Jump to content

Recommended Posts

Hello everyone Im having trouble getting rid of this coulduse some help I have ran Malwarebytes hitmanpro avast ccleaner to remove this problem but sadly it's still here

I was hearing ad's playing in background now I dont here them anymore but I still see 3/4 iexpolor.exe in my processes could anyone show me what it is that Im doing wrong

my pc is pretty fast so it is not affecting my proformance I just want it gone

Link to post
Share on other sites

Hi MarvinWms7, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

  • Step #1 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.

      Download link for 32 bit system

      Download link for 64 bit system

    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.

  • Required Log(s):
    • Farbar Tool Log(s)--
      • FRST.txt
      • Addition.txt
Regards,

Valinorum

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Stay Off (administrator) on STAYOFF-PC on 24-01-2015 15:41:33
Running from C:\Users\Stay Off\Desktop\Ebook Templates
Loaded Profiles: Stay Off & Guest (Available profiles: Stay Off & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(MicroTools) C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-608533635-201553101-2147240281-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-608533635-201553101-2147240281-1001\...\MountPoints2: {15661dfe-7ed8-11e4-9412-f80f4146dd90} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [HKLM] => http=127.0.0.1:56037;https=127.0.0.1:56037
ProxyServer: [HKLM-x32] => http=127.0.0.1:56037;https=127.0.0.1:56037
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-608533635-201553101-2147240281-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-608533635-201553101-2147240281-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-608533635-201553101-2147240281-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
HKU\S-1-5-21-608533635-201553101-2147240281-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-608533635-201553101-2147240281-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=agc511
HKU\S-1-5-21-608533635-201553101-2147240281-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-608533635-201553101-2147240281-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-608533635-201553101-2147240281-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-608533635-201553101-2147240281-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 207.255.176.37 207.255.176.40

