Jump to content

Recommended Posts

Please help with the possible infection ...... windows 7, 64bit ......computer gives corrupt error message as "can not open" .... file corrupted...... also when online some video's will not play... shows a green screen with no error message .... flash player up to date....thanks in advance

 

 

  Logfile of Trend Micro Haddition.txtijackThis v2.0.5

Scan saved at 3:31:59 PM, on 2/1/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\iSafe\iSafeTray.exe
C:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe
C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Doc's\AppData\Local\Temp\jia9y3ww.tmp\install_flashplayer16x32_chrd_dn_aaa_aih.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Users\Doc's\AppData\Local\Temp\nkczste8.tmp\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1397259501&from=amt&uid=ST9500325AS_5VETHXTWXXXX5VETHXTW
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: (no name) - {df22384f-cf68-4d19-969f-10423715528b} - (no file)
O3 - Toolbar: (no name) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - (no file)
O3 - Toolbar: (no name) - {6fcaba44-a441-481f-895e-bddfd81a6cc2} - (no file)
O3 - Toolbar: (no name) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PopularScreensavers Search Scope Monitor] "C:\PROGRA~2\POPULA~2\bar\1.bin\7isrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [sMessaging] "C:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~2\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Anonymizer Universal] C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe /tray
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files (x86)\Anonymizer\Anonymizer Universal\AnonMgmtSvc.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iSafeService - Elex do Brasil Participações Ltda - C:\Program Files (x86)\iSafe\iSafeSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: PopularScreensaversService (PopularScreensavers_7iService) - COMPANYVERS_NAME - C:\PROGRA~2\POPULA~2\bar\1.bin\7ibarsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VjdOuv - Small Island Development - C:\ProgramData\tapSSXEo\VjdOuv.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 15816 bytes
 
Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Addition.txt log is attached to your reply, FRST must have been used. Can you also post the primary log FRST.txt. Logs are save here: C:\FRST\Logs

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

 

 

Addition.txt log is attached to your reply, FRST must have been used. Can you also post the primary log FRST.txt. Logs are save here: C:\FRST\Logs

