1F-4D81-8E56-7EE75BDBC637} => key not found. 
C:\Windows\System32\Tasks\AVG_SYS_TASK => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EE242BB-0AAD-4FAA-98A6-90521DBEDB2D} => key not found. 
C:\Windows\System32\Tasks\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealCreateProcessScheduledTask323216693S-1-5-21-2412800826-1674594253-1344594430-1000 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{275B4500-BD28-43D4-B6C0-DE48AFAFA5D4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{433A3FE1-F0EB-475B-8BF7-469039216C9B} => key not found. 
C:\Windows\System32\Tasks\1214tbUpdateInfo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1214tbUpdateInfo => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C9BA408-FF1A-4B60-B530-38C502B81659}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C9BA408-FF1A-4B60-B530-38C502B81659}" => key removed successfully.
C:\Windows\System32\Tasks\Windows Codec Update Service => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Codec Update Service" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{671178F8-E323-426A-B0EE-8C26A700547B} => key not found. 
C:\Windows\System32\Tasks\AVG_SYS_TASK_DELETE => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_DELETE => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C21E93A-52C3-488D-8DDF-15118ACAE79D} => key not found. 
C:\Windows\System32\Tasks\AVG_REG_1113a => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_REG_1113a => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B83E8A2-C632-46D1-9230-DB8FF13AC128} => key not found. 
C:\Windows\System32\Tasks\0415tbUpdateInfo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0415tbUpdateInfo => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C2940C3-0BFB-4795-9EEE-4592950CE71A} => key not found. 
C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-2412800826-1674594253-1344594430-1000 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3EF12D1-49AF-490D-B917-A260B555C0E3} => key not found. 
C:\Windows\System32\Tasks\0615tbUpdateInfo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0615tbUpdateInfo => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3FE4B7F-F5D0-4EF3-85CA-5C55595FA854} => key not found. 
C:\Windows\System32\Tasks\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81A49A90-AC2F-4AA8-9763-EE66F562A183} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3F083BC-DD28-4DAA-81B4-8323B986059C} => key not found. 
C:\Windows\System32\Tasks\1114tbUpdateInfo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1114tbUpdateInfo => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B49EF589-3BB7-4030-B7B2-9481978DF68B} => key not found. 
C:\Windows\System32\Tasks\0814tbUpdateInfo => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0814tbUpdateInfo => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA96D160-A103-47AF-A530-782E917836F2} => key not found. 
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rel => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D37CC357-FAA3-4101-8354-3254ED26079B} => key not found. 
C:\Windows\System32\Tasks\ReclaimerUpdateXML_James => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReclaimerUpdateXML_James => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5A08672-2479-4AF1-992C-8EC00CEC1138} => key not found. 
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rmv => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8FF98A2-78D2-4305-8488-44237872FDA9} => key not found. 
C:\Windows\System32\Tasks\Razer_Game_Booster_AutoUpdate => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Razer_Game_Booster_AutoUpdate => key not found. 
C:\Windows\Tasks\0215tbUpdateInfo.job => not found.
C:\Windows\Tasks\0415tbUpdateInfo.job => not found.
C:\Windows\Tasks\0615tbUpdateInfo.job => not found.
C:\Windows\Tasks\0814tbUpdateInfo.job => not found.
C:\Windows\Tasks\1114tbUpdateInfo.job => not found.
C:\Windows\Tasks\1214tbUpdateInfo.job => not found.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SBSDWSCService => key not found. 
HKLM\System\CurrentControlSet\Services\SBSDWSCService => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CFECBCF5-F19A-4F93-8C86-1A8703E7CA93} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6926BA80-A964-41DF-A0B7-CD30C38E6CDC} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A73BBD1F-E5CA-46CF-A3BB-430F6B017EE2} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7DEF66E-44B7-4EE9-9DC3-B0161B59C3B4} => value not found.
 
==== End of Fixlog 06:17:12 ====

 

 

