Jump to content

Recommended Posts

Currently my mothers computer is having some trouble.

 

Windows automatic updates are disabled, even given admin privileges, and i found out that the version of Windows 7 Home Premium was still at service pack 1. Thus not ready for Windows 10.

 

This began after malware had infected the computer and was subsequently removed via Malwarebytes, there was a peroid to where i was not able to access the computer and reinfection occured. My guess it wasn't thoroughly removed in the first place.

 

It is now at a point where the computer has lost internet access via wifi despite an avalible connection.

 

Wits end etc, now seeking more advanced help for the matter.

 

I'll make a Farbar Recovery Scan Tool log file in roughly 9 hours and post it in a reply along with removing the peer to peer software from the computer when i wake, just making this thread now as a reminder. If a helper reads this before the time i post the log feel free to request more logs from other software soluations so i can compile them in one reply. :)

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to sick PC desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Sharmaine (ATTENTION: The user is not administrator) on SHARMAINE (06-10-2015 09:53:11)
Running from C:\Users\Sharmaine\Desktop
Loaded Profiles: Sharmaine & Administrator (Available Profiles: Sharmaine & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> avgrsa.exe
Failed to access process -> avgcsrva.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> stacsv64.exe
Failed to access process -> atieclxx.exe
Failed to access process -> svchost.exe
Failed to access process -> wisptis.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> AESTSr64.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> avgidsagent.exe
Failed to access process -> avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> btwdins.exe
Failed to access process -> avgnsa.exe
Failed to access process -> avgemca.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
Failed to access process -> svchost.exe
Failed to access process -> DTSRVC.exe
Failed to access process -> ehrecvr.exe
Failed to access process -> svchost.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
Failed to access process -> HPClientServices.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> pdisrvc.exe
Failed to access process -> svchost.exe
Failed to access process -> SDFSSvc.exe
Failed to access process -> SDUpdSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> SDWSCSvc.exe
Failed to access process -> iPodService.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> WUDFHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
Failed to access process -> GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
Failed to access process -> HPSA_Service.exe
Failed to access process -> taskeng.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-378641337-597838875-491265271-1138\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-17] (Piriform Ltd)
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk /p \??\I:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B5034A5-D8AE-4AD1-A007-1ED263ACD8D8}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FA6A3F7F-AE7B-48B0-A9C7-64E8E5D8852C}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-378641337-597838875-491265271-1138\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130874421890286527&GUID=27FB73A8-DB0C-4490-A65B-C10BE4B14E80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-378641337-597838875-491265271-1138\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-378641337-597838875-491265271-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [s-1-5-21-378641337-597838875-491265271-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