ok thanks, the log i found is below, I am new to this site and I appreciate your kind attention!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Doc's (administrator) on DOCS-PC on 01-02-2015 16:09:21
Running from C:\Users\Doc's\AppData\Local\Temp\ig2d4pqv.tmp
Loaded Profiles: Doc's (Available profiles: Doc's)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
(Anonymizer) C:\Program Files (x86)\Anonymizer\Anonymizer Universal\AnonMgmtSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Google Inc.) C:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exe
(Simple Star, Inc.) C:\Program Files (x86)\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Anonymizer) C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Stronghold Online Backup) C:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Adobe) C:\Users\Doc's\AppData\Local\Temp\install_flashplayer16x32_chrd_dn_aaa_aih.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
() C:\Program Files (x86)\SDDUpdater\updater.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-20] (Atheros Commnucations)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [PopularScreensavers Search Scope Monitor] => C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7iSrchMn.exe [42536 2013-05-18] (MindSpark)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [sMessaging] => C:\Users\Doc's\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-11] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [gmsd_us_84] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [Google Update] => C:\Users\Doc's\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-12] (Google Inc.)
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [Walgreens PhotoShow Media Manager] => C:\Program Files (x86)\Walgreens\Walgreens PhotoShow 4\data\Xtras\mssysmgr.exe [237568 2006-04-20] (Simple Star, Inc.)
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2013-11-13] ()
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Run: [Anonymizer Universal] => C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer Universal.exe [3928600 2014-10-21] (Anonymizer)
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1397259501&from=amt&uid=ST9500325AS_5VETHXTWXXXX5VETHXTW
HKU\S-1-5-21-373963065-2517038359-3763730876-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
URLSearchHook: HKLM-x32 - (No Name) - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {1AF919F4-D7C6-93B8-6BAF-2421B23AF4C4} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> DefaultScope {DB5F73D5-888B-4D6A-A376-8BCCEE0E5A60} URL = 
BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} ->  No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {ab56dfde-0c14-45b3-9df6-7b0eba617870} ->  No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {df22384f-cf68-4d19-969f-10423715528b} ->  No File
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - No Name - {6fcaba44-a441-481f-895e-bddfd81a6cc2} -  No File
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
Toolbar: HKLM-x32 - No Name - {92ed4bbd-83f2-4c70-bb4e-f8d3716143fe} -  No File
Toolbar: HKLM-x32 - No Name - {6fcaba44-a441-481f-895e-bddfd81a6cc2} -  No File
Toolbar: HKLM-x32 - No Name - {a0154e07-2b48-475c-a82a-80efd84ea33e} -  No File
Toolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {92ED4BBD-83F2-4C70-BB4E-F8D3716143FE} -  No File
Toolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-373963065-2517038359-3763730876-1000 -> No Name - {A0154E07-2B48-475C-A82A-80EFD84EA33E} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF NetworkProxy: "type", 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @PopularScreensavers_7i.com/Plugin -> C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\NP7iStub.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-373963065-2517038359-3763730876-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-373963065-2517038359-3763730876-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Doc's\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-373963065-2517038359-3763730876-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Doc's\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\user.js
FF SearchPlugin: C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\searchplugins\yahoo_ff.xml
FF Extension: TheTorntv V10 - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\44e4876d5886435183fea8e@44f892d6c2ac4a44858c85e3636.com [2014-08-03]
FF Extension: Plus-HD-1.3 - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com [2014-07-05]
FF Extension: enterprise 1.1 - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\e38c01fb-ffb2-4c7e-b4c7-1f47c844d855@gmail.com [2014-09-03]
FF Extension: Slick Savings - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [2014-12-18]
FF Extension: Start Page - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [2014-12-18]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Doc's\AppData\Roaming\Mozilla\Firefox\Profiles\77211p5r.default\Extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [7iffxtbr@PopularScreensavers_7i.com] - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin
FF Extension: PopularScreensavers - C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin [2013-05-18]
FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-27]
FF HKLM-x32\...\Firefox\Extensions: [ext@VideoPlayerV3beta198.net] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta198\ff
FF HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Firefox\Extensions: [lfind@nijadsoft.net] - C:\Program Files (x86)\LyricsFinder\FF
FF HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Firefox\Extensions: [lwoofer@lyricswoofer.co] - C:\Program Files (x86)\LyricsWoofer\122.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Doc's\AppData\Local\funmoods.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Doc's\AppData\Local\funmoods-speeddial_sf.crx [Not Found]
CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Doc's\AppData\Local\Smartbar/Application\1Extension.crx [Not Found]
CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Doc's\AppData\Local\funmoods.crx [Not Found]
CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Doc's\AppData\Local\funmoods-speeddial_sf.crx [Not Found]
CHR HKU\S-1-5-21-373963065-2517038359-3763730876-1000\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Doc's\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Doc's\AppData\Local\funmoods.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2013-08-05]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Doc's\AppData\Local\funmoods-speeddial_sf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gnbcopcndefcccgdofjadnafjljgofam] - C:\Program Files (x86)\LyricsFinder\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [igjjkeeamkpihpncmmbgdkhdnjpcfmfb] - C:\ProgramData\BetterExperience\Chrome\common.crx [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [jnikkfemnfogahcandhlchoengjbeaij] - C:\Program Files (x86)\LyricsWoofer\122.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Doc's\AppData\Roaming\PlusWinks\PlusWinks.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nlndmljfcnlkbcbbneenigbpikmdfcdh] - C:\Users\Doc's\AppData\Local\CRE\nlndmljfcnlkbcbbneenigbpikmdfcdh.crx [2013-08-11]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Doc's\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found]
 