Security Check Log

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avast Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Java 8 Update 101  
 Java version 32-bit out of Date! 
 Adobe Flash Player 23.0.0.207  
 Adobe Reader 10.1.16 Adobe Reader out of Date!  
 Mozilla Firefox (50.0.2) 
 Google Chrome (49.0.2623.110) 
 Google Chrome (49.0.2623.112) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
FRST Scan Log
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2016
Ran by James (administrator) on FLIMFLAM69 (02-12-2016 06:29:26)
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: James & XSIOAHQLD9 & 4FEGM2WER0)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(SplitMediaLabs) C:\Program Files\SplitMediaLabs\XSplit\XSplit.Core.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Blizzard Entertainment) C:\Program Files\Battle.net\Battle.net.8180\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5296\Agent.exe
() C:\Program Files\Battle.net\Battle.net.8180\Battle.net Helper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [LVCOMS] => C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [127022 2002-12-10] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-19] (AVAST Software)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-11-12] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AA8CE6D-AD17-4679-A08F-74DD40C9D2FD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-14] (Oracle Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} 
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 7358c659.default
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default [2016-12-02]
FF Keyword.URL: Mozilla\Firefox\Profiles\7358c659.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\7358c659.default\searchplugins\google-lavasoft.xml [2016-10-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-25] [not signed]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-29] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2412800826-1674594253-1344594430-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\James\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default [2016-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2014-06-02] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [316928 2014-10-02] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-12] (AVAST Software)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [133120 2013-07-07] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [802304 2015-07-31] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [444928 2013-10-10] (Microsoft Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [272136 2016-10-13] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [174080 2014-12-05] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [153600 2014-12-05] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [602112 2015-08-05] (Microsoft Corporation) [File not signed]
R2 TermService; C:\Windows\System32\termsrv.dll [449536 2014-10-09] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\Windows\System32\webclnt.dll [199680 2015-07-01] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2014-05-30] (Microsoft Corporation) [File not signed]
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-11-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-11-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-11-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-11-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-11-12] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-11-12] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-11-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-11-12] (AVAST Software)
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [143360 2014-09-04] (Microsoft Corporation) [File not signed]
R3 LVBulk; C:\Windows\System32\DRIVERS\LVBulk.sys [10254 2002-06-10] (Logitech Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVVI500A; C:\Windows\System32\DRIVERS\lvvi500a.sys [188592 2002-06-10] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-11] (Malwarebytes)
R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115200 2014-12-18] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [107008 2015-01-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [217088 2015-06-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [81408 2015-06-27] (Microsoft Corporation) [File not signed]
S3 sonydcam; C:\Windows\System32\DRIVERS\sonydcam.sys [26624 2008-01-20] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [24064 2013-06-15] (Microsoft Corporation) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73344 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2011-05-05] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [197632 2013-06-28] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [19456 2011-05-05] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 06:18 - 2016-12-02 06:18 - 00852798 _____ C:\Users\James\Downloads\SecurityCheck (1).exe
2016-11-29 00:40 - 2016-11-29 00:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-11-29 00:12 - 2016-12-01 06:35 - 00000000 ____D C:\Users\James\AppData\LocalLow\Mozilla
2016-11-29 00:10 - 2016-11-29 00:40 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-11-29 00:10 - 2016-11-29 00:10 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-11-28 11:30 - 2016-11-28 11:30 - 00003402 _____ C:\Users\James\Desktop\rk_37A.tmp
2016-11-28 10:36 - 2016-11-28 10:31 - 00005896 _____ C:\Users\James\Desktop\Fixlog.txt
2016-11-28 10:26 - 2016-11-28 10:26 - 00035442 _____ C:\Users\James\Desktop\RemoteAccess.reg
2016-11-28 10:26 - 2016-11-28 10:26 - 00005244 _____ C:\Users\James\Desktop\PolicyAgent.reg
2016-11-28 04:17 - 2016-12-01 06:33 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-22 16:57 - 2016-12-02 06:17 - 00012085 _____ C:\Users\James\Downloads\Fixlog.txt
2016-11-22 16:57 - 2016-12-02 06:17 - 00000000 ____D C:\Users\James\Downloads\FRST-OlderVersion
2016-11-21 06:02 - 2016-11-21 06:02 - 00008885 _____ C:\Users\James\Downloads\1156_CustomerConcernsReport (5).pdf
2016-11-18 00:34 - 2016-11-28 11:41 - 00027666 _____ C:\Users\James\Desktop\FRST.txt
2016-11-18 00:34 - 2016-11-18 00:34 - 00053165 _____ C:\Users\James\Desktop\Addition.txt
2016-11-18 00:28 - 2016-11-28 11:41 - 00047518 _____ C:\Users\James\Downloads\Addition.txt
2016-11-18 00:26 - 2016-12-02 06:30 - 00017375 _____ C:\Users\James\Downloads\FRST.txt