FireFox:
========
FF ProfilePath: C:\Users\Stay Off\AppData\Roaming\Mozilla\Firefox\Profiles\5sr4xfxo.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.3: Bing
FF Homepage: https://www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Stay Off\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FBChatSeenBlocker - C:\Users\Stay Off\AppData\Roaming\Mozilla\Firefox\Profiles\5sr4xfxo.default\Extensions\jid0-ZnG0xn9spCC5ETo4mjyAuNfuq44@jetpack.xpi [2015-01-17]
FF Extension: Adblock Plus - C:\Users\Stay Off\AppData\Roaming\Mozilla\Firefox\Profiles\5sr4xfxo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-02]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-01-08] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-25] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-25] (Avast Software)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-23] (SurfRight B.V.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3361128 2014-11-27] (INCA Internet Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R4 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R4 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [2968696 2014-12-13] (MicroTools)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-25] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-25] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-25] ()
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 Neo_Hide; C:\Windows\System32\DRIVERS\Neo_0045.sys [28768 2014-12-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-12-17] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-25] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 mwlPSDFilter; system32\DRIVERS\mwlPSDFilter.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys 73C035299E3044636104CA7A7634A6AC
C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys D27A8B7BB0E15DFBFC6B4E774EE17AD9
C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys 05936579605018BD2BC528FF2C1AD95F
C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys B1AB7116D14667A2238DAEFE20B7F4D0
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\drivers\ahcix64s.sys D64EB48F8E5865068674B9EF71D80A21
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys 05120427227F6F088ECA75942ED7ACA9
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys A87FC6E3670DB55788184FE3A3808712
C:\Windows\System32\DRIVERS\atikmpag.sys 971F3B12C24BB83B48F8CCA2ED019906
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 7DCA2C59491D420947A0B529DB37C7CF
C:\Windows\System32\DRIVERS\amd_sata.sys 033D09CD953C40B4AFBA9DCB1D1DFB8E
C:\Windows\System32\DRIVERS\amd_xata.sys F32F762E54137925E185E5FDA5F73826
C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys C3D487827E48CC5EC17994FEC5BDFF87
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC
C:\Windows\system32\drivers\aswKbd.sys EAFC6970073525E98D4D0E2B56741227
C:\Windows\system32\drivers\aswMonFlt.sys 2DA1C1AEDF454F8E32A863A1AEACDD8C
C:\Windows\System32\DRIVERS\aswNdisFlt.sys 8025E7521EB601207627E8B4722ACE19
C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095
C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D
C:\Windows\system32\drivers\aswSnx.sys E74FD717476B30E23F45354B8F3ACB30
C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6
C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782
C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 33497249626E7787AA5CEA99B226CCA6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys B794DCF38C965FA2F93C45A7C3D582C5
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 718A4008EE5DA174400396B27509EF82
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs64.sys A401CFF74982D8DF851F20307C806073
C:\Windows\System32\DRIVERS\lvuvc64.sys 13384CB5F5813E65F31078D6ABFAAF38
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646C
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Neo_0045.sys A12AC397ACFA7938C1D0D4A004964862
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys B72BB9496A126FCFC7FC5945DED9B411
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\System32\drivers\RzMaelstromVAD.sys 2ADA9F126235A56EDC9F90C888E4D142
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\see.sys 553CE56C12844410AE024FD3C8017336
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 1352B215BDC5807A5641E7C143796DD7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 15:40 - 2015-01-24 15:41 - 00000000 ____D () C:\FRST
2015-01-24 15:27 - 2015-01-24 15:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-24 15:27 - 2015-01-24 15:27 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-24 02:26 - 2015-01-24 15:24 - 00034254 _____ () C:\Users\Stay Off\Desktop\Untitled 1.odt
2015-01-23 16:22 - 2015-01-24 04:36 - 00000112 _____ () C:\Windows\setupact.log
2015-01-23 16:22 - 2015-01-23 16:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 15:38 - 2015-01-23 15:56 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-23 04:12 - 2015-01-23 04:12 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-23 03:36 - 2015-01-23 03:36 - 00000000 ____D () C:\Users\Stay Off\Desktop\Malware Fighters
2015-01-23 03:19 - 2015-01-23 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-01-23 03:18 - 2015-01-23 16:04 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-23 03:16 - 2015-01-23 15:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-23 03:16 - 2015-01-23 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-23 03:16 - 2015-01-23 03:16 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-23 03:06 - 2015-01-23 03:06 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-23 03:06 - 2015-01-23 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-23 03:06 - 2015-01-23 03:06 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-21 11:19 - 2015-01-22 18:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 11:19 - 2015-01-21 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 11:19 - 2015-01-21 11:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-21 11:19 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 11:19 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 11:19 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-20 19:22 - 2015-01-20 19:22 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-20 12:26 - 2015-01-20 12:26 - 00000197 _____ () C:\Windows\system32\2015-01-20-20-26-21.015-AvastVBoxSVC.exe-1352.log
2015-01-20 00:26 - 2015-01-20 00:26 - 00000197 _____ () C:\Windows\system32\2015-01-20-08-26-17.096-AvastVBoxSVC.exe-4604.log
2015-01-19 17:35 - 2015-01-19 17:35 - 00000197 _____ () C:\Windows\system32\2015-01-20-01-35-46.006-AvastVBoxSVC.exe-4372.log
2015-01-19 16:51 - 2015-01-19 16:52 - 00000197 _____ () C:\Windows\system32\2015-01-20-00-51-28.092-AvastVBoxSVC.exe-1380.log
2015-01-18 21:23 - 2015-01-18 21:23 - 00000197 _____ () C:\Windows\system32\2015-01-19-05-23-40.060-AvastVBoxSVC.exe-4900.log
2015-01-17 13:55 - 2015-01-17 13:55 - 00000197 _____ () C:\Windows\system32\2015-01-17-21-55-11.046-AvastVBoxSVC.exe-6108.log
2015-01-17 04:02 - 2015-01-17 04:02 - 00000197 _____ () C:\Windows\system32\2015-01-17-12-02-20.092-AvastVBoxSVC.exe-5372.log
2015-01-16 18:50 - 2015-01-16 18:50 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2015-01-16 18:45 - 2015-01-21 07:50 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-01-16 18:45 - 2015-01-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-01-16 18:44 - 2015-01-21 07:53 - 00000000 ____D () C:\ProgramData\Razer
2015-01-16 18:44 - 2015-01-21 07:49 - 00000000 ____D () C:\Users\Stay Off\AppData\Local\Razer
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Arc
2015-01-16 16:20 - 2015-01-16 16:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2015-01-15 20:21 - 2015-01-15 20:21 - 00000247 _____ () C:\Windows\system32\2015-01-16-04-21-43.025-aswFe.exe-2208.log
2015-01-15 20:10 - 2015-01-15 20:21 - 00000247 _____ () C:\Windows\system32\2015-01-16-04-10-10.005-aswFe.exe-4040.log
2015-01-15 20:10 - 2015-01-15 20:10 - 00000197 _____ () C:\Windows\system32\2015-01-16-04-10-02.008-AvastVBoxSVC.exe-1740.log
2015-01-15 18:21 - 2015-01-23 05:24 - 00000000 ____D () C:\Users\Stay Off\AppData\Roaming\TS3Client
2015-01-15 18:13 - 2015-01-15 18:13 - 00000000 ____D () C:\Crash
2015-01-15 18:02 - 2015-01-15 18:02 - 00000000 ____D () C:\Users\Stay Off\AppData\Local\SCE