Opera: 
=======
OPR Extension: (enterprise 1.1) - C:\Users\Doc's\AppData\Roaming\Opera Software\Opera Stable\Extensions\kamobkapmbfjeihgdegmieoldlbkogjb [2014-09-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnonMgmtSvc; C:\Program Files (x86)\Anonymizer\Anonymizer Universal\AnonMgmtSvc.exe [220184 2014-10-21] (Anonymizer)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-20] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-11] (Avast Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-04-23] (Elex do Brasil Participações Ltda)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 PopularScreensavers_7iService; C:\Program Files (x86)\PopularScreensavers_7i\bar\1.bin\7ibarsvc.exe [42504 2013-05-18] (COMPANYVERS_NAME)
S3 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
S2 VjdOuv; C:\ProgramData\tapSSXEo\VjdOuv.exe [2734456 2015-01-13] (Small Island Development)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-01-31] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-04-23] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [43520 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-04-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48128 2014-04-23] (Elex do Brasil Participações Ltda)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-09-09] (Duplex Secure Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-11] (Avast Software)
R1 {1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64; C:\Windows\System32\drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys [48792 2015-01-25] (StdLib)
R1 {371bcf01-e691-44bf-9345-60788e5d16a5}Gw64; C:\Windows\System32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys [48792 2015-01-28] (StdLib)
R1 {4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64; C:\Windows\System32\drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys [48792 2015-01-21] (StdLib)
R1 {5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64; C:\Windows\System32\drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys [48792 2015-01-22] (StdLib)
R1 {8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64; C:\Windows\System32\drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64.sys [48792 2015-01-04] (StdLib)
U3 aa765cfc; C:\Windows\System32\Drivers\aa765cfc.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 16:09 - 2015-02-01 16:09 - 00000000 ____D () C:\FRST
2015-02-01 15:43 - 2015-02-01 15:43 - 00001555 _____ () C:\Users\Doc's\Desktop\hijackthis - Shortcut.lnk
2015-02-01 15:32 - 2015-02-01 15:32 - 00015818 _____ () C:\Users\Doc's\Documents\hijackthis.log
2015-01-31 23:25 - 2015-01-31 23:35 - 130030423 _____ () C:\Users\Doc's\Downloads\msert.exe.download
2015-01-31 18:23 - 2015-01-31 18:23 - 00001998 _____ () C:\Windows\PFRO.log
2015-01-31 00:29 - 2015-02-01 12:36 - 00000336 _____ () C:\Windows\setupact.log
2015-01-31 00:29 - 2015-01-31 00:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 18:43 - 2015-01-29 18:43 - 00245475 _____ () C:\Users\Doc's\Downloads\photo.php
2015-01-28 22:14 - 2015-01-28 22:14 - 00002015 _____ () C:\Users\Doc's\Desktop\FastDownload.com.lnk
2015-01-28 22:14 - 2015-01-28 22:14 - 00002007 _____ () C:\Users\Doc's\Desktop\GameTeam.com.lnk
2015-01-28 22:14 - 2015-01-28 22:14 - 00002005 _____ () C:\Users\Doc's\Desktop\GameTop.com.lnk
2015-01-28 18:48 - 2015-01-28 12:35 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gw64.sys
2015-01-26 10:10 - 2015-01-26 10:14 - 00019691 _____ () C:\Users\Doc's\Downloads\www.google.com.dms
2015-01-25 17:40 - 2015-01-31 04:00 - 00000278 _____ () C:\Windows\Tasks\Anonymizer Universal Updates.job
2015-01-25 17:40 - 2015-01-25 17:40 - 00003016 _____ () C:\Windows\System32\Tasks\Anonymizer Universal Updates