2016-11-18 00:25 - 2016-12-02 06:29 - 00000000 ____D C:\FRST
2016-11-18 00:25 - 2016-12-02 06:17 - 01761280 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2016-11-12 02:57 - 2016-11-12 02:57 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00001791 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-12 02:56 - 2016-11-12 02:56 - 00000000 ____D C:\Users\James\AppData\Roaming\AVAST Software
2016-11-12 02:55 - 2016-11-22 16:48 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-12 02:55 - 2016-11-12 02:56 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00433768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-11-12 02:55 - 2016-11-12 02:56 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 00184592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00066688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-11-12 02:55 - 2016-11-12 02:55 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-11-12 02:55 - 2016-11-12 02:55 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-11-12 02:54 - 2016-11-12 02:54 - 06334848 _____ (AVAST Software) C:\Users\James\Downloads\avast_free_antivirus_setup_online.exe
2016-11-12 01:35 - 2016-11-17 06:37 - 00000000 ____D C:\Users\James\AppData\Local\CrashDumps
2016-11-12 01:31 - 2016-11-12 01:35 - 00008978 _____ C:\Users\James\Desktop\New Text Document (3).txt
2016-11-12 01:25 - 2016-11-12 01:25 - 00006844 _____ C:\Users\James\Desktop\rk_D6EF.tmp
2016-11-12 01:07 - 2016-11-12 01:07 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (2).exe
2016-11-12 01:06 - 2016-11-12 01:06 - 00000000 ____D C:\Users\James\AppData\Local\Avira
2016-11-12 00:17 - 2016-11-28 10:37 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-12 00:16 - 2016-11-12 01:35 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 34114800 _____ (Adlice Software ) C:\Users\James\Downloads\setup (1).exe
2016-11-12 00:16 - 2016-11-12 00:16 - 00000802 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-12 00:16 - 2016-11-12 00:16 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-12 00:15 - 2016-11-22 17:15 - 00003835 _____ C:\Users\James\Desktop\FSS.txt
2016-11-12 00:15 - 2016-11-22 17:15 - 00003832 _____ C:\Users\James\Downloads\FSS.txt
2016-11-12 00:14 - 2016-12-02 06:29 - 00001104 _____ C:\Users\James\Desktop\checkup.txt
2016-11-12 00:14 - 2016-11-12 00:14 - 00899584 _____ (Farbar) C:\Users\James\Downloads\FSS.exe
2016-11-12 00:10 - 2016-11-12 00:10 - 00852798 _____ C:\Users\James\Downloads\SecurityCheck.exe
2016-11-12 00:08 - 2016-11-12 00:08 - 00092218 _____ C:\Users\James\Documents\cc_20161112_000819.reg
2016-11-11 23:39 - 2016-11-12 00:39 - 01368548 _____ C:\Windows\system32\winapp2_disk.csv
2016-11-11 23:28 - 2016-11-11 23:28 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\James\Downloads\avira_en_fass0_58269a4206a60__ws.exe
2016-11-11 23:19 - 2016-11-11 23:19 - 00000000 ____D C:\Users\James\Downloads\SafeZone Installer
2016-11-11 17:47 - 2016-11-11 17:47 - 00030071 _____ C:\Users\James\Desktop\MTB.txt
2016-11-11 17:44 - 2016-11-11 19:43 - 00000576 _____ C:\Users\James\Desktop\Malware Log.txt
2016-11-11 16:36 - 2016-11-11 16:36 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-11 16:35 - 2016-11-11 16:35 - 00000861 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-11-11 16:35 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-11 16:35 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-11 16:35 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-11 16:32 - 2016-11-11 16:32 - 00020880 _____ C:\Users\James\Desktop\AdwCleaner[C0].txt
2016-11-11 06:24 - 2016-11-11 06:24 - 00007771 _____ C:\Users\James\Desktop\JRT.txt
2016-11-11 06:06 - 2016-11-11 06:06 - 00892416 _____ (Farbar) C:\Users\James\Desktop\MiniToolBox.exe
2016-11-11 06:05 - 2016-11-11 06:06 - 22851472 _____ (Malwarebytes ) C:\Users\James\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2016-11-11 06:05 - 2016-11-11 06:05 - 01631928 _____ (Malwarebytes) C:\Users\James\Desktop\JRT.exe
2016-11-11 06:03 - 2016-11-11 06:03 - 03910208 _____ C:\Users\James\Desktop\AdwCleaner.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-02 06:23 - 2015-05-29 23:31 - 00000000 ____D C:\Users\James\AppData\Local\Battle.net
2016-12-02 05:53 - 2016-10-09 23:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-02 04:33 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-02 04:33 - 2006-11-02 07:47 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-01 16:55 - 2016-06-10 23:09 - 00000000 ____D C:\Program Files\World of Warcraft
2016-11-30 22:00 - 2016-05-30 19:08 - 00000000 ____D C:\Program Files\Battle.net
2016-11-29 18:45 - 2014-05-11 19:32 - 00000000 ____D C:\Users\James\AppData\Local\Deployment
2016-11-29 00:16 - 2016-10-09 23:36 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-11-29 00:16 - 2016-10-09 23:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-11-29 00:16 - 2014-08-31 13:41 - 00000000 ____D C:\Users\James\AppData\Local\Adobe
2016-11-29 00:16 - 2012-06-25 20:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-29 00:12 - 2016-05-10 22:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-28 10:32 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-28 10:31 - 2006-11-02 08:01 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-22 17:05 - 2012-11-14 21:53 - 00000000 ____D C:\Users\James\AppData\LocalLow\Temp
2016-11-22 16:55 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
2016-11-22 16:55 - 2006-11-02 05:33 - 00830432 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-22 16:41 - 2012-06-29 21:48 - 00000000 ____D C:\Program Files\Perfect Uninstaller
2016-11-15 06:11 - 2012-07-13 21:23 - 00103424 _____ C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-14 18:07 - 2009-10-31 11:10 - 00000000 ____D C:\Pathfinder
2016-11-12 02:54 - 2012-11-21 23:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-12 01:39 - 2006-11-02 07:47 - 00377176 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-12 01:10 - 2015-01-25 13:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-12 01:03 - 2012-06-25 14:41 - 00102848 _____ C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-11 06:53 - 2013-09-29 13:13 - 00000000 ____D C:\AdwCleaner
2016-11-11 06:43 - 2013-02-05 18:59 - 00000000 ____D C:\Users\James\AppData\Roaming\Common
2016-11-10 22:37 - 2016-10-09 12:01 - 00000000 _____ C:\Windows\system32\last.dump
 