2015-01-14 23:44 - 2015-01-14 23:44 - 00000785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2015-01-14 23:43 - 2015-01-14 23:43 - 00000000 ____D () C:\Games
2015-01-14 00:17 - 2015-01-20 23:00 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-13 12:46 - 2015-01-13 12:46 - 00000197 _____ () C:\Windows\system32\2015-01-13-20-46-01.045-AvastVBoxSVC.exe-4076.log
2015-01-13 12:38 - 2015-01-18 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 12:33 - 2015-01-13 12:33 - 00000197 _____ () C:\Windows\system32\2015-01-13-20-33-54.033-AvastVBoxSVC.exe-3972.log
2015-01-10 16:33 - 2015-01-10 16:33 - 00000197 _____ () C:\Windows\system32\2015-01-11-00-33-52.045-AvastVBoxSVC.exe-4236.log
2015-01-09 19:16 - 2015-01-20 19:11 - 00007590 _____ () C:\Users\Stay Off\AppData\Local\Resmon.ResmonCfg
2015-01-09 01:40 - 2015-01-09 01:40 - 00000197 _____ () C:\Windows\system32\2015-01-09-09-40-40.063-AvastVBoxSVC.exe-2560.log
2015-01-08 23:44 - 2015-01-08 23:44 - 00000197 _____ () C:\Windows\system32\2015-01-09-07-44-13.022-AvastVBoxSVC.exe-3164.log
2015-01-08 13:54 - 2015-01-08 13:54 - 00000000 ____D () C:\Users\Stay Off\AppData\Roaming\xdcosiig
2015-01-08 13:47 - 2015-01-08 13:48 - 00000197 _____ () C:\Windows\system32\2015-01-08-21-47-57.011-AvastVBoxSVC.exe-5752.log
2015-01-06 13:52 - 2015-01-06 13:52 - 00000197 _____ () C:\Windows\system32\2015-01-06-21-52-04.096-AvastVBoxSVC.exe-3348.log
2015-01-04 01:43 - 2015-01-04 01:43 - 00000000 ____D () C:\Program Files (x86)\Software Update Services
2015-01-03 14:23 - 2015-01-03 14:30 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-31 16:13 - 2014-12-31 16:22 - 00000000 ____D () C:\Program Files (x86)\Swordsman_en
2014-12-31 01:08 - 2015-01-08 13:49 - 00000000 ____D () C:\ProgramData\Windows VXM
2014-12-31 01:08 - 2014-12-31 01:08 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2014-12-30 22:51 - 2014-12-31 01:08 - 00000000 ____D () C:\ProgramData\Optimizer
2014-12-30 10:05 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-12-30 10:05 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-12-30 10:05 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-12-30 10:05 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-12-30 10:05 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-12-30 10:05 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-12-30 10:05 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-12-30 10:05 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-12-30 10:03 - 2014-12-30 10:03 - 00000000 ____D () C:\Users\Stay Off\Documents\Stronghold Kingdoms
2014-12-30 10:03 - 2014-12-30 10:03 - 00000000 ____D () C:\Users\Stay Off\AppData\Roaming\Firefly Studios
2014-12-30 10:03 - 2014-12-30 10:03 - 00000000 ____D () C:\Users\Stay Off\AppData\Local\Geckofx
2014-12-30 10:01 - 2014-12-30 10:05 - 00000000 ____D () C:\Program Files (x86)\Champions Online_en
2014-12-30 09:59 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-12-30 09:59 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-12-30 09:59 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-30 09:59 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-30 09:59 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-30 09:59 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-12-30 09:58 - 2015-01-13 14:06 - 00000000 ____D () C:\Program Files (x86)\Stronghold Kingdoms_en
2014-12-30 09:54 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-12-30 09:54 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-12-30 09:54 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-12-30 09:54 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-12-30 09:52 - 2015-01-03 20:55 - 00000000 ____D () C:\Program Files (x86)\Star Trek Online_en
2014-12-30 09:49 - 2015-01-16 18:26 - 00000000 ____D () C:\Program Files (x86)\Arc
2014-12-30 09:49 - 2014-12-30 09:51 - 00000000 ____D () C:\Users\Stay Off\AppData\Roaming\Arc
2014-12-30 09:49 - 2014-12-30 09:49 - 00000000 ____D () C:\Users\Public\Documents\Arc
2014-12-30 09:49 - 2014-12-30 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-12-30 09:27 - 2015-01-19 23:04 - 00000000 ____D () C:\Users\Stay Off\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-30 09:21 - 2015-01-23 19:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-30 09:21 - 2014-12-30 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-30 00:03 - 2015-01-08 13:54 - 00000000 ____D () C:\Program Files\LMMS
2014-12-25 03:44 - 2014-12-25 03:44 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 03:22 - 2014-12-25 03:22 - 00000197 _____ () C:\Windows\system32\2014-12-25-11-22-18.014-AvastVBoxSVC.exe-2068.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 15:27 - 2014-11-01 13:49 - 00000000 ____D () C:\Users\Stay Off\AppData\Local\Adobe
2015-01-24 15:26 - 2011-08-02 22:30 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-24 15:26 - 2011-08-02 22:30 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-24 14:44 - 2014-11-01 19:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 04:07 - 2011-01-01 00:53 - 01549157 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 15:49 - 2014-11-01 19:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-23 15:49 - 2014-11-01 19:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 15:49 - 2011-08-02 22:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 15:30 - 2011-08-02 21:48 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-23 15:30 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 15:29 - 2011-08-02 21:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-23 05:23 - 2007-07-11 17:49 - 00000000 ____D () C:\Windows\Panther
2015-01-23 02:24 - 2014-11-01 13:58 - 00000000 ____D () C:\ProgramData\clear.fi
2015-01-20 23:00 - 2014-12-01 17:14 - 00000000 ____D () C:\Users\Stay Off\AppData\Local\Google
2015-01-20 22:59 - 2014-12-22 05:51 - 00000000 ____D () C:\Users\Stay Off\AppData\Local\Unity
2015-01-20 22:53 - 2014-11-20 06:09 - 00000000 ____D () C:\Program Files\OBS
2015-01-20 22:53 - 2014-11-20 06:09 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-01-20 22:52 - 2014-11-06 04:43 - 00000000 ____D () C:\Users\Stay Off\AppData\Roaming\Raptr
2015-01-20 22:52 - 2014-11-02 16:35 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-20 19:22 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 19:22 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 12:25 - 2014-11-02 16:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-20 12:24 - 2014-11-02 15:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-20 12:24 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 17:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-18 21:14 - 2014-11-01 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 21:09 - 2014-12-09 12:34 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-18 21:06 - 2014-12-21 04:42 - 00000000 ____D () C:\Program Files\MMWI
2015-01-18 21:05 - 2014-12-06 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-17 04:01 - 2014-11-01 13:49 - 00064472 _____ () C:\Users\Stay Off\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 03:58 - 2009-07-13 20:45 - 04906536 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-16 16:21 - 2014-11-30 13:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Raptr
2015-01-15 19:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system
2015-01-15 00:14 - 2014-11-01 14:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 04:00 - 2009-07-13 21:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 11:39 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-11 11:37 - 2014-11-01 13:48 - 00000000 ____D () C:\Users\Stay Off
2015-01-09 22:01 - 2014-11-07 13:51 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-01-08 23:40 - 2014-11-02 17:28 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-08 13:59 - 2014-11-02 17:29 - 00000000 ____D () C:\Users\Stay Off\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-08 13:59 - 2014-11-02 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-08 09:55 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 16:26 - 2014-12-17 10:58 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-01-04 01:43 - 2014-11-02 18:14 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
2015-01-02 01:53 - 2014-12-01 15:24 - 00000000 ____D () C:\Users\Stay Off\AppData\Local\Amazon