2015-01-25 14:25 - 2015-01-25 14:25 - 00000000 ____D () C:\AdwCleaner
2015-01-25 12:36 - 2015-01-25 12:36 - 00000330 _____ () C:\Windows\system32\2015-01-25-17-36-28.043-aswFe.exe-2388.log
2015-01-25 12:21 - 2015-01-25 12:36 - 00000247 _____ () C:\Windows\system32\2015-01-25-17-21-38.051-aswFe.exe-7880.log
2015-01-25 12:21 - 2015-01-25 12:21 - 00000197 _____ () C:\Windows\system32\2015-01-25-17-21-18.085-AvastVBoxSVC.exe-9100.log
2015-01-25 11:49 - 2015-01-25 11:49 - 00000247 _____ () C:\Windows\system32\2015-01-25-16-49-40.021-aswFe.exe-9184.log
2015-01-25 11:49 - 2015-01-25 11:49 - 00000197 _____ () C:\Windows\system32\2015-01-25-16-49-15.004-AvastVBoxSVC.exe-7596.log
2015-01-25 11:30 - 2015-01-25 11:30 - 00000247 _____ () C:\Windows\system32\2015-01-25-16-30-32.037-aswFe.exe-4208.log
2015-01-25 11:30 - 2015-01-25 11:30 - 00000197 _____ () C:\Windows\system32\2015-01-25-16-30-18.011-AvastVBoxSVC.exe-3840.log
2015-01-25 08:51 - 2015-01-25 05:45 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{1d7d694e-604c-4da2-9100-b2601d3a1c57}Gw64.sys
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anonymizer
2015-01-24 16:44 - 2015-01-24 16:44 - 00000000 ____D () C:\Program Files (x86)\Anonymizer
2015-01-23 16:10 - 2015-01-23 16:10 - 00000000 ____T () C:\Windows\SysWOW64\Ñ
2015-01-23 15:35 - 2015-01-23 15:35 - 00000000 ____T () C:\Windows\SysWOW64\E
2015-01-23 15:32 - 2015-01-23 15:32 - 00000000 ____T () C:\Windows\SysWOW64\O
2015-01-23 00:08 - 2015-01-23 00:08 - 00000197 _____ () C:\Windows\system32\2015-01-23-05-08-53.046-AvastVBoxSVC.exe-4484.log
2015-01-22 20:10 - 2015-01-22 12:54 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{5c281c6e-0132-4ac6-ad9d-d1d95d218412}Gw64.sys
2015-01-22 17:00 - 2015-01-22 17:01 - 00000280 _____ () C:\Windows\system32\2015-01-22-22-00-35.096-aswFe.exe-3172.log
2015-01-21 20:43 - 2015-01-21 10:43 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys
2015-01-21 19:40 - 2015-01-21 19:40 - 00000280 _____ () C:\Windows\system32\2015-01-22-00-40-33.025-aswFe.exe-7040.log
2015-01-21 19:39 - 2015-01-21 19:38 - 06280608 _____ () C:\Users\Doc's\Downloads\hotspot-shield.exe
2015-01-21 19:34 - 2015-01-21 19:34 - 00000280 _____ () C:\Windows\system32\2015-01-22-00-34-06.086-aswFe.exe-6344.log
2015-01-20 23:39 - 2015-01-20 23:39 - 00000197 _____ () C:\Windows\system32\2015-01-21-04-39-57.025-AvastVBoxSVC.exe-4768.log
2015-01-20 21:11 - 2015-01-20 21:12 - 00000280 _____ () C:\Windows\system32\2015-01-21-02-11-59.020-aswFe.exe-7764.log
2015-01-20 21:10 - 2015-01-20 21:10 - 00000280 _____ () C:\Windows\system32\2015-01-21-02-10-51.006-aswFe.exe-9004.log
2015-01-20 21:02 - 2015-01-20 21:02 - 00000280 _____ () C:\Windows\system32\2015-01-21-02-02-22.004-aswFe.exe-6008.log
2015-01-20 18:33 - 2015-01-20 18:33 - 00000000 ____T () C:\Windows\SysWOW64\G
2015-01-20 14:19 - 2015-01-20 14:43 - 00000000 ____D () C:\Users\Doc's\AppData\Local\SoftonicAssistant
2015-01-20 00:08 - 2015-01-20 00:08 - 00000280 _____ () C:\Windows\system32\2015-01-20-05-08-11.099-aswFe.exe-7612.log
2015-01-19 23:18 - 2015-01-19 23:19 - 00000280 _____ () C:\Windows\system32\2015-01-20-04-18-58.059-aswFe.exe-6628.log
2015-01-19 16:44 - 2015-01-19 16:44 - 00000197 _____ () C:\Windows\system32\2015-01-19-21-44-11.088-AvastVBoxSVC.exe-5832.log
2015-01-18 15:44 - 2015-01-18 15:44 - 00000197 _____ () C:\Windows\system32\2015-01-18-20-44-14.041-AvastVBoxSVC.exe-3396.log
2015-01-17 22:51 - 2015-01-17 22:51 - 00000197 _____ () C:\Windows\system32\2015-01-18-03-51-08.061-AvastVBoxSVC.exe-4380.log
2015-01-17 22:27 - 2015-01-17 22:27 - 00000197 _____ () C:\Windows\system32\2015-01-18-03-27-25.099-AvastVBoxSVC.exe-3164.log