==================== Files in the root of some directories =======
 
2012-07-03 10:23 - 2015-02-13 16:47 - 0000000 _____ () C:\Users\James\AppData\Roaming\bitlord_log.txt
2013-05-12 13:29 - 2013-05-12 13:29 - 0000035 _____ () C:\Users\James\AppData\Roaming\SetValue.bat
2012-06-25 15:23 - 2016-10-15 01:30 - 0001356 _____ () C:\Users\James\AppData\Local\d3d9caps.dat
2012-07-13 21:23 - 2016-11-15 06:11 - 0103424 _____ () C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 16:48 - 2015-02-13 16:48 - 0000218 _____ () C:\Users\James\AppData\Local\recently-used.xbel
2013-02-05 18:59 - 2013-02-05 18:59 - 0004995 _____ () C:\ProgramData\iqrjmdeq.fak
2016-10-13 17:44 - 2016-10-13 17:44 - 0004145 _____ () C:\ProgramData\mudtcpaz.vzs
 
Some files in TEMP:
====================
C:\Users\James\AppData\Local\temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe
[2016-01-24 08:57] - [2015-04-10 18:22] - 0279552 ____A (Microsoft Corporation) 4F0A7910FC7D8A66433FA9961EEF8BB5
 
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-12-01 23:01
 
==================== End of FRST.txt ============================
 
Addition Log from FRST
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2016
Ran by James (02-12-2016 06:30:43)
Running from C:\Users\James\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2012-06-25 19:34:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
4FEGM2WER0 (S-1-5-21-2412800826-1674594253-1344594430-1040 - Limited - Enabled) => C:\Users\4FEGM2WER0
Administrator (S-1-5-21-2412800826-1674594253-1344594430-500 - Administrator - Disabled)
Guest (S-1-5-21-2412800826-1674594253-1344594430-501 - Limited - Disabled)
James (S-1-5-21-2412800826-1674594253-1344594430-1000 - Administrator - Enabled) => C:\Users\James
XSIOAHQLD9 (S-1-5-21-2412800826-1674594253-1344594430-1039 - Limited - Enabled) => C:\Users\XSIOAHQLD9
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BitLord 2.4 (HKLM\...\BitLord) (Version: 2.4.3-305 - House of Life)
BitTorrent Sync (HKLM\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Curse Client (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM\...\Debut) (Version: 2.16 - NCH Software)
DownloadX ActiveX Download Control 1.6.5 (HKLM\...\CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1) (Version:  - DownloadXCtrl.com)
Free Mouse Auto Clicker 3.0 (HKLM\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
liteCam HD (HKLM\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.05.0000 - RSUPPORT)
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Driver (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Converter 14 (HKLM\...\Movavi Video Converter 14) (Version: 14.3.0 - Movavi)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Path of Exile (Version: 2.3.0.57896 - Grinding Gear Games) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RMP4 (HKLM\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)
RogueKiller version 12.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.0.0 - Adlice Software)
RSCC (HKLM\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)
SafeZone Stable 1.48.2066.120 (Version: 1.48.2066.120 - Avast Software) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit (HKLM\...\{24570B2F-3937-47F0-A16A-E82B480A7699}) (Version: 1.1.1210.3101 - SplitMediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000_Classes\CLSID\{8e87cee7-6147-40c5-ac62-2f2947f4b6b4}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {224AA28D-CD01-4493-883A-15ADF4ED8B19} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd6193ecb510b4 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {22A5C59B-843D-4A98-94D4-20605A23DF59} - System32\Tasks\GoogleUpdateTaskMachineCore1cef1ac54fd9c00 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {27482DA8-2F2E-4F73-A9FF-7B97E9080BB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-29] (Adobe Systems Incorporated)
Task: {2804C193-5E5D-44E8-8FDB-0EDC8E475313} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2412800826-1674594253-1344594430-1000Core1cd8b316e621b10 => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {28D7953B-B1CB-498E-814A-92C5A3B10CA4} - System32\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2B611B01-D0E7-486C-B9F2-CABB50C9E0C8} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2CB3EC9D-D46B-4AB8-BF3E-8B8E691866A8} - System32\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {33898899-5843-4CA1-B5E8-0DC87DDA3F74} - System32\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E6C22BD-03EB-4817-AA2B-FE0D434F5E9E} - System32\Tasks\SafeZone scheduled Autoupdate 1478937465 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {429EC9BE-F084-47BF-9B10-06F88A8F27C6} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7a1741a601b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4393A021-1A5A-4BBD-B220-80C681A811CB} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4E544DBD-87F6-4064-8F93-C1956E5D2632} - System32\Tasks\GoogleUpdateTaskMachineCore1ce4ec3c0dddc0d => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {52883949-08D4-4EEE-8529-86CE4D03DA37} - System32\Tasks\GoogleUpdateTaskMachineCore1ceec18eab46854 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {591EABDF-78C4-4B74-B5A3-B6701888324D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6955869319d4 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5D616C00-2219-4FAC-A59F-33CB11CF260E} - System32\Tasks\GoogleUpdateTaskMachineCore1cffee347552760 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7C2167AA-C981-4FA4-B8AF-450436EC5925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8D9BF34D-6FA5-4E0C-9C94-1CD5E4487528} - System32\Tasks\SafeZone scheduled Autoupdate 1467973950
Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