==================== Files in the root of some directories =======

2014-11-02 18:26 - 2014-11-02 18:26 - 0000000 _____ () C:\Users\Stay Off\AppData\Roaming\1.txt
2014-12-07 04:28 - 2014-12-07 05:59 - 0000132 _____ () C:\Users\Stay Off\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-14 09:07 - 2014-12-14 09:07 - 0000046 _____ () C:\Users\Stay Off\AppData\Roaming\WB.CFG
2014-11-19 05:08 - 2014-11-19 06:49 - 6898500 _____ () C:\Users\Stay Off\AppData\Local\package.nw.new
2015-01-09 19:16 - 2015-01-20 19:11 - 0007590 _____ () C:\Users\Stay Off\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {3e7d8dc9-1583-11e0-9dbc-9ea180eac3c4}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {3e7d8dcb-1583-11e0-9dbc-9ea180eac3c4}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {3e7d8dc9-1583-11e0-9dbc-9ea180eac3c4}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {3e7d8dcb-1583-11e0-9dbc-9ea180eac3c4}
device                  ramdisk=[C:]\Recovery\3e7d8dcb-1583-11e0-9dbc-9ea180eac3c4\Winre.wim,{3e7d8dcc-1583-11e0-9dbc-9ea180eac3c4}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\3e7d8dcb-1583-11e0-9dbc-9ea180eac3c4\Winre.wim,{3e7d8dcc-1583-11e0-9dbc-9ea180eac3c4}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {3e7d8dc9-1583-11e0-9dbc-9ea180eac3c4}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {3e7d8dcc-1583-11e0-9dbc-9ea180eac3c4}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3e7d8dcb-1583-11e0-9dbc-9ea180eac3c4\boot.sdi