2015-01-17 16:13 - 2015-01-17 16:13 - 00000197 _____ () C:\Windows\system32\2015-01-17-21-13-00.043-AvastVBoxSVC.exe-4696.log
2015-01-17 13:39 - 2015-01-17 13:39 - 00000000 ____H () C:\Users\Doc's\Documents\Default.rdp
2015-01-17 13:07 - 2015-01-17 13:07 - 00000197 _____ () C:\Windows\system32\2015-01-17-18-07-26.027-AvastVBoxSVC.exe-6328.log
2015-01-17 11:13 - 2015-01-17 11:13 - 00000197 _____ () C:\Windows\system32\2015-01-17-16-13-55.037-AvastVBoxSVC.exe-4780.log
2015-01-17 10:42 - 2015-01-17 10:42 - 00003124 _____ () C:\Windows\System32\Tasks\{BB637A49-9A49-4603-95E6-16068FF3E37F}
2015-01-17 10:30 - 2015-01-17 10:30 - 00000197 _____ () C:\Windows\system32\2015-01-17-15-30-20.095-AvastVBoxSVC.exe-4536.log
2015-01-17 10:25 - 2015-01-17 10:25 - 00000000 _____ () C:\Windows\SysWOW64\sho3F94.tmp
2015-01-16 14:01 - 2015-01-24 15:42 - 00000000 ____D () C:\ProgramData\Browser
2015-01-16 00:50 - 2015-01-16 00:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-05-50-42.003-AvastVBoxSVC.exe-2228.log
2015-01-15 22:05 - 2015-01-15 22:05 - 00000197 _____ () C:\Windows\system32\2015-01-16-03-05-31.004-AvastVBoxSVC.exe-7108.log
2015-01-15 21:52 - 2015-01-15 21:52 - 00000000 ____D () C:\MovieWizard
2015-01-14 15:57 - 2015-01-14 15:57 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Lazy Turtle Games
2015-01-14 15:56 - 2015-01-17 22:47 - 00000000 ____D () C:\Windows\The Return of Monte Cristo
2015-01-14 15:56 - 2015-01-17 22:47 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Return of Monte Cristo
2015-01-14 15:56 - 2015-01-17 22:47 - 00000000 ____D () C:\Program Files (x86)\The Return of Monte Cristo
2015-01-14 15:49 - 2015-01-14 15:49 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\To the Moon - Freebird Games
2015-01-13 16:47 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 16:47 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 16:47 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 16:47 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 16:47 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 16:47 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 16:46 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 16:46 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 16:46 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 16:46 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 16:46 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 16:46 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 16:46 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 11:27 - 2015-01-13 11:27 - 00000197 _____ () C:\Windows\system32\2015-01-13-16-27-10.042-AvastVBoxSVC.exe-6360.log
2015-01-13 10:30 - 2015-01-13 10:30 - 00003102 _____ () C:\Windows\System32\Tasks\{811E6CDB-C394-4F2F-9B3F-B82A71505F01}
2015-01-13 10:27 - 2015-01-13 10:27 - 00000000 ____D () C:\ProgramData\2666cdac00005bfc
2015-01-13 10:20 - 2015-01-13 10:20 - 00000197 _____ () C:\Windows\system32\2015-01-13-15-20-53.065-AvastVBoxSVC.exe-4436.log
2015-01-13 09:44 - 2015-01-13 09:44 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-44-02.031-AvastVBoxSVC.exe-3516.log
2015-01-13 08:46 - 2015-01-13 08:46 - 00000000 _____ () C:\Windows\SysWOW64\sho2EEC.tmp
2015-01-13 08:37 - 2015-01-13 08:37 - 00000197 _____ () C:\Windows\system32\2015-01-13-13-37-24.008-AvastVBoxSVC.exe-4672.log
2015-01-13 02:44 - 2015-01-25 12:25 - 00000000 ____D () C:\Users\Doc's\AppData\Local\MovieWizard
2015-01-13 02:27 - 2015-01-13 02:27 - 00000197 _____ () C:\Windows\system32\2015-01-13-07-27-46.032-AvastVBoxSVC.exe-7064.log
2015-01-13 02:26 - 2014-04-23 05:19 - 00043520 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-01-13 01:52 - 2015-01-17 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\SDD