FireFox:
========
FF ProfilePath: C:\Users\Sharmaine\AppData\Roaming\Mozilla\Firefox\Profiles\z7ycitlo.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-01-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-01-13] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-13]
CHR Extension: (Google Docs) - C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-13]
CHR Extension: (Google Drive) - C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-13]
CHR Extension: (YouTube) - C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-13]
CHR Extension: (Google Search) - C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-13]
CHR Extension: (Google Sheets) - C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-13]
CHR Extension: (Gmail) - C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-06] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-02] (Portrait Displays, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 d3a378f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\RelaySubs\RelaySubs.dll",serv
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 09:53 - 2015-10-06 09:53 - 00018182 _____ C:\Users\Sharmaine\Desktop\FRST.txt
2015-10-06 09:53 - 2015-10-06 09:53 - 00000000 ____D C:\FRST
2015-10-06 09:51 - 2015-10-06 09:32 - 02193920 _____ (Farbar) C:\Users\Sharmaine\Desktop\FRST64.exe
2015-10-05 22:45 - 2015-10-05 22:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SHARMAINE-Windows-7-Home-Premium-(64-bit).dat
2015-10-05 22:45 - 2015-10-05 22:45 - 00000000 ____D C:\RegBackup
2015-10-05 22:10 - 2015-10-05 22:10 - 00002117 _____ C:\Users\Sharmaine\Desktop\Tweaking.com - Windows Repair.lnk
2015-10-05 22:10 - 2015-10-05 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-05 22:09 - 2015-10-05 22:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 22:09 - 2015-10-05 21:51 - 20389640 _____ (Tweaking.com) C:\Users\Sharmaine\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\Users\Sharmaine\Desktop\mbar
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-05 21:42 - 2015-10-05 21:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-05 21:42 - 2015-10-05 21:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sharmaine\Desktop\mbar-1.09.3.1001.exe
2015-10-05 21:41 - 2015-10-05 21:40 - 22772808 _____ C:\Users\Sharmaine\Desktop\RogueKillerX64.exe
2015-10-05 21:33 - 2015-10-05 21:40 - 00002432 _____ C:\Users\Sharmaine\Desktop\Rkill.txt
2015-10-05 21:30 - 2015-10-05 21:30 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Sharmaine\Desktop\rkill.exe
2015-10-05 21:30 - 2015-10-05 21:28 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Sharmaine\Desktop\mbam-clean-2.1.1.1001.exe
2015-10-05 08:58 - 2015-10-06 09:27 - 00000392 _____ C:\Windows\setupact.log
2015-10-05 08:58 - 2015-10-05 23:21 - 00113504 _____ C:\Users\Sharmaine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-05 08:58 - 2015-10-05 23:20 - 00418464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-05 08:58 - 2015-10-05 23:20 - 00017416 _____ C:\Windows\PFRO.log
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 _____ C:\Windows\setuperr.log
2015-10-05 08:35 - 2015-10-05 20:31 - 00075752 _____ C:\Users\Sharmaine\Desktop\RegSetup-60769920.exe
2015-10-05 08:35 - 2015-10-05 20:28 - 06677440 _____ (Piriform Ltd) C:\Users\Sharmaine\Desktop\ccsetup510.exe
2015-10-05 08:35 - 2015-10-05 08:35 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\Program Files\CCleaner
2015-10-05 08:21 - 2015-10-05 08:21 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\TuneUp Software
2015-10-05 08:04 - 2015-10-05 08:04 - 00021696 _____ C:\ComboFix.txt
2015-10-05 07:40 - 2015-10-05 07:40 - 00001164 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-10-05 07:40 - 2015-10-05 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-05 07:40 - 2015-10-05 07:40 - 00000000 ____D C:\ProgramData\Avira
2015-10-05 07:40 - 2015-10-05 07:40 - 00000000 ____D C:\Program Files (x86)\Avira
2015-10-05 07:31 - 2015-10-05 07:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-05 07:18 - 2015-10-05 07:33 - 00000000 ____D C:\AdwCleaner
2015-10-05 07:17 - 2015-10-05 19:14 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Sharmaine\Desktop\avast_free_antivirus_setup_online.exe
2015-10-05 07:17 - 2015-10-05 19:14 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-10-05 07:17 - 2015-10-05 19:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sharmaine\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-05 07:17 - 2015-10-05 19:05 - 23579408 _____ (SUPERAntiSpyware) C:\Users\Sharmaine\Desktop\SAS_271753.EXE
2015-10-05 07:17 - 2015-10-05 19:05 - 04559688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sharmaine\Desktop\avira_en_av_56123618e8f86__ws.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 11427128 _____ (Bitdefender LLC) C:\Users\Sharmaine\Desktop\BootkitRemoval_x64.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 00783640 _____ (McAfee, Inc.) C:\Users\Sharmaine\Desktop\rootkitremover.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sharmaine\Desktop\tdsskiller.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 01681920 _____ C:\Users\Sharmaine\Desktop\adwcleaner_5.010.exe
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Mozilla
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Mozilla
2015-10-05 06:50 - 2015-10-05 18:49 - 42802928 _____ C:\Users\Sharmaine\Desktop\Firefox Setup 41.0.1.exe
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\Documents\Bluetooth Exchange Folder
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Broadcom
2015-09-26 08:02 - 2015-10-05 22:09 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-26 08:02 - 2015-09-26 08:24 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-26 08:00 - 2015-09-26 08:01 - 18801736 _____ C:\Users\Sharmaine\Downloads\RogueKiller.exe
2015-09-25 13:55 - 2015-09-25 13:55 - 00481870 _____ C:\Users\Sharmaine\Downloads\s.jpeg
2015-09-23 10:55 - 2015-09-23 10:55 - 00001461 _____ C:\Users\Sharmaine\Desktop\Internet Explorer (No Add-ons).lnk
2015-09-23 10:49 - 2015-09-23 10:49 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\SUPERAntiSpyware.com
2015-09-23 10:39 - 2015-09-23 10:39 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Hewlett-Packard
2015-09-22 17:45 - 2015-09-22 17:45 - 00380416 _____ C:\Users\Sharmaine\Downloads\d8971d85.exe
2015-09-22 17:25 - 2015-09-22 17:25 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\GWX
2015-09-22 16:58 - 2011-06-26 17:15 - 00256000 _____ C:\Windows\PEV.exe
2015-09-22 16:58 - 2010-11-08 03:50 - 00208896 _____ C:\Windows\MBR.exe
2015-09-22 16:58 - 2009-04-20 15:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00098816 _____ C:\Windows\sed.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00080412 _____ C:\Windows\grep.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00068096 _____ C:\Windows\zip.exe
2015-09-22 16:57 - 2015-10-05 08:04 - 00000000 ____D C:\Qoobox
2015-09-22 16:57 - 2015-09-22 17:20 - 00000000 ____D C:\Windows\erdnt
2015-09-22 16:56 - 2015-09-22 16:55 - 05635484 ____R (Swearware) C:\Users\Sharmaine\Desktop\ComboFix.exe
2015-09-22 16:55 - 2015-09-22 16:55 - 05635484 _____ (Swearware) C:\Users\Sharmaine\Downloads\ComboFix.exe
2015-09-22 16:31 - 2015-09-22 16:31 - 00302011 _____ C:\Users\Sharmaine\Downloads\WindowsUpdateDiagnostic.diagcab
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-09-18 15:32 - 2015-09-18 15:32 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 09:52 - 2009-07-14 15:43 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-06 09:43 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 09:43 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 09:39 - 2011-04-14 09:01 - 01707583 _____ C:\Windows\WindowsUpdate.log
2015-10-06 09:33 - 2015-08-08 00:12 - 00000000 ____D C:\ProgramData\MFAData
2015-10-06 09:31 - 2015-08-21 13:41 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\qBittorrent
2015-10-06 09:27 - 2009-07-14 15:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 23:06 - 2009-07-14 13:04 - 00000560 _____ C:\Windows\win.ini
2015-10-05 22:30 - 2009-07-14 13:50 - 00000000 __RHD C:\Users\Default
2015-10-05 21:15 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\system32\NDF
2015-10-05 09:09 - 2015-06-20 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-05 08:36 - 2012-11-26 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
2015-10-05 08:36 - 2011-07-05 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2015-10-05 08:36 - 2009-07-14 16:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-05 08:20 - 2014-05-25 22:42 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-05 08:02 - 2009-07-14 13:04 - 00000215 _____ C:\Windows\system.ini
2015-10-05 07:40 - 2014-09-30 17:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 06:43 - 2012-04-26 16:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-05 04:01 - 2015-08-21 13:46 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Apple Computer
2015-09-30 10:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Hewlett-Packard
2015-09-30 10:28 - 2011-09-14 22:39 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-26 09:06 - 2015-06-03 05:24 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-09-26 08:30 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\registration
2015-09-26 08:23 - 2009-07-14 13:04 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts_bak_723
2015-09-25 14:36 - 2015-08-20 14:43 - 00000000 ____D C:\Users\Sharmaine\Desktop\Brad
2015-09-23 16:05 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\Globalization
2015-09-23 12:51 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Avg2015
2015-09-23 11:17 - 2014-09-26 12:20 - 00000000 ____D C:\Windows\Minidump
2015-09-22 16:43 - 2011-09-02 01:03 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-22 13:00 - 2009-07-14 15:38 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 15:34 - 2015-08-12 18:21 - 00000927 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-18 15:34 - 2015-08-12 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-18 15:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Google

==================== Files in the root of some directories =======

2015-06-20 14:43 - 2015-08-07 22:24 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-06-01 12:06 - 2015-06-02 21:22 - 0000112 _____ () C:\ProgramData\01Jmpaj.dat
2011-09-12 18:26 - 2012-04-16 12:56 - 0003578 _____ () C:\ProgramData\hpzinstall.log
2011-08-17 23:23 - 2015-03-22 16:51 - 0045083 _____ () C:\ProgramData\MusicStation.log
2011-08-17 23:21 - 2011-08-17 23:21 - 0000224 _____ () C:\ProgramData\MusicStation.xml

Files to move or delete:
====================
C:\ProgramData\01Jmpaj.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-08-17 17:39] - [2015-08-07 23:11] - 0357888 ____A (Microsoft Corporation) AE17E3B7BDC6DE01C03635E6E9C5310E

C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

 

 

 

Addition.txt

Link to post
Share on other sites

FRST needs to be run from an account with Admin status, run once more from an account with Administrator status as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

 

Also run this please:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe   <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefinddnsapi.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt

Thank you,

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Administrator (administrator) on SHARMAINE (06-10-2015 19:59:52)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Sharmaine & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
() C:\Users\Administrator\Desktop\SystemLook_x64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk /p \??\I:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-378641337-597838875-491265271-500] => http=127.0.0.1:8888;https=127.0.0.1:8888
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B5034A5-D8AE-4AD1-A007-1ED263ACD8D8}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FA6A3F7F-AE7B-48B0-A9C7-64E8E5D8852C}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-378641337-597838875-491265271-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130874421890286527&GUID=27FB73A8-DB0C-4490-A65B-C10BE4B14E80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-378641337-597838875-491265271-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378641337-597838875-491265271-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-01-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-01-13] (Apple Inc.)
FF Extension: coupcoup - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\Extensions\dribqjfkvzsxwhojoz@whanqvqrgdtnle.edu [2015-08-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\jh_hkkadvdsqtcbqtom@pijbitbnxbhtgaqv.org [not found]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-07]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-07]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240872 2015-09-10] (Avira Operations GmbH & Co. KG)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-06] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-02] (Portrait Displays, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 d3a378f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\RelaySubs\RelaySubs.dll",serv
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 19:59 - 2015-10-06 20:00 - 00017660 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-10-06 19:58 - 2015-10-06 19:59 - 00003708 _____ C:\Users\Administrator\Desktop\SystemLook.txt
2015-10-06 19:57 - 2015-10-06 19:55 - 00165376 _____ C:\Users\Administrator\Desktop\SystemLook_x64.exe
2015-10-06 19:57 - 2015-10-06 09:32 - 02193920 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-10-06 09:53 - 2015-10-06 19:59 - 00000000 ____D C:\FRST
2015-10-06 09:53 - 2015-10-06 09:54 - 00035772 _____ C:\Users\Sharmaine\Desktop\Addition.txt
2015-10-06 09:53 - 2015-10-06 09:54 - 00031155 _____ C:\Users\Sharmaine\Desktop\FRST.txt
2015-10-06 09:51 - 2015-10-06 09:32 - 02193920 _____ (Farbar) C:\Users\Sharmaine\Desktop\FRST64.exe
2015-10-05 22:45 - 2015-10-05 22:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SHARMAINE-Windows-7-Home-Premium-(64-bit).dat
2015-10-05 22:45 - 2015-10-05 22:45 - 00000000 ____D C:\RegBackup
2015-10-05 22:10 - 2015-10-05 22:10 - 00003664 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-10-05 22:10 - 2015-10-05 22:10 - 00002117 _____ C:\Users\Sharmaine\Desktop\Tweaking.com - Windows Repair.lnk
2015-10-05 22:10 - 2015-10-05 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-05 22:09 - 2015-10-05 22:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 22:09 - 2015-10-05 21:51 - 20389640 _____ (Tweaking.com) C:\Users\Sharmaine\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\Users\Sharmaine\Desktop\mbar
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-05 21:42 - 2015-10-05 21:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-05 21:42 - 2015-10-05 21:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sharmaine\Desktop\mbar-1.09.3.1001.exe
2015-10-05 21:41 - 2015-10-05 21:40 - 22772808 _____ C:\Users\Sharmaine\Desktop\RogueKillerX64.exe
2015-10-05 21:33 - 2015-10-05 21:40 - 00002432 _____ C:\Users\Sharmaine\Desktop\Rkill.txt
2015-10-05 21:30 - 2015-10-05 21:30 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Sharmaine\Desktop\rkill.exe
2015-10-05 21:30 - 2015-10-05 21:28 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Sharmaine\Desktop\mbam-clean-2.1.1.1001.exe
2015-10-05 08:58 - 2015-10-06 09:27 - 00000392 _____ C:\Windows\setupact.log
2015-10-05 08:58 - 2015-10-05 23:21 - 00113504 _____ C:\Users\Sharmaine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-05 08:58 - 2015-10-05 23:20 - 00418464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-05 08:58 - 2015-10-05 23:20 - 00017416 _____ C:\Windows\PFRO.log
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 _____ C:\Windows\setuperr.log
2015-10-05 08:35 - 2015-10-05 20:31 - 00075752 _____ C:\Users\Sharmaine\Desktop\RegSetup-60769920.exe
2015-10-05 08:35 - 2015-10-05 20:28 - 06677440 _____ (Piriform Ltd) C:\Users\Sharmaine\Desktop\ccsetup510.exe
2015-10-05 08:35 - 2015-10-05 08:35 - 00002800 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-05 08:35 - 2015-10-05 08:35 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\Program Files\CCleaner
2015-10-05 08:21 - 2015-10-05 08:21 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\TuneUp Software
2015-10-05 08:04 - 2015-10-05 08:04 - 00021696 _____ C:\ComboFix.txt
2015-10-05 07:40 - 2015-10-05 07:40 - 00001164 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-10-05 07:40 - 2015-10-05 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-05 07:40 - 2015-10-05 07:40 - 00000000 ____D C:\ProgramData\Avira
2015-10-05 07:40 - 2015-10-05 07:40 - 00000000 ____D C:\Program Files (x86)\Avira
2015-10-05 07:31 - 2015-10-05 07:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-05 07:18 - 2015-10-05 07:33 - 00000000 ____D C:\AdwCleaner
2015-10-05 07:17 - 2015-10-05 19:14 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Sharmaine\Desktop\avast_free_antivirus_setup_online.exe
2015-10-05 07:17 - 2015-10-05 19:14 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2015-10-05 07:17 - 2015-10-05 19:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sharmaine\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-05 07:17 - 2015-10-05 19:05 - 23579408 _____ (SUPERAntiSpyware) C:\Users\Sharmaine\Desktop\SAS_271753.EXE
2015-10-05 07:17 - 2015-10-05 19:05 - 04559688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sharmaine\Desktop\avira_en_av_56123618e8f86__ws.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 11427128 _____ (Bitdefender LLC) C:\Users\Sharmaine\Desktop\BootkitRemoval_x64.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 00783640 _____ (McAfee, Inc.) C:\Users\Sharmaine\Desktop\rootkitremover.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sharmaine\Desktop\tdsskiller.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 01681920 _____ C:\Users\Sharmaine\Desktop\adwcleaner_5.010.exe
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Mozilla
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Mozilla
2015-10-05 06:50 - 2015-10-05 18:49 - 42802928 _____ C:\Users\Sharmaine\Desktop\Firefox Setup 41.0.1.exe
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\Documents\Bluetooth Exchange Folder
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Broadcom
2015-09-26 09:08 - 2015-09-26 09:08 - 00000274 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.bat
2015-09-26 09:07 - 2015-09-26 09:07 - 00001181 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy (1).vbs
2015-09-26 09:06 - 2015-09-26 09:07 - 00001181 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.vbs
2015-09-26 08:58 - 2015-09-26 08:58 - 00001755 _____ C:\Users\Administrator\Desktop\Internet Explorer (No Add-ons).lnk
2015-09-26 08:57 - 2015-09-26 08:57 - 00302011 _____ C:\Users\Administrator\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-09-26 08:56 - 2015-09-26 08:56 - 00985600 _____ C:\Users\Administrator\Downloads\MicrosoftFixit50123.msi
2015-09-26 08:02 - 2015-10-05 22:09 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-26 08:02 - 2015-09-26 08:24 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-26 08:00 - 2015-09-26 08:01 - 18801736 _____ C:\Users\Sharmaine\Downloads\RogueKiller.exe
2015-09-25 13:55 - 2015-09-25 13:55 - 00481870 _____ C:\Users\Sharmaine\Downloads\s.jpeg
2015-09-23 10:55 - 2015-09-23 10:55 - 00001461 _____ C:\Users\Sharmaine\Desktop\Internet Explorer (No Add-ons).lnk
2015-09-23 10:49 - 2015-09-23 10:49 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\SUPERAntiSpyware.com
2015-09-23 10:39 - 2015-09-23 10:39 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Hewlett-Packard
2015-09-22 17:45 - 2015-09-22 17:45 - 00380416 _____ C:\Users\Sharmaine\Downloads\d8971d85.exe
2015-09-22 17:25 - 2015-09-22 17:25 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\GWX
2015-09-22 16:58 - 2011-06-26 17:15 - 00256000 _____ C:\Windows\PEV.exe
2015-09-22 16:58 - 2010-11-08 03:50 - 00208896 _____ C:\Windows\MBR.exe
2015-09-22 16:58 - 2009-04-20 15:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00098816 _____ C:\Windows\sed.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00080412 _____ C:\Windows\grep.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00068096 _____ C:\Windows\zip.exe
2015-09-22 16:57 - 2015-10-05 08:04 - 00000000 ____D C:\Qoobox
2015-09-22 16:57 - 2015-09-22 17:20 - 00000000 ____D C:\Windows\erdnt
2015-09-22 16:56 - 2015-09-22 16:55 - 05635484 ____R (Swearware) C:\Users\Sharmaine\Desktop\ComboFix.exe
2015-09-22 16:55 - 2015-09-22 16:55 - 05635484 _____ (Swearware) C:\Users\Sharmaine\Downloads\ComboFix.exe
2015-09-22 16:31 - 2015-09-22 16:31 - 00302011 _____ C:\Users\Sharmaine\Downloads\WindowsUpdateDiagnostic.diagcab
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-09-18 15:32 - 2015-09-18 15:32 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Avg
2015-09-18 15:32 - 2015-09-18 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 19:57 - 2015-08-07 22:09 - 00113504 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-06 09:52 - 2009-07-14 15:43 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-06 09:43 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 09:43 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 09:39 - 2011-04-14 09:01 - 01707583 _____ C:\Windows\WindowsUpdate.log
2015-10-06 09:33 - 2015-08-08 00:12 - 00000000 ____D C:\ProgramData\MFAData
2015-10-06 09:31 - 2015-08-21 13:41 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\qBittorrent
2015-10-06 09:27 - 2009-07-14 15:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 23:06 - 2009-07-14 13:04 - 00000560 _____ C:\Windows\win.ini
2015-10-05 22:30 - 2009-07-14 13:50 - 00000000 __RHD C:\Users\Default
2015-10-05 21:15 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\system32\NDF
2015-10-05 09:09 - 2015-06-20 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-05 08:36 - 2012-11-26 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
2015-10-05 08:36 - 2011-07-05 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2015-10-05 08:36 - 2009-07-14 16:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-05 08:20 - 2014-05-25 22:42 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-05 08:02 - 2009-07-14 13:04 - 00000215 _____ C:\Windows\system.ini
2015-10-05 07:40 - 2014-09-30 17:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-05 06:43 - 2012-04-26 16:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-05 04:01 - 2015-08-21 13:46 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Apple Computer
2015-09-30 10:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Hewlett-Packard
2015-09-30 10:28 - 2011-09-14 22:39 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-26 09:06 - 2015-06-03 05:24 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-09-26 08:30 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\registration
2015-09-26 08:23 - 2009-07-14 13:04 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts_bak_723
2015-09-25 14:36 - 2015-08-20 14:43 - 00000000 ____D C:\Users\Sharmaine\Desktop\Brad
2015-09-23 16:05 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\Globalization
2015-09-23 12:51 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Avg2015
2015-09-23 11:17 - 2014-09-26 12:20 - 00000000 ____D C:\Windows\Minidump
2015-09-22 17:24 - 2009-07-14 15:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-22 16:43 - 2011-09-02 01:03 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-22 13:00 - 2009-07-14 15:38 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 15:34 - 2015-08-12 18:21 - 00000927 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-18 15:34 - 2015-08-12 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-18 15:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Google