LastRegBack: 2015-01-24 03:59

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Stay Off at 2015-01-24 15:42:32
Running from C:\Users\Stay Off\Desktop\Ebook Templates
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
 clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2428.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2428.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKU\S-1-5-21-608533635-201553101-2147240281-501\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6785 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Toribash (HKLM-x32\...\Steam App 248570) (Version:  - Nabi Studios)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-608533635-201553101-2147240281-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Stay Off\AppData\Roaming\xdcosiig\tivesen.dll () <==== ATTENTION

==================== Restore Points  =========================

02-11-2014 18:25:14 Removed Times Reader
02-11-2014 18:36:55 Windows Live Essentials
02-11-2014 18:37:44 WLSetup
02-11-2014 18:40:38 Removed Evernote v. 4.5.1
05-11-2014 10:22:56 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
05-11-2014 10:23:46 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
05-11-2014 10:27:03 Installed Microsoft SQL Server 2012 Express LocalDB
07-11-2014 03:52:03 Windows Update
11-11-2014 07:33:38 Windows Update
13-11-2014 22:48:25 Windows Update
15-11-2014 03:14:21 Windows Update
21-11-2014 04:39:13 Windows Update
25-11-2014 03:29:39 Windows Update
25-11-2014 13:14:29 avast! antivirus system restore point
25-11-2014 13:17:01 Device Driver Package Install: Avast Network Service
26-11-2014 09:41:55 Installed Rosetta Stone TOTALe
26-11-2014 10:02:56 Removed Rosetta Stone TOTALe
26-11-2014 10:03:29 Removed Rosetta Stone TOTALe
28-11-2014 04:29:38 Windows Update
01-12-2014 15:33:52 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
01-12-2014 15:35:30 Installed OpenOffice 4.1.1
01-12-2014 22:59:54 Windows Defender Checkpoint
02-12-2014 05:37:24 Windows Update
03-12-2014 12:05:35 avast! antivirus system restore point
03-12-2014 12:07:42 Device Driver Package Install: Avast Network Service
03-12-2014 13:32:10 Windows Defender Checkpoint
04-12-2014 05:54:38 Windows Update
07-12-2014 04:00:36 Installed OpenOffice 4.1.1
09-12-2014 09:07:52 Windows Update
13-12-2014 07:41:48 Windows Update
17-12-2014 07:02:24 Windows Update
17-12-2014 10:59:09 Device Driver Package Install: SoftEther VPN Project Network adapters
17-12-2014 11:17:01 Device Driver Package Install: SoftEther VPN Project Network adapters
18-12-2014 07:18:21 Device Driver Package Install: SoftEther VPN Project Network adapters
21-12-2014 05:29:23 Windows Update
22-12-2014 06:08:24 Installed SEVENCORE_EN
27-12-2014 05:26:39 Windows Update
30-12-2014 09:49:06 Installed Arc
30-12-2014 09:53:09 Installed DirectX
30-12-2014 09:58:52 Installed DirectX
30-12-2014 10:02:58 Installed DirectX
31-12-2014 06:00:52 Windows Update
31-12-2014 16:42:47 Installed DirectX
31-12-2014 16:43:19 Installed DirectX
07-01-2015 08:57:03 Windows Update
11-01-2015 11:36:48 Removed BlueStacks Notification Center
15-01-2015 00:06:54 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
15-01-2015 00:08:22 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
15-01-2015 00:08:43 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
15-01-2015 00:09:42 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
15-01-2015 00:11:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
15-01-2015 00:13:08 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
15-01-2015 00:14:16 Installed DirectX
16-01-2015 18:46:09 Device Driver Package Install: Razer Sound, video and game controllers
18-01-2015 21:08:35 Removed Java 8 Update 25
20-01-2015 19:17:40 Windows Update
20-01-2015 22:54:05 Removed MyWinLocker Suite
21-01-2015 07:47:42 Removed Razer Synapse.
21-01-2015 07:52:40 Removed Razer Synapse.
23-01-2015 15:29:02 Removed SEVENCORE_EN
23-01-2015 15:31:29 Removed Microsoft Silverlight
23-01-2015 15:54:38 Checkpoint by HitmanPro
23-01-2015 15:56:12 Checkpoint by HitmanPro
24-01-2015 04:05:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {215FF961-FFA2-4976-804A-48B50D40BF1D} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-12-27] (CyberLink Corp.)
Task: {263277E9-780A-4E84-881E-95ABD849DECD} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2DB9BCB2-D25D-410D-9EBD-91AA6EEC9FC3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {3AB21756-88C9-4D7E-B061-2219075290A0} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-12-27] (Acer Incorporated)
Task: {4CA202D7-6432-424A-93FC-EF2DD73FA990} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-25] (AVAST Software)
Task: {7C5E27EC-7845-46A4-A254-8CA13C4F4849} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-23] (Adobe Systems Incorporated)
Task: {82579187-230D-413C-910E-AA2FBEC5C3CA} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {8A31FFEC-219E-4BE4-9E2E-00F971738235} - \PastaQuotes No Task File <==== ATTENTION
Task: {9AFA21EF-3DEA-472C-9D60-0626106A5F8E} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {A4A89CFB-DB23-47C1-BC12-3B6D2DD43B0D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A532C57A-05A1-4D8F-BB3D-5D2B7D85E669} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-12-27] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-11-25 13:16 - 2014-11-25 13:16 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-25 13:16 - 2014-11-25 13:16 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-08 13:54 - 2015-01-08 13:54 - 00157696 _____ () C:\Users\Stay Off\AppData\Roaming\xdcosiig\tivesen.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-19 16:50 - 2015-01-19 16:50 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15011901\algo.dll
2014-11-25 13:16 - 2014-11-25 13:16 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-11-25 13:16 - 2014-11-25 13:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-08 13:54 - 2015-01-08 13:54 - 00133120 _____ () C:\Users\Stay Off\AppData\Roaming\xdcosiig\colers.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-01-01 01:16 - 2011-12-27 18:47 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-12-06 21:36 - 2015-01-18 21:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: WindowsVNT_R3 => 2
MSCONFIG\Services: YouTubeDownload_P4 => 2
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Arc\ArcLauncher.exe /autorun
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: emsisoft anti-malware => "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-608533635-201553101-2147240281-500 - Administrator - Disabled)
Guest (S-1-5-21-608533635-201553101-2147240281-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-608533635-201553101-2147240281-1002 - Limited - Enabled)
Stay Off (S-1-5-21-608533635-201553101-2147240281-1001 - Administrator - Enabled) => C:\Users\Stay Off