Task: {A2CB06B7-3412-4408-8AB2-238408274600} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A61225C3-0ECD-4749-BDBA-1F8D762B5C55} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {A8AAFE8A-348A-4A0D-B3D9-DA8441751911} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AAE64384-D695-464E-9802-3274978DD8FD} - System32\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AEC8FC4D-6B43-4986-9FFA-06F6D1883CFE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {AF19CA05-E2EA-4EE4-87B6-8648419D3A79} - System32\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B8400AC9-8409-45B3-BF34-513C200C7594} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
Task: {B9BC5A14-C9A7-45DF-8DDC-479E1251C229} - System32\Tasks\GoogleUpdateTaskMachineCore1ce7f3155127890 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D0E6C65E-F231-4198-8837-EC2283477433} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D7ABE036-F7F3-4167-B983-F60E7185E67B} - System32\Tasks\GoogleUpdateTaskMachineCore1cf3ef271627f0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DB0609DB-0592-47F9-8197-9D3185B4A10E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E38053AB-0866-417C-B29C-7FB409A55625} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4a6ab2c7efb0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E5E7AFD7-B7AE-4F87-B656-627EB7D112BD} - System32\Tasks\avast! Emergency Update
Task: {EB9F9855-7F0B-46BD-9F87-EA5C0C715C60} - System32\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {ED3CDED7-44B3-4097-8166-F6251ADF1C99} - System32\Tasks\GoogleUpdateTaskMachineCore1cdc8674e658900 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F158405F-059B-470A-9555-5CA14FE99440} - System32\Tasks\GoogleUpdateTaskMachineCore1ce0c6c119e025 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F36FEE2A-86F4-495D-8B05-DA1C0CB3E672} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8b46a710ee70.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfec8c2b9027f0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cffee347552760.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03ffb4bb4b6a0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f82d1113270.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf2ee3f39a50.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e23120eb49b0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f00c59281fe0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12ce48ff1d010.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15b072cdde111.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d163b5df0335c9.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab0bd0494df0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ea96b4bb3f5b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\James\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-12 02:55 - 2016-11-12 02:55 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-12 02:55 - 2016-11-12 02:55 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-01 06:42 - 2016-12-01 06:42 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16120100\algo.dll
2012-07-03 17:45 - 2006-10-26 18:56 - 00033104 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 23:39 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-02-06 23:39 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2009-10-14 12:36 - 2009-10-14 12:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2016-11-12 02:55 - 2016-11-12 02:55 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 14:35 - 2009-07-16 14:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 14:34 - 2009-07-16 14:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 14:36 - 2009-07-16 14:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2010-07-27 03:03 - 2010-07-27 03:03 - 00181592 _____ () C:\Program Files\Common Files\logishrd\SharedBin\LVAPI11.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 08358400 _____ () C:\Program Files\SplitMediaLabs\XSplit\avcodec-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00151040 _____ () C:\Program Files\SplitMediaLabs\XSplit\avutil-51.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 01152512 _____ () C:\Program Files\SplitMediaLabs\XSplit\avformat-54.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00333824 _____ () C:\Program Files\SplitMediaLabs\XSplit\swscale-2.dll
2012-04-30 02:55 - 2012-04-30 02:55 - 00026112 _____ () C:\Program Files\SplitMediaLabs\XSplit\swresample-0.dll
2009-10-14 12:34 - 2009-10-14 12:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2012-04-30 02:57 - 2012-04-30 02:57 - 00028672 _____ () C:\Program Files\SplitMediaLabs\XSplit\AxShockwaveFlashObjects.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00073216 _____ () C:\Program Files\SplitMediaLabs\XSplit\Addins\Facebook.Winforms.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00545792 _____ () C:\Program Files\SplitMediaLabs\XSplit\Addins\Facebook.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00024576 _____ () C:\Program Files\SplitMediaLabs\XSplit\ExternalInterfaceProxy.dll
2012-10-30 12:31 - 2012-10-30 12:31 - 00179712 _____ () C:\Program Files\SplitMediaLabs\XSplit\vtRCM.dll
2012-04-30 02:57 - 2012-04-30 02:57 - 00886272 _____ () C:\Program Files\SplitMediaLabs\XSplit\System.Data.SQLite.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 14:49 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\James\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-11-30 15:04 - 2016-11-30 15:04 - 00540336 _____ () C:\Program Files\Battle.net\Battle.net.8180\ortp.dll
2016-11-30 15:04 - 2016-11-30 15:04 - 37247976 _____ () C:\Program Files\Battle.net\Battle.net.8180\libcef.dll
2016-11-30 15:03 - 2016-11-30 15:03 - 06402560 _____ () C:\Program Files\Battle.net\Battle.net.8180\battle.net.dll
2016-11-30 15:04 - 2016-11-30 15:04 - 00133632 _____ () C:\Program Files\Battle.net\Battle.net.8180\libEGL.dll
2016-11-30 15:04 - 2016-11-30 15:04 - 03384832 _____ () C:\Program Files\Battle.net\Battle.net.8180\libGLESv2.dll
2016-11-30 15:03 - 2016-11-30 15:03 - 01484776 _____ () C:\Program Files\Battle.net\Battle.net.8180\Battle.net Helper.exe
2016-11-30 15:03 - 2016-11-30 15:03 - 00990696 _____ () C:\Program Files\Battle.net\Battle.net.8180\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7917 more sites.
 