==================== Files in the root of some directories =======

2015-06-20 14:43 - 2015-08-07 22:24 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-08-07 23:12 - 2015-08-08 00:07 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\appdataFr2.bin
2015-04-19 22:50 - 2015-04-19 22:50 - 0005872 _____ () C:\Users\Administrator\AppData\Roaming\gDm8BoVeIll7dbhxY
2015-08-12 19:50 - 2015-08-12 19:50 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2015-06-01 12:06 - 2015-06-02 21:22 - 0000112 _____ () C:\ProgramData\01Jmpaj.dat
2011-09-12 18:26 - 2012-04-16 12:56 - 0003578 _____ () C:\ProgramData\hpzinstall.log
2011-08-17 23:23 - 2015-03-22 16:51 - 0045083 _____ () C:\ProgramData\MusicStation.log
2011-08-17 23:21 - 2011-08-17 23:21 - 0000224 _____ () C:\ProgramData\MusicStation.xml

Files to move or delete:
====================
C:\ProgramData\01Jmpaj.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-08-17 17:39] - [2015-08-07 23:11] - 0357888 ____A (Microsoft Corporation) AE17E3B7BDC6DE01C03635E6E9C5310E

C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 03:17

==================== End of FRST.txt ============================

Addition.txt

Link to post
Share on other sites

Thanks for those logs, please ensure all tools we use are run from an admin account....

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

there two active security systems with AV components, that action is counterproductive and will have a negative effect. It is essential to only have one active AV program.

Please uninstall one of the active programs, obviously the choice is yours..

 

MSE removal tool - http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

 

AVG removal tool - http://www.avg.com/us-en/utilities

 

Next,

 

Your browser (Chrome) is corrupt and probably exploited, a clean install is required as follows:

 

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb
 

Next,

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

 
Next,
 
Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....
 

Please run those steps in the order given, post all logs. Also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Yes I see the winsock maybe is busted, I give instruction to reset winsock in FRST fix, maybe connection will be restored after FRST fix is run and sytem is rebooted.

 

For chrome go here: C:\Users\Administrator\AppData\Local\Google\Chrome Delete the folder named Chrome. we can do a registry search later and remove all remnants.

 

Do all other steps I listed if possible. FRST fix is the main one to complete first if possible....

 

I have to go out shortly for maybe 3 to 4 hours...

 

Thank you,

 

Kevin

Link to post
Share on other sites

Malwarebytes anti-malware to reinstall given error: Could not call proc.

 

Google chrome could not be located in directory, reinstallation of any other browser ignored.