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1900}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (01/24/2015 03:38:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/24/2015 03:38:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (01/24/2015 03:29:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (01/24/2015 03:29:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (01/24/2015 03:29:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (01/22/2015 06:44:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (01/22/2015 06:44:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (01/22/2015 06:43:29 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume Acer.

Error: (01/20/2015 00:24:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/20/2015 00:22:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================
Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
Search.TripoliIndexer

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)
1900

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/24/2015 03:38:56 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon HD Graphics
Percentage of memory in use: 43%
Total physical RAM: 6612.69 MB
Available physical RAM: 3762.34 MB
Total Pagefile: 13223.56 MB
Available Pagefile: 7351.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:897.41 GB) (Free:379.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=34 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=897.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Please note that malware removal staff are volunteers and from different time-zone which sometimes cause the delay in replies. If you wish to proceed, follow the fix bellow. Did you add the following proxies?

ProxyServer: [HKLM] => http=127.0.0.1:56037;https=127.0.0.1:56037ProxyServer: [HKLM-x32] => http=127.0.0.1:56037;https=127.0.0.1:56037


  • Step #2 Fix with FRST

    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --

      StartCreateRestorePoint:CloseProcesses:Emptytemp:Task: {8A31FFEC-219E-4BE4-9E2E-00F971738235} - \PastaQuotes No Task File <==== ATTENTIONCustomCLSID: HKU\S-1-5-21-608533635-201553101-2147240281-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Stay Off\AppData\Roaming\xdcosiig\tivesen.dll () <==== ATTENTIONC:\Users\Stay Off\AppData\Roaming\xdcosiigSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =HKLM-x32\...\Run: [] => [X]End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.

  • Required Log(s):
    • FRST Fix Log
Regards,

Valinorum

Link to post
Share on other sites

No I did not add those proxies not sure what a proxie is

here is the report you asked for

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Stay Off at 2015-01-25 04:03:25 Run:1
Running from C:\Users\Stay Off\Desktop
Loaded Profiles: Stay Off & Guest (Available profiles: Stay Off & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Emptytemp:
Task: {8A31FFEC-219E-4BE4-9E2E-00F971738235} - \PastaQuotes No Task File <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-608533635-201553101-2147240281-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Stay Off\AppData\Roaming\xdcosiig\tivesen.dll () <==== ATTENTION
C:\Users\Stay Off\AppData\Roaming\xdcosiig
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM-x32\...\Run: [] => [X]
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A31FFEC-219E-4BE4-9E2E-00F971738235}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A31FFEC-219E-4BE4-9E2E-00F971738235}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully.
"HKU\S-1-5-21-608533635-201553101-2147240281-1001_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
C:\Users\Stay Off\AppData\Roaming\xdcosiig => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
EmptyTemp: => Removed 519.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 04:09:19 ====

Link to post
Share on other sites

Seems to be running well ty

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Stay Off at 2015-01-25 04:31:25 Run:2
Running from C:\Users\Stay Off\Desktop
Loaded Profiles: Stay Off (Available profiles: Stay Off & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
ProxyServer: [HKLM] => http=127.0.0.1:56037;https=127.0.0.1:56037
ProxyServer: [HKLM-x32] => http=127.0.0.1:56037;https=127.0.0.1:56037
Reboot:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.