2015-01-13 01:52 - 2015-01-17 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-01-13 01:52 - 2015-01-17 22:47 - 00000000 ____D () C:\Program Files (x86)\SDDUpdater
2015-01-13 01:51 - 2015-01-17 22:47 - 00000000 ____D () C:\ProgramData\tapSSXEo
2015-01-13 01:51 - 2015-01-13 10:39 - 00000000 ____D () C:\ProgramData\MovieWizard
2015-01-12 12:27 - 2015-01-12 12:27 - 00000197 _____ () C:\Windows\system32\2015-01-12-17-27-15.015-AvastVBoxSVC.exe-4688.log
2015-01-09 00:34 - 2015-01-09 00:34 - 00000197 _____ () C:\Windows\system32\2015-01-09-05-34-50.082-AvastVBoxSVC.exe-6216.log
2015-01-06 00:52 - 2015-01-06 00:52 - 00000197 _____ () C:\Windows\system32\2015-01-06-05-52-05.010-AvastVBoxSVC.exe-4320.log
2015-01-04 23:58 - 2015-01-05 00:03 - 34305058 _____ () C:\Users\Doc's\Downloads\torbrowser-install-4.0.2_en-US.exe
2015-01-04 21:04 - 2015-01-24 16:52 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Anonymizer
2015-01-04 20:59 - 2014-09-03 17:27 - 00034248 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-01-04 20:58 - 2015-01-04 20:58 - 00000000 ____D () C:\ProgramData\Anonymizer
2015-01-04 19:41 - 2015-01-04 19:41 - 00000280 _____ () C:\Windows\system32\2015-01-05-00-41-31.066-aswFe.exe-5240.log
2015-01-04 19:31 - 2015-01-04 19:35 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\StormFall
2015-01-04 19:31 - 2015-01-04 19:31 - 00000000 ____D () C:\Users\Doc's\AppData\Local\Pirates
2015-01-04 19:27 - 2015-01-04 15:48 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64.sys
2015-01-04 13:29 - 2015-01-04 13:29 - 00000197 _____ () C:\Windows\system32\2015-01-04-18-29-50.043-AvastVBoxSVC.exe-5620.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 15:47 - 2013-07-14 08:02 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373963065-2517038359-3763730876-1000UA.job
2015-02-01 15:33 - 2012-11-10 14:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 15:10 - 2013-11-11 12:25 - 00001296 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job
2015-02-01 15:10 - 2013-11-11 12:24 - 00001906 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2015-02-01 15:10 - 2013-11-11 12:24 - 00001830 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2015-02-01 15:10 - 2013-11-11 12:24 - 00001198 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2015-02-01 15:01 - 2012-11-12 22:05 - 00000296 _____ () C:\Windows\Tasks\Registry Optimizer_DEFAULT.job
2015-02-01 14:41 - 2013-08-22 20:21 - 00000000 ____D () C:\Users\Doc's\AppData\Local\Strongvault Online Backup
2015-02-01 14:35 - 2013-12-22 18:24 - 00000000 ____D () C:\Program Files (x86)\iSafe
2015-02-01 14:26 - 2012-05-29 10:06 - 01712809 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 13:34 - 2014-04-27 19:40 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2015-02-01 13:16 - 2014-02-24 16:34 - 00000436 _____ () C:\Windows\Tasks\PC Optimizer Pro Idle.job
2015-02-01 13:02 - 2012-11-10 06:45 - 00000000 ____D () C:\Users\Doc's\AppData\Local\Adobe
2015-02-01 11:22 - 2014-09-03 22:22 - 00001764 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-5_user.job
2015-02-01 11:22 - 2014-09-03 22:22 - 00001744 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-5.job
2015-02-01 11:21 - 2014-09-03 22:21 - 00002578 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-4.job
2015-02-01 11:21 - 2014-09-03 22:21 - 00001872 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-1.job
2015-02-01 11:20 - 2014-09-03 22:20 - 00004482 _____ () C:\Windows\Tasks\6b79e399-be4e-475d-8d39-03fad3612fe0-11.job
2015-02-01 10:44 - 2014-01-17 19:30 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-02-01 08:47 - 2013-07-14 08:02 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373963065-2517038359-3763730876-1000Core.job