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\...\123simsen.com -> www.123simsen.com
 
There are 7917 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2016-11-10 23:06 - 00452630 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15559 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2412800826-1674594253-1344594430-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\James\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SLSVC-In-TCP-NoScope] => %SystemRoot%\system32\slsvc.exe
FirewallRules: [SLSVC-In-TCP] => %SystemRoot%\system32\slsvc.exe
FirewallRules: [WinCollab-Out-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => %SystemRoot%\system32\dfsr.exe
FirewallRules: [{AD5CFB18-5D42-4032-ADB9-EDF4969E3EA7}] => LPort=80
FirewallRules: [{8FC3E496-32D4-4404-9A9E-66167CDA935C}] => LPort=80
FirewallRules: [{E974353A-C32F-4379-9E0B-168CDDFB689D}] => LPort=80
FirewallRules: [{4AAF4F84-619E-4CEC-97F5-D4A36E9B574D}] => C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{43865D8A-9487-49B6-8BB2-533048A5B499}] => C:\Program Files\BitTorrent Sync\BTSync.exe
FirewallRules: [{C3546DDD-A5C7-4710-AF5B-590FE16985BD}] => LPort=50000
FirewallRules: [{06669F6E-EBEE-4EBE-A9A9-EBFE45867606}] => LPort=41780
FirewallRules: [{ED7AF588-65A5-42E1-A897-417CD26FF781}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{1EFEE741-B554-4195-B0F6-F24C34AC05C9}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{03A9E871-C65D-494B-8291-DDB2E265437F}] => C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{B83B6DE1-22E9-4ED7-BBC8-5EBC4226F8D2}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3D2CC0AE-F4BA-4B4C-9E1E-1AAD601949DB}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0FECD84B-323E-4DFD-A705-F3AF19EA9C22}] => C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{AC5B262E-D7C5-431F-9B90-D8CE1DDAD9DB}] => C:\Program Files\BitLord\BitLord.exe
FirewallRules: [{1BC7AEC6-85BF-4A89-A5B3-3E1232DDA895}] => C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{FE3CF677-636A-43F7-839E-45515AC62774}] => C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [TCP Query User{44E2A2FA-0F12-4F89-BADC-938F2BD56424}C:\program files\bitlord\bitlord.exe] => C:\program files\bitlord\bitlord.exe
FirewallRules: [UDP Query User{FC46AEBA-05C8-4EC2-B2CD-691088E5C668}C:\program files\bitlord\bitlord.exe] => C:\program files\bitlord\bitlord.exe
FirewallRules: [{952769C5-5C9E-4297-8174-AE8238E751C9}] => C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AAA473B7-AAF4-470B-B263-27284CEA769C}] => C:\Users\James\AppData\Local\Apps\2.0\K916CXWD.VKV\65ZCD4M7.4QX\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{AF1372E4-EAA5-4AB2-A881-F5E5707C181B}] => C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{29794F81-1B4D-4241-BC71-9D898E28A211}] => C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{667D5661-C584-4D71-A2E3-31D50BB2C321}] => C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{37022180-8BDE-4458-97BD-0B8FC7AFD2BB}] => C:\Program Files\Logitech\Logitech Vid\Vid.exe
 