The system needed a reboot.

==== End of Fixlog 04:31:25 ====

Link to post
Share on other sites

  • Step #3 ESET Online Scanner

    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.

    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.

  • Required Log(s):
    • ESET Fix Log
Regards,

Valinorum

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9669eeaaf82682489f0ba4bac99f4299
# engine=22133
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-25 02:14:33
# local_time=2015-01-25 06:14:33 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 173738723 0 0
# scanned=201815
# found=7
# cleaned=6
# scan_time=4476
sh=421D401BACDC94C8C378C81262F70A2D41B711FF ft=1 fh=ff2b7a997d2def00 vn="a variant of Win32/Agent.WMC trojan" ac=I fn="C:\Users\All Users\Optimizer\program\winapp_Test002.exe"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"
sh=F456447749DE18B457437CA4468077EE69D635BA ft=1 fh=dae56f36d2069099 vn="a variant of Win32/Agent.WMC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\YouTube Downloader Services\avasts.exe"
sh=C3EE1D6C76205F9FE7B1022959B2F2D22F34129C ft=1 fh=8a2a8189f6686e94 vn="a variant of Win32/Agent.WMC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\YouTube Downloader Services\powermgr.exe"
sh=816C2357F0D618301791EF159646159199854997 ft=1 fh=af064bf6568a8dbc vn="a variant of Win32/Agent.WMC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\YouTube Downloader Services\vmnet.exe"
sh=494E1686FB0475E367BF1A3AFE17B6A645493C4D ft=1 fh=74c3a232148e5a6e vn="a variant of Win32/Agent.WMC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe"
sh=421D401BACDC94C8C378C81262F70A2D41B711FF ft=1 fh=ff2b7a997d2def00 vn="a variant of Win32/Agent.WMC trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Optimizer\program\winapp_Test002.exe"
 

Link to post
Share on other sites

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.


♣ Removal of Tools and Quarantined Files ♣


Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

  • Cleanup with Delfix

    Please download DelFix by Xplode to your Desktop.

    Download Link

    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣


Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.

    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.

  • Run antivirus software and keep it up-to-date, too.

    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!

  • Keep your web browser plugins and other programs updated also.

    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

  • Watch out for new threat named CryptoLocker

    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.

    How to prevent your computer from becoming infected by CryptoLocker.

  • And last of all, surf smart.

    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,

Valinorum

Link to post
Share on other sites

Thank you so much for your help this was really bugging me most of the time I can remove things like this on my own but this one was a fighter lol thanks alot

# DelFix v10.8 - Logfile created 25/01/2015 at 23:56:59

# Updated 29/07/2014 by Xplode

# Username : Stay Off - STAYOFF-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST

Deleted : C:\Users\Stay Off\Desktop\Addition.txt

Deleted : C:\Users\Stay Off\Desktop\Fixlog.txt

Deleted : C:\Users\Stay Off\Desktop\FRST.txt

Deleted : C:\Users\Stay Off\Desktop\FRST64(1).exe

Deleted : C:\Users\Stay Off\Desktop\Shortcut.txt

Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #20 [Windows Live Essentials | 11/03/2014 02:36:55]

Deleted : RP #21 [WLSetup | 11/03/2014 02:37:44]

Deleted : RP #22 [Removed Evernote v. 4.5.1 | 11/03/2014 02:40:38]

Deleted : RP #23 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 11/05/2014 18:22:56]

Deleted : RP #24 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 11/05/2014 18:23:46]

Deleted : RP #25 [installed Microsoft SQL Server 2012 Express LocalDB | 11/05/2014 18:27:03]

Deleted : RP #26 [Windows Update | 11/07/2014 11:52:03]

Deleted : RP #27 [Windows Update | 11/11/2014 15:33:38]

Deleted : RP #28 [Windows Update | 11/14/2014 06:48:25]

Deleted : RP #29 [Windows Update | 11/15/2014 11:14:21]

Deleted : RP #30 [Windows Update | 11/21/2014 12:39:13]

Deleted : RP #31 [Windows Update | 11/25/2014 11:29:39]

Deleted : RP #32 [avast! antivirus system restore point | 11/25/2014 21:14:29]