 

# AdwCleaner v5.010 - Logfile created 06/10/2015 at 21:55:55
# Updated 04/10/2015 by Xplode
# Database : 2015-10-04.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Administrator - SHARMAINE
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[!] File Not Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [778 bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on Tue 06/10/2015 at 21:47:26.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [service] d3a378f6 [Reboot required]



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update App Bud
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util App Bud



~~~ Files

Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\appdataFr2.bin
Successfully deleted: [File] C:\ProgramData\01Jmpaj.dat
Successfully deleted: [File] C:\Windows\SysWOW64\sho89A8.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Users\Administrator\Appdata\LocalLow\company



~~~ Chrome


[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/10/2015 at 21:49:55.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Administrator (administrator) on SHARMAINE (06-10-2015 21:59:28)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Sharmaine & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk /p \??\i:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [s-1-5-21-378641337-597838875-491265271-500] => http=127.0.0.1:8888;https=127.0.0.1:8888
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B5034A5-D8AE-4AD1-A007-1ED263ACD8D8}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FA6A3F7F-AE7B-48B0-A9C7-64E8E5D8852C}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130874421890286527&GUID=27FB73A8-DB0C-4490-A65B-C10BE4B14E80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-378641337-597838875-491265271-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378641337-597838875-491265271-500 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-01-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-01-13] (Apple Inc.)
FF Extension: coupcoup - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\Extensions\dribqjfkvzsxwhojoz@whanqvqrgdtnle.edu [2015-08-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\jh_hkkadvdsqtcbqtom@pijbitbnxbhtgaqv.org [not found]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-07]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-07]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-06] (Hewlett-Packard) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-02] (Portrait Displays, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 21:57 - 2015-10-06 21:57 - 00000856 _____ C:\Users\Administrator\Desktop\AdwCleaner[C4].txt
2015-10-06 21:52 - 2015-10-06 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2015-10-06 21:49 - 2015-10-06 21:49 - 00001816 _____ C:\Users\Administrator\Desktop\JRT.txt
2015-10-06 21:47 - 2015-10-06 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-10-06 21:41 - 2015-10-06 21:40 - 01801288 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2015-10-06 21:41 - 2015-10-06 21:40 - 01681920 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2015-10-06 21:13 - 2015-10-06 21:52 - 00577039 _____ C:\Users\Administrator\Desktop\avgremover.log
2015-10-06 21:13 - 2015-10-06 21:11 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Desktop\avg_remover_stf_x64_2015_5501.exe
2015-10-06 20:00 - 2015-10-06 20:00 - 00044011 _____ C:\Users\Administrator\Desktop\Addition.txt
2015-10-06 19:59 - 2015-10-06 21:59 - 00014579 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-10-06 19:58 - 2015-10-06 19:59 - 00003708 _____ C:\Users\Administrator\Desktop\SystemLook.txt
2015-10-06 19:57 - 2015-10-06 19:55 - 00165376 _____ C:\Users\Administrator\Desktop\SystemLook_x64.exe
2015-10-06 19:57 - 2015-10-06 09:32 - 02193920 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-10-06 09:53 - 2015-10-06 21:59 - 00000000 ____D C:\FRST
2015-10-06 09:53 - 2015-10-06 09:54 - 00035772 _____ C:\Users\Sharmaine\Desktop\Addition.txt
2015-10-06 09:53 - 2015-10-06 09:54 - 00031155 _____ C:\Users\Sharmaine\Desktop\FRST.txt
2015-10-06 09:51 - 2015-10-06 09:32 - 02193920 _____ (Farbar) C:\Users\Sharmaine\Desktop\FRST64.exe
2015-10-05 22:45 - 2015-10-05 22:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SHARMAINE-Windows-7-Home-Premium-(64-bit).dat
2015-10-05 22:45 - 2015-10-05 22:45 - 00000000 ____D C:\RegBackup
2015-10-05 22:10 - 2015-10-05 22:10 - 00003664 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-10-05 22:10 - 2015-10-05 22:10 - 00002117 _____ C:\Users\Sharmaine\Desktop\Tweaking.com - Windows Repair.lnk
2015-10-05 22:10 - 2015-10-05 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-05 22:09 - 2015-10-05 22:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 22:09 - 2015-10-05 21:51 - 20389640 _____ (Tweaking.com) C:\Users\Sharmaine\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\Users\Sharmaine\Desktop\mbar
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-05 21:42 - 2015-10-05 21:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-05 21:42 - 2015-10-05 21:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sharmaine\Desktop\mbar-1.09.3.1001.exe
2015-10-05 21:41 - 2015-10-05 21:40 - 22772808 _____ C:\Users\Sharmaine\Desktop\RogueKillerX64.exe
2015-10-05 21:33 - 2015-10-05 21:40 - 00002432 _____ C:\Users\Sharmaine\Desktop\Rkill.txt
2015-10-05 21:30 - 2015-10-05 21:30 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Sharmaine\Desktop\rkill.exe
2015-10-05 21:30 - 2015-10-05 21:28 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Sharmaine\Desktop\mbam-clean-2.1.1.1001.exe
2015-10-05 08:58 - 2015-10-06 21:57 - 00000560 _____ C:\Windows\setupact.log
2015-10-05 08:58 - 2015-10-06 21:14 - 00021960 _____ C:\Windows\PFRO.log
2015-10-05 08:58 - 2015-10-05 23:21 - 00113504 _____ C:\Users\Sharmaine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-05 08:58 - 2015-10-05 23:20 - 00418464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 _____ C:\Windows\setuperr.log
2015-10-05 08:35 - 2015-10-05 20:31 - 00075752 _____ C:\Users\Sharmaine\Desktop\RegSetup-60769920.exe
2015-10-05 08:35 - 2015-10-05 20:28 - 06677440 _____ (Piriform Ltd) C:\Users\Sharmaine\Desktop\ccsetup510.exe
2015-10-05 08:35 - 2015-10-05 08:35 - 00002800 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-05 08:35 - 2015-10-05 08:35 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\Program Files\CCleaner
2015-10-05 08:21 - 2015-10-05 08:21 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\TuneUp Software
2015-10-05 08:04 - 2015-10-05 08:04 - 00021696 _____ C:\ComboFix.txt