==================== Restore Points =========================
 
29-10-2016 10:42:13 Scheduled Checkpoint
30-10-2016 02:01:21 Scheduled Checkpoint
11-11-2016 06:18:14 JRT Pre-Junkware Removal
11-11-2016 23:38:45 Avira System Speedup 2.7.0
22-11-2016 16:58:50 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/01/2016 12:23:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JAMES\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7358C659.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (12/01/2016 12:23:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JAMES\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\7358C659.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/29/2016 06:46:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/29/2016 06:46:48 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "PolicyAgent" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.
 
Error: (11/29/2016 06:46:48 PM) (Source: Perflib) (EventID: 1005) (User: )
Description: Unable to locate the open procedure "OpenIPSecPerformanceData" in DLL "C:\Windows\System32\ipsecsvc.dll" for the "PolicyAgent" service. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/29/2016 06:46:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/29/2016 06:46:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/29/2016 06:46:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\system32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/29/2016 06:46:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/29/2016 06:46:34 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
 
 
System errors:
=============
Error: (11/28/2016 10:33:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (11/28/2016 10:31:01 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/28/2016 10:30:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2016 10:30:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/28/2016 10:30:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Licensing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/28/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/28/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/28/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/28/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Browser service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-02 06:30:36.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-02 06:30:36.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-02 06:30:36.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-02 06:30:36.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-02 06:30:35.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-02 06:30:35.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-02 06:30:34.985
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-02 06:30:34.716
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-28 11:33:05.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-11-28 11:33:05.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3324.57 MB
Available physical RAM: 1672.79 MB
Total Virtual: 9393.46 MB
Available Virtual: 6032.03 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.69 GB) (Free:95.04 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#13 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 03 December 2016 - 05:18 PM

Hi FlimFlam69,

 

It does appear those user accounts are hidden so we will try to remove them and their associated files via a command prompt.

 

From an elevated command prompt please run these commands, please wait for a removed or deleted confirmation between commands.

net user XSIOAHQLD9 /delete
del c:\users\XSIOAHQLD9
net user 4FEGM2WER0 /delete
del c:\users\4FEGM2WER0

Don't close your command prompt yet.

 

Next...

 

Please defragment your HDD.

defrag C:

This will take some time, please be patient. When it completes you can close your command prompt.

 

Next...

 

eset-mobile-security_5619.png?width=64&h  ESET Online scanner

 

Follow this link or right click and "copy link location", then paste the link into the address bar on your newly opened browser instance

  • click "SCAN NOW"

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Firstly, Accept the Terms and click Start
  • Click Enable detection of potentially unwanted applications
  • Do not change any of the Advanced options
  • Click Scan.

ESET will then download updates and begin scanning your computer. Please be patient as this can take some time.

  • When the scan completes click Save to a text file and save it to your desktop. Note: If no malware was found you will not get a list.
  • Click Do not clean
  • Check Remove application data and then click Finish
  • Please copy the log in your reply.

 

Please include in your reply

  • ESET log
  • How did you go removing the user accounts?

John



#14 FlimFlam69

FlimFlam69
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 07 December 2016 - 04:30 PM

I was able to remove the User Accounts.

 

Here is ESET Text Log:

 