Deleted : RP #33 [Device Driver Package Install: Avast Network Service | 11/25/2014 21:17:01]

Deleted : RP #35 [installed Rosetta Stone TOTALe | 11/26/2014 17:41:55]

Deleted : RP #36 [Removed Rosetta Stone TOTALe | 11/26/2014 18:02:56]

Deleted : RP #37 [Removed Rosetta Stone TOTALe | 11/26/2014 18:03:29]

Deleted : RP #39 [Windows Update | 11/28/2014 12:29:38]

Deleted : RP #40 [installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 | 12/01/2014 23:33:52]

Deleted : RP #41 [installed OpenOffice 4.1.1 | 12/01/2014 23:35:30]

Deleted : RP #43 [Windows Defender Checkpoint | 12/02/2014 06:59:54]

Deleted : RP #44 [Windows Update | 12/02/2014 13:37:24]

Deleted : RP #45 [avast! antivirus system restore point | 12/03/2014 20:05:35]

Deleted : RP #46 [Device Driver Package Install: Avast Network Service | 12/03/2014 20:07:42]

Deleted : RP #48 [Windows Defender Checkpoint | 12/03/2014 21:32:10]

Deleted : RP #49 [Windows Update | 12/04/2014 13:54:38]

Deleted : RP #50 [installed OpenOffice 4.1.1 | 12/07/2014 12:00:36]

Deleted : RP #51 [Windows Update | 12/09/2014 17:07:52]

Deleted : RP #52 [Windows Update | 12/13/2014 15:41:48]

Deleted : RP #53 [Windows Update | 12/17/2014 15:02:24]

Deleted : RP #54 [Device Driver Package Install: SoftEther VPN Project Network adapters | 12/17/2014 18:59:09]

Deleted : RP #55 [Device Driver Package Install: SoftEther VPN Project Network adapters | 12/17/2014 19:17:01]

Deleted : RP #56 [Device Driver Package Install: SoftEther VPN Project Network adapters | 12/18/2014 15:18:21]

Deleted : RP #57 [Windows Update | 12/21/2014 13:29:23]

Deleted : RP #58 [installed SEVENCORE_EN | 12/22/2014 14:08:24]

Deleted : RP #59 [Windows Update | 12/27/2014 13:26:39]

Deleted : RP #60 [installed Arc | 12/30/2014 17:49:06]

Deleted : RP #61 [installed DirectX | 12/30/2014 17:53:09]

Deleted : RP #62 [installed DirectX | 12/30/2014 17:58:52]

Deleted : RP #63 [installed DirectX | 12/30/2014 18:02:58]

Deleted : RP #64 [Windows Update | 12/31/2014 14:00:52]

Deleted : RP #65 [installed DirectX | 01/01/2015 00:42:47]

Deleted : RP #66 [installed DirectX | 01/01/2015 00:43:19]

Deleted : RP #67 [Windows Update | 01/07/2015 16:57:03]

Deleted : RP #68 [Removed BlueStacks Notification Center | 01/11/2015 19:36:48]

Deleted : RP #69 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 | 01/15/2015 08:06:54]

Deleted : RP #70 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 | 01/15/2015 08:08:22]

Deleted : RP #71 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 | 01/15/2015 08:08:43]

Deleted : RP #72 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 | 01/15/2015 08:09:42]

Deleted : RP #73 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 | 01/15/2015 08:11:02]

Deleted : RP #74 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 | 01/15/2015 08:13:08]

Deleted : RP #75 [installed DirectX | 01/15/2015 08:14:16]

Deleted : RP #76 [Device Driver Package Install: Razer Sound, video and game controllers | 01/17/2015 02:46:09]

Deleted : RP #77 [Removed Java 8 Update 25 | 01/19/2015 05:08:35]

Deleted : RP #78 [Windows Update | 01/21/2015 03:17:40]

Deleted : RP #79 [Removed MyWinLocker Suite | 01/21/2015 06:54:05]

Deleted : RP #80 [Removed Razer Synapse. | 01/21/2015 15:47:42]

Deleted : RP #81 [Removed Razer Synapse. | 01/21/2015 15:52:40]

Deleted : RP #82 [Removed SEVENCORE_EN | 01/23/2015 23:29:02]

Deleted : RP #83 [Removed Microsoft Silverlight | 01/23/2015 23:31:29]

Deleted : RP #84 [Checkpoint by HitmanPro | 01/23/2015 23:54:38]

Deleted : RP #85 [Checkpoint by HitmanPro | 01/23/2015 23:56:12]

Deleted : RP #86 [Windows Update | 01/24/2015 12:05:57]

Deleted : RP #88 [Restore Point Created by FRST | 01/25/2015 12:03:32]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.