2015-01-31 23:18 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 23:18 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 22:59 - 2013-06-27 15:07 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-31 22:59 - 2012-11-10 06:53 - 00000000 ____D () C:\Users\Doc's\AppData\Local\CrashDumps
2015-01-31 22:57 - 2014-02-24 16:34 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-01-31 22:57 - 2014-02-22 23:35 - 00000462 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2015-01-31 22:57 - 2014-02-22 23:35 - 00000454 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2015-01-31 22:57 - 2013-12-19 17:08 - 00000458 _____ () C:\Windows\Tasks\RegPowerClean.job
2015-01-31 22:57 - 2013-06-10 15:44 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-01-31 22:57 - 2013-06-02 21:53 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-31 22:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-31 19:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-31 18:34 - 2013-07-05 07:45 - 00000000 ____D () C:\Users\Doc's\Desktop\Doc's VIDS
2015-01-31 18:32 - 2012-11-22 00:38 - 00000000 ____D () C:\Users\Doc's\Desktop\Browsers & Torrent
2015-01-31 18:21 - 2012-11-12 22:03 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Azureus
2015-01-31 18:18 - 2013-08-17 08:17 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\vlc
2015-01-31 16:03 - 2013-09-19 19:25 - 00000000 ____D () C:\Users\Doc's\Desktop\MOVIES&TV SHOWS
2015-01-30 18:09 - 2013-12-22 18:24 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\iSafe
2015-01-29 00:29 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-28 22:16 - 2012-11-23 11:53 - 00000000 ___RD () C:\Users\Doc's\Desktop\GAMES
2015-01-28 22:14 - 2013-06-19 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-01-28 22:14 - 2013-06-19 12:08 - 00000000 ____D () C:\Program Files (x86)\GameTop.com
2015-01-28 22:05 - 2012-11-12 22:05 - 00000304 _____ () C:\Windows\Tasks\Registry Optimizer_UPDATES.job
2015-01-28 18:31 - 2009-07-13 21:34 - 00000537 _____ () C:\Windows\win.ini
2015-01-26 00:34 - 2012-11-10 14:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 00:33 - 2012-03-19 12:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 00:33 - 2012-03-19 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 21:10 - 2014-07-05 22:25 - 00000000 ____D () C:\Users\Doc's\Desktop\empty 2
2015-01-24 17:40 - 2013-09-19 19:25 - 00000000 ____D () C:\Users\Doc's\Desktop\Computer Stuff
2015-01-20 23:24 - 2013-07-29 21:41 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Zip Opener Packages
2015-01-20 23:24 - 2013-06-02 21:49 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\LavFilters
2015-01-20 23:24 - 2013-06-02 21:49 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Codec Pack Packages
2015-01-20 21:37 - 2013-11-18 20:33 - 00000000 ____D () C:\temp
2015-01-19 09:12 - 2014-01-17 19:30 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\WinZipper
2015-01-19 09:09 - 2012-11-14 17:12 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-01-18 11:20 - 2012-11-14 18:46 - 00000000 ____D () C:\Program Files (x86)\Mystery Case Files - Huntsville
2015-01-18 11:19 - 2012-03-19 12:10 - 00000000 ____D () C:\ProgramData\Temp
2015-01-17 22:47 - 2014-01-07 14:59 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\dvdcss
2015-01-17 22:47 - 2013-12-22 18:24 - 00000000 ____D () C:\Windows\system32\log
2015-01-17 22:47 - 2013-10-18 17:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-01-17 22:47 - 2012-11-10 03:21 - 00000000 ____D () C:\Users\Doc's
2015-01-17 22:47 - 2012-05-29 10:29 - 00000000 ____D () C:\ProgramData\Atheros