C:\FRST\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm
C:\System Volume Information\SystemRestore\FRStaging\Users\James\Downloads\Exiled Bot Beta v0.17e\ExiledBot.exe a variant of Win32/Packed.Themida suspicious application
C:\System Volume Information\SystemRestore\FRStaging\Users\James\Downloads\Exiled_Bot_Beta_v0.17c\ExiledBot.exe a variant of Win32/Packed.Themida suspicious application
C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/4Shared.AC potentially unwanted application
C:\Users\James\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\121110182325195.rsc multiple threats,a variant of Java/Exploit.CVE-2012-4681.CD trojan,a variant of Java/Exploit.Agent.NCV trojan
C:\Users\James\Documents\BitLord\ManyCam Pro 3.1.60 ML Incl Crack [TorDigger]\ManyCamStandaloneSetup.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application
C:\Users\James\Downloads\BitlordSetup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Users\James\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AP trojan
C:\Users\James\Downloads\ipadians.exe a variant of Win32/Adware.AdInstaller.M application
C:\Windows.old\Documents and Settings\James\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/4Shared.AC potentially unwanted application
C:\Windows.old\Documents and Settings\James\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\121110182325195.rsc multiple threats,a variant of Java/Exploit.CVE-2012-4681.CD trojan,a variant of Java/Exploit.Agent.NCV trojan
C:\Windows.old\Documents and Settings\James\Documents\BitLord\ManyCam Pro 3.1.60 ML Incl Crack [TorDigger]\ManyCamStandaloneSetup.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application
C:\Windows.old\Documents and Settings\James\Downloads\BitlordSetup.exe a variant of Win32/InstallCore.ACZ potentially unwanted application
C:\Windows.old\Documents and Settings\James\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AP trojan
C:\Windows.old\Documents and Settings\James\Downloads\ipadians.exe a variant of Win32/Adware.AdInstaller.M application
C:\Windows.old\Users\James\AppData\Local\Application Data\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/4Shared.AC potentially unwanted application
C:\Windows.old\Users\James\Application Data\AVG\Rescue\PC Tuneup 2011\121110182325195.rsc multiple threats,a variant of Java/Exploit.CVE-2012-4681.CD trojan,a variant of Java/Exploit.Agent.NCV trojan
C:\Windows.old\Users\James\Local Settings\Google\Chrome\User Data\Default\File System\001\t\00\00000000 a variant of Win32/4Shared.AC potentially unwanted application
C:\Windows.old\Users\James\My Documents\BitLord\ManyCam Pro 3.1.60 ML Incl Crack [TorDigger]\ManyCamStandaloneSetup.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application


#15 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:11:04 PM

Posted 08 December 2016 - 04:44 PM

Hi FlimFlam69,

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

C:\FRST\Quarantine\C\ProgramData\Spybot - Search & Destroy\Recovery\USTechSupportMyCleanPC.zip Win32/Bagle.gen.zip worm
C:\System Volume Information\SystemRestore\FRStaging\Users\James\Downloads\Exiled Bot Beta v0.17e
C:\System Volume Information\SystemRestore\FRStaging\Users\James\Downloads\Exiled_Bot_Beta_v0.17c 
C:\Users\James\AppData\Roaming\AVG\
C:\Users\James\Documents\BitLord\ManyCam Pro 3.1.60 ML Incl Crack [TorDigger]
C:\Users\James\Downloads\BitlordSetup.exe
C:\Users\James\Downloads\FLVPlayer-Chrome.exe
C:\Users\James\Downloads\ipadians.exe
C:\Windows.old\Documents and Settings\James\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000
C:\Windows.old\Documents and Settings\James\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\121110182325195.rsc
C:\Windows.old\Documents and Settings\James\Documents\BitLord\ManyCam Pro 3.1.60 ML Incl Crack [TorDigger]\ManyCamStandaloneSetup.exe 
C:\Windows.old\Documents and Settings\James\Downloads\BitlordSetup.exe
C:\Windows.old\Documents and Settings\James\Downloads\FLVPlayer-Chrome.exe 
C:\Windows.old\Documents and Settings\James\Downloads\ipadians.exe 
C:\Windows.old\Users\James\AppData\Local\Application Data\Google\Chrome\User Data\Default\File System\001\t\00\00000000 
C:\Windows.old\Users\James\Application Data\AVG\Rescue\PC Tuneup 2011\121110182325195.rsc 
C:\Windows.old\Users\James\Local Settings\Google\Chrome\User Data\Default\File System\001\t\00\00000000 
C:\Windows.old\Users\James\My Documents\BitLord\ManyCam Pro 3.1.60 ML Incl Crack [TorDigger]\ManyCamStandaloneSetup.exe
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log

warning_16.png  Uninstall or update Java.

 

Please either completely uninstall Java or update it to the latest version.

 

I recommend you uninstall it completely. Many critical vulnerabilities appear in it's code on a regular basis and it is one of the least used web scripts, whilst being one of the most targeted by malware authors. Now less than 0.04% of websites use it and many major sites like eBay have dumped it in preference for Flash.

 

warning_16.png  Uninstall or update Adobe Reader

 

Please either completely uninstall Adobe Reader or update it to the latest version.

 

I recommend you uninstall it completely. Many critical vulnerabilities appear in it's code on a regular basis and it is one of the most targeted PDF applications by malware authors. Other free options like Sumatra will provide you the same functionality without the same vulnerabilities.

 

Please include in your reply

  • FRST removal log
  • How is your machine running now?

John






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users