2015-10-05 07:31 - 2015-10-05 07:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-05 07:18 - 2015-10-06 21:55 - 00000000 ____D C:\AdwCleaner
2015-10-05 07:17 - 2015-10-05 19:14 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Sharmaine\Desktop\avast_free_antivirus_setup_online.exe
2015-10-05 07:17 - 2015-10-05 19:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sharmaine\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-05 07:17 - 2015-10-05 19:05 - 23579408 _____ (SUPERAntiSpyware) C:\Users\Sharmaine\Desktop\SAS_271753.EXE
2015-10-05 07:17 - 2015-10-05 19:05 - 04559688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sharmaine\Desktop\avira_en_av_56123618e8f86__ws.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 11427128 _____ (Bitdefender LLC) C:\Users\Sharmaine\Desktop\BootkitRemoval_x64.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 00783640 _____ (McAfee, Inc.) C:\Users\Sharmaine\Desktop\rootkitremover.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sharmaine\Desktop\tdsskiller.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 01681920 _____ C:\Users\Sharmaine\Desktop\adwcleaner_5.010.exe
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Mozilla
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Mozilla
2015-10-05 06:50 - 2015-10-05 18:49 - 42802928 _____ C:\Users\Sharmaine\Desktop\Firefox Setup 41.0.1.exe
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\Documents\Bluetooth Exchange Folder
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Broadcom
2015-09-26 09:08 - 2015-09-26 09:08 - 00000274 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.bat
2015-09-26 09:07 - 2015-09-26 09:07 - 00001181 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy (1).vbs
2015-09-26 09:06 - 2015-09-26 09:07 - 00001181 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.vbs
2015-09-26 08:58 - 2015-09-26 08:58 - 00001755 _____ C:\Users\Administrator\Desktop\Internet Explorer (No Add-ons).lnk
2015-09-26 08:57 - 2015-09-26 08:57 - 00302011 _____ C:\Users\Administrator\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-09-26 08:56 - 2015-09-26 08:56 - 00985600 _____ C:\Users\Administrator\Downloads\MicrosoftFixit50123.msi
2015-09-26 08:02 - 2015-10-05 22:09 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-26 08:02 - 2015-09-26 08:24 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-26 08:00 - 2015-09-26 08:01 - 18801736 _____ C:\Users\Sharmaine\Downloads\RogueKiller.exe
2015-09-25 13:55 - 2015-09-25 13:55 - 00481870 _____ C:\Users\Sharmaine\Downloads\s.jpeg
2015-09-23 10:55 - 2015-09-23 10:55 - 00001461 _____ C:\Users\Sharmaine\Desktop\Internet Explorer (No Add-ons).lnk
2015-09-23 10:49 - 2015-09-23 10:49 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\SUPERAntiSpyware.com
2015-09-23 10:39 - 2015-09-23 10:39 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Hewlett-Packard
2015-09-22 17:45 - 2015-09-22 17:45 - 00380416 _____ C:\Users\Sharmaine\Downloads\d8971d85.exe
2015-09-22 17:25 - 2015-09-22 17:25 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\GWX
2015-09-22 16:58 - 2011-06-26 17:15 - 00256000 _____ C:\Windows\PEV.exe
2015-09-22 16:58 - 2010-11-08 03:50 - 00208896 _____ C:\Windows\MBR.exe
2015-09-22 16:58 - 2009-04-20 15:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00098816 _____ C:\Windows\sed.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00080412 _____ C:\Windows\grep.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00068096 _____ C:\Windows\zip.exe
2015-09-22 16:57 - 2015-10-05 08:04 - 00000000 ____D C:\Qoobox
2015-09-22 16:57 - 2015-09-22 17:20 - 00000000 ____D C:\Windows\erdnt
2015-09-22 16:56 - 2015-09-22 16:55 - 05635484 ____R (Swearware) C:\Users\Sharmaine\Desktop\ComboFix.exe
2015-09-22 16:55 - 2015-09-22 16:55 - 05635484 _____ (Swearware) C:\Users\Sharmaine\Downloads\ComboFix.exe
2015-09-22 16:31 - 2015-09-22 16:31 - 00302011 _____ C:\Users\Sharmaine\Downloads\WindowsUpdateDiagnostic.diagcab
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-09-18 15:32 - 2015-09-18 15:32 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Avg
2015-09-18 15:32 - 2015-09-18 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-06 21:57 - 2009-07-14 15:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-06 21:56 - 2011-04-14 09:01 - 01715772 _____ C:\Windows\WindowsUpdate.log
2015-10-06 21:52 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 21:52 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-06 21:51 - 2009-07-14 15:43 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-06 21:17 - 2014-09-30 17:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-06 19:57 - 2015-08-07 22:09 - 00113504 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-06 09:31 - 2015-08-21 13:41 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\qBittorrent
2015-10-05 23:06 - 2009-07-14 13:04 - 00000560 _____ C:\Windows\win.ini
2015-10-05 22:30 - 2009-07-14 13:50 - 00000000 __RHD C:\Users\Default
2015-10-05 21:15 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\system32\NDF
2015-10-05 09:09 - 2015-06-20 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-05 08:36 - 2012-11-26 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
2015-10-05 08:36 - 2011-07-05 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2015-10-05 08:36 - 2009-07-14 16:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-05 08:20 - 2014-05-25 22:42 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-05 08:02 - 2009-07-14 13:04 - 00000215 _____ C:\Windows\system.ini
2015-10-05 06:43 - 2012-04-26 16:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-05 04:01 - 2015-08-21 13:46 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Apple Computer
2015-09-30 10:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Hewlett-Packard
2015-09-30 10:28 - 2011-09-14 22:39 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-26 08:30 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\registration
2015-09-26 08:23 - 2009-07-14 13:04 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts_bak_723
2015-09-25 14:36 - 2015-08-20 14:43 - 00000000 ____D C:\Users\Sharmaine\Desktop\Brad
2015-09-23 16:05 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\Globalization
2015-09-23 11:17 - 2014-09-26 12:20 - 00000000 ____D C:\Windows\Minidump
2015-09-22 17:24 - 2009-07-14 15:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-22 16:43 - 2011-09-02 01:03 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-22 13:00 - 2009-07-14 15:38 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 15:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Google