2015-01-17 22:47 - 2012-03-19 12:05 - 00000000 ____D () C:\ProgramData\BackupManager
2015-01-17 22:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-01-17 21:47 - 2013-10-26 00:46 - 00000000 ____D () C:\Program Files (x86)\qualitink
2015-01-17 21:45 - 2014-07-11 12:39 - 00003880 _____ () C:\Windows\System32\Tasks\BrowserSafeguard
2015-01-17 16:15 - 2012-11-12 18:38 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\Skype
2015-01-17 10:42 - 2014-04-20 01:29 - 00000000 ____D () C:\ProgramData\BetterExperience
2015-01-17 00:19 - 2013-07-27 04:58 - 00000160 _____ () C:\Users\Doc's\AppData\Roaming\WB.CFG
2015-01-16 00:34 - 2013-07-12 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 00:22 - 2012-11-12 18:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 19:03 - 2013-10-02 00:11 - 00000000 ____D () C:\Program Files (x86)\Foxy Games
2015-01-13 02:27 - 2012-11-10 03:25 - 00001603 _____ () C:\Users\Doc's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-13 01:52 - 2013-12-12 10:42 - 00000000 ____D () C:\ProgramData\Updater
2015-01-13 01:50 - 2012-11-10 13:53 - 00000000 ____D () C:\Program Files (x86)\Safari
2015-01-12 00:38 - 2014-11-23 23:59 - 00159361 _____ () C:\Users\Doc.mp4
2015-01-09 22:47 - 2014-04-07 08:38 - 00000000 ____D () C:\Users\Doc's\Desktop\Empty 4
2015-01-08 20:49 - 2014-04-07 17:50 - 00000000 ____D () C:\Users\Doc's\Desktop\EMPTY 7
2015-01-08 15:30 - 2009-07-14 00:13 - 00804720 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 11:55 - 2014-09-03 22:20 - 00000000 ____D () C:\Program Files (x86)\enterprise 1.1
2015-01-06 09:21 - 2013-11-11 12:24 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-1.3
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 17:43 - 2014-03-23 17:05 - 00000000 ____D () C:\Program Files (x86)\JetAudio
2015-01-04 17:43 - 2013-08-20 19:50 - 00000000 ____D () C:\Program Files (x86)\Bejeweled 3 new
2015-01-04 17:34 - 2014-12-31 21:21 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-04 17:34 - 2013-10-28 22:42 - 00000000 ____D () C:\Windows\Minidump
2015-01-04 13:44 - 2014-03-18 18:17 - 00000000 ____D () C:\Users\Doc's\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2013-12-22 18:09 - 2013-12-22 18:09 - 0000068 _____ () C:\Users\Doc's\AppData\Roaming\photoshow_express_setup.txt
2013-12-04 23:19 - 2013-12-05 00:31 - 0003408 _____ () C:\Users\Doc's\AppData\Roaming\result1.db
2012-11-12 16:35 - 2015-01-31 19:12 - 0033193 _____ () C:\Users\Doc's\AppData\Roaming\UserTile.png
2013-07-27 04:58 - 2015-01-17 00:19 - 0000160 _____ () C:\Users\Doc's\AppData\Roaming\WB.CFG
2013-06-15 00:01 - 2014-01-28 00:19 - 0000005 _____ () C:\Users\Doc's\AppData\Roaming\WBPU-TTL.DAT
2014-03-23 17:23 - 2014-03-23 17:23 - 0003584 _____ () C:\Users\Doc's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-02 10:04 - 2013-06-02 10:04 - 0000017 _____ () C:\Users\Doc's\AppData\Local\resmon.resmoncfg
2014-04-22 09:57 - 2014-04-22 09:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-29 10:40 - 2012-05-29 10:45 - 0002454 _____ () C:\ProgramData\clear.fiSDK20.log
2013-12-04 23:20 - 2013-12-05 09:24 - 0002763 _____ () C:\ProgramData\connector.swf
2012-05-29 10:44 - 2012-05-29 10:44 - 0000032 _____ () C:\ProgramData\PS.log
2014-02-22 13:38 - 2014-02-22 13:38 - 0000079 _____ () C:\ProgramData\spds90.txt
 
Some content of TEMP:
====================
C:\Users\Doc's\AppData\Local\Temp\ct_2016.exe
C:\Users\Doc's\AppData\Local\Temp\install_flashplayer16x32_chrd_dn_aaa_aih.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 09:38
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is Ticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
 
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.