==================== Files in the root of some directories =======

2015-06-20 14:43 - 2015-08-07 22:24 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-04-19 22:50 - 2015-04-19 22:50 - 0005872 _____ () C:\Users\Administrator\AppData\Roaming\gDm8BoVeIll7dbhxY
2015-08-12 19:50 - 2015-08-12 19:50 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2011-09-12 18:26 - 2012-04-16 12:56 - 0003578 _____ () C:\ProgramData\hpzinstall.log
2011-08-17 23:23 - 2015-03-22 16:51 - 0045083 _____ () C:\ProgramData\MusicStation.log
2011-08-17 23:21 - 2011-08-17 23:21 - 0000224 _____ () C:\ProgramData\MusicStation.xml

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-08-17 17:39] - [2015-08-07 23:11] - 0357888 ____A (Microsoft Corporation) AE17E3B7BDC6DE01C03635E6E9C5310E

C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 03:17

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Administrator (2015-10-06 22:00:12)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-05 01:49:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-378641337-597838875-491265271-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-378641337-597838875-491265271-501 - Limited - Disabled)
Sharmaine (S-1-5-21-378641337-597838875-491265271-1138 - Limited - Enabled) => C:\Users\Sharmaine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{73AC89D8-5AFD-72F4-5266-03327E392C85}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2011.0112.2151.39168 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP AppsCenter for TouchSmart (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.02.031 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4625 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{967C033E-00C7-4805-9A80-C1C35DA4CF0C}) (Version: 1.0.3923.31229 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4700 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{0581D120-6992-46FA-AAA2-42FA7EFF99C1}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3303 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{E74E7F63-E70F-43f2-873F-35FB66F263B2}) (Version: 2.0.2.124 - Hewlett-Packard)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.1 - Tweaking.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2015-10-05 23:06 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {046C7B17-3286-4B79-9F9F-CFAFCA3B4661} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {0774EB42-1EB4-4EF9-A38E-2F1568045DCE} - \Superclean -> No File <==== ATTENTION
Task: {0E2D826D-1ACE-42C5-AFCD-1A102125CC3C} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {1633633B-EA60-4065-9498-DF17F2EC110A} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-5 -> No File <==== ATTENTION
Task: {19B5D08F-7AC2-4171-A4A2-879C47D76D3A} - \Bidaily Synchronize Task[74c7] -> No File <==== ATTENTION
Task: {23A310E3-4DA9-4CAC-8268-6D87B761DD33} - \868351e2-b93b-4ada-80fb-4143bf685520-1-6 -> No File <==== ATTENTION
Task: {251D8B8F-51F2-4C39-8953-B06D694D0D14} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-1-7 -> No File <==== ATTENTION
Task: {2530C749-5125-46CF-8732-D5D56CA37B33} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {2570E304-D1B4-4E28-8A2D-4C067067A209} - \Crossbrowse -> No File <==== ATTENTION
Task: {2BB847DA-D8F7-4101-BEB8-5D46ADCFA8E7} - \Glopbbiq -> No File <==== ATTENTION
Task: {2FDB174E-305E-40A3-A24F-2B5775A4FB27} - \ASP -> No File <==== ATTENTION
Task: {38506543-C5E1-4025-928B-444885B22C0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3B674D0B-B219-4FC4-8FD8-545CF02A20CA} - System32\Tasks\{64CBFA77-8918-433B-AFE4-BBE2EA2D32B6} => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPTouchSmartWebcam.exe [2010-09-04] (CyberLink Corp.)
Task: {4114CE76-A8CA-4D3C-892E-A2DB81C4DAA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {42EB867B-9EAB-4866-9D1D-5DD1561DD964} - System32\Tasks\{EFA1BD0D-540F-4E2E-BB06-9B2AF734D294} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {4768C090-2CC6-4521-98AF-F22C2D3D1DD9} - \868351e2-b93b-4ada-80fb-4143bf685520-1-7 -> No File <==== ATTENTION
Task: {493FC893-1A47-4D02-BD86-E14F620E56B8} - System32\Tasks\{5E0D0262-FD6F-49BA-9236-94D0AD08438D} => pcalua.exe -a C:\Users\user\AppData\Local\Babylon\Setup\Setup.exe -d C:\Users\user\AppData\Local\Babylon\Setup\ -c "C:\Users\user\AppData\Local\Temp\40A6461D-BAB0-7891-AA00-A5E286F59DF6\Setup.exe"    /mds /mhp /mnt /babTrack="affID=8074" /S /aflt=babsst /instlRef=sst /srcExt=ss /rt -rc
Task: {4AF5C4F6-27A2-41E2-B28C-8724561881E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {4E7C942F-D932-4A96-A354-79FE3486D988} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {55B16AEC-B46D-4A90-A2DA-049FAE9F3604} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-3 -> No File <==== ATTENTION
Task: {56471DB5-3052-494D-9AB8-BD0EC46A83EF} - \868351e2-b93b-4ada-80fb-4143bf685520-7 -> No File <==== ATTENTION
Task: {5B0D52EB-6443-47AC-B644-8017DD4D764F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {5E3581C3-D840-4FE3-967A-76B6C2DD733A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {62E4A043-FBD9-4671-ABCE-B47EBA782DCB} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {62F9EF48-5835-416B-93DF-5485155A87F9} - \868351e2-b93b-4ada-80fb-4143bf685520-6 -> No File <==== ATTENTION
Task: {63995AA0-29DB-480C-8C12-ED256677392E} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-10_user -> No File <==== ATTENTION
Task: {6BCA1027-793E-4F88-AAF5-C5695A0B6647} - \Funmoods -> No File <==== ATTENTION
Task: {751DE27D-BFF0-4F74-8C05-BD5B6FA1B878} - \868351e2-b93b-4ada-80fb-4143bf685520-5_user -> No File <==== ATTENTION
Task: {7D54291D-D776-4FC5-B43C-BDC36300A8D3} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {818D1F48-5262-4256-AF94-43453E0B8DD2} - \868351e2-b93b-4ada-80fb-4143bf685520-10_user -> No File <==== ATTENTION
Task: {82635AC0-682F-48E3-A4E3-02296A3D7C15} - \Bidaily Synchronize Task[8da6] -> No File <==== ATTENTION
Task: {8DE3F959-3521-4C46-B8F3-0E7BF828ED0F} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-6 -> No File <==== ATTENTION
Task: {8F6405CD-D1E3-4F3F-AA47-64CFCAF59CF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {91BE9379-8C6C-4095-872B-EC195ABE6908} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {93627C55-0C79-4DD5-B1AA-C93BB67EE3BF} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {972216C2-B51C-4C9C-B12C-D68730462E65} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {9F347E15-230C-498E-8DBA-6ABB526CDEC2} - \868351e2-b93b-4ada-80fb-4143bf685520-3 -> No File <==== ATTENTION
Task: {AE221F83-8156-4E04-AAB3-B53B5BACEC9D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {AF707EE6-FAC6-4896-8039-91EE54686B3E} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-1-6 -> No File <==== ATTENTION
Task: {B2226F28-E444-495D-9998-E25B5C863B7B} - System32\Tasks\{C6410244-1CB4-4BBD-8479-367637C0DE50} => pcalua.exe -a E:\setup.exe -d E:\
Task: {BA80A5CC-866B-4B85-BAC5-E4E68DB22A1C} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-7 -> No File <==== ATTENTION
Task: {C753EB21-8EC8-43AB-B5F7-8200BB979454} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D85EA6AE-EF9B-44A9-8200-1FFB054B8182} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DCF55243-896D-4F66-B3E7-D965DD0D7F9B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {DFB1EB9A-2411-4C17-BA34-93E5A7C3C53A} - \868351e2-b93b-4ada-80fb-4143bf685520-5 -> No File <==== ATTENTION
Task: {E2C2FBF7-3318-4441-8089-EB2A046E4FEB} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-5_user -> No File <==== ATTENTION
Task: {E85B7609-7781-43CD-91DB-30D743BFAD35} - System32\Tasks\{71068796-E000-42AC-AF90-06D550CF899F} => C:\Program Files (x86)\fliptoast\fliptoast.exe
Task: {EF2AB06E-5CC2-418D-9BF9-CAADB26CB7E5} - System32\Tasks\{AB373B5B-A06C-4D92-BADC-1E2D31A1184E} => pcalua.exe -a C:\Users\user\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
Task: {F76AA726-0172-4FA4-AB9D-2632F9A2532C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-04] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-15 17:26 - 2015-05-15 17:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 17:26 - 2015-05-15 17:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-08 00:07 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-08 00:07 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-08 00:07 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-08 00:07 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-08 00:07 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk => C:\Windows\pss\fliptoast.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\e98f9eb8-5445-4d32-8de1-23dc0cf8cf71.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDAgent => "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ConvertAd => C:\Users\user\AppData\Local\ConvertAd\ConvertAd.exe
MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
MSCONFIG\startupreg: HP KEYBOARDx => "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Nokia.PCSync => "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TornTv Downloader => C:\Users\user\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1B1531A5-612E-4655-89E8-DAAF96D36E78}] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{2F7CC19C-8BFC-43C6-B717-CB4579CD10DD}] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
FirewallRules: [TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [uDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [{7AD81C20-BE2E-4D3D-B728-4E8C36659827}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp DVD A  DC8A2LH
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2015 09:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 5.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1388

Start Time: 01d1002934901dfc

Termination Time: 16

Application Path: C:\Users\Administrator\Desktop\AdwCleaner.exe

Report Id:

Error: (10/06/2015 09:47:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDTray.exe, version: 2.4.40.129, time stamp: 0x535a51a2
Faulting module name: RpcRtRemote.dll, version: 6.1.7601.17514, time stamp: 0x4ce7992f
Exception code: 0xc0000005
Fault offset: 0x000013e4
Faulting process id: 0xac0
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (10/05/2015 11:23:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2015 11:23:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2015 11:08:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: SHARMAINE)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (10/05/2015 11:08:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: SHARMAINE)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (10/05/2015 11:05:03 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\OSPPWMI.MOF

Error: (10/05/2015 11:05:03 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOF

Error: (10/05/2015 10:41:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Set Snapshot Context

Context:
   Execution Context: Requestor

Error: (10/05/2015 10:41:15 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered
].


Operation:
   Set Snapshot Context

Context:
   Execution Context: Requestor


System errors:
=============
Error: (10/06/2015 10:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053

Error: (10/06/2015 10:00:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (10/06/2015 10:00:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (10/06/2015 09:58:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (10/06/2015 09:58:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (10/06/2015 09:58:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/06/2015 09:57:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (10/06/2015 09:57:37 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (10/06/2015 09:57:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (10/06/2015 09:57:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.


CodeIntegrity:
===================================
  Date: 2015-09-22 16:09:46.268
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-22 16:09:46.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-25 14:49:09.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 14:42:49.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 13:06:06.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 12:06:33.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 11:57:56.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-24 15:50:43.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00129_017\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-21 16:12:44.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00129_017\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-21 15:39:23.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00129_017\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i3 CPU 560 @ 3.33GHz
Percentage of memory in use: 30%
Total physical RAM: 3959.11 MB
Available physical RAM: 2760.09 MB
Total Virtual: 7916.43 MB
Available Virtual: 6628.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.08 GB) (Free:858.5 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:21.33 GB) (Free:2.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (UUI) (Removable) (Total:14.87 GB) (Free:14.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E19AF561)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

Issues remaining:

 

No access to internet

Windows automatic update permission area grayed out, stuck on Never Update

Malwarebyte anti-malware failed to install
 

Link to post
Share on other sites

Whoops. Reran in order above.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Administrator (2015-10-07 00:28:37) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Sharmaine & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [s-1-5-21-378641337-597838875-491265271-500] => http=127.0.0.1:8888;https=127.0.0.1:8888
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-378641337-597838875-491265271-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Extension: coupcoup - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\Extensions\dribqjfkvzsxwhojoz@whanqvqrgdtnle.edu [2015-08-07]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\jh_hkkadvdsqtcbqtom@pijbitbnxbhtgaqv.org [not found]
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbox64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Users\Administrator\AppData\Roaming\gDm8BoVeIll7dbhxY
C:\ProgramData\01Jmpaj.dat
Task: {046C7B17-3286-4B79-9F9F-CFAFCA3B4661} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {0774EB42-1EB4-4EF9-A38E-2F1568045DCE} - \Superclean -> No File <==== ATTENTION
Task: {0E2D826D-1ACE-42C5-AFCD-1A102125CC3C} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {1633633B-EA60-4065-9498-DF17F2EC110A} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-5 -> No File <==== ATTENTION
Task: {19B5D08F-7AC2-4171-A4A2-879C47D76D3A} - \Bidaily Synchronize Task[74c7] -> No File <==== ATTENTION
Task: {23A310E3-4DA9-4CAC-8268-6D87B761DD33} - \868351e2-b93b-4ada-80fb-4143bf685520-1-6 -> No File <==== ATTENTION
Task: {251D8B8F-51F2-4C39-8953-B06D694D0D14} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-1-7 -> No File <==== ATTENTION
Task: {2570E304-D1B4-4E28-8A2D-4C067067A209} - \Crossbrowse -> No File <==== ATTENTION
Task: {2BB847DA-D8F7-4101-BEB8-5D46ADCFA8E7} - \Glopbbiq -> No File <==== ATTENTION
Task: {2FDB174E-305E-40A3-A24F-2B5775A4FB27} - \ASP -> No File <==== ATTENTION
Task: {42EB867B-9EAB-4866-9D1D-5DD1561DD964} - System32\Tasks\{EFA1BD0D-540F-4E2E-BB06-9B2AF734D294} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {4768C090-2CC6-4521-98AF-F22C2D3D1DD9} - \868351e2-b93b-4ada-80fb-4143bf685520-1-7 -> No File <==== ATTENTION
Task: {493FC893-1A47-4D02-BD86-E14F620E56B8} - System32\Tasks\{5E0D0262-FD6F-49BA-9236-94D0AD08438D} => pcalua.exe -a C:\Users\user\AppData\Local\Babylon\Setup\Setup.exe -d C:\Users\user\AppData\Local\Babylon\Setup\ -c "C:\Users\user\AppData\Local\Temp\40A6461D-BAB0-7891-AA00-A5E286F59DF6\Setup.exe"    /mds /mhp /mnt /babTrack="affID=8074" /S /aflt=babsst /instlRef=sst /srcExt=ss /rt -rc
C:\Users\user\AppData\Local\Babylon
Task: {4E7C942F-D932-4A96-A354-79FE3486D988} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {55B16AEC-B46D-4A90-A2DA-049FAE9F3604} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-3 -> No File <==== ATTENTION
Task: {56471DB5-3052-494D-9AB8-BD0EC46A83EF} - \868351e2-b93b-4ada-80fb-4143bf685520-7 -> No File <==== ATTENTION
Task: {62E4A043-FBD9-4671-ABCE-B47EBA782DCB} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {62F9EF48-5835-416B-93DF-5485155A87F9} - \868351e2-b93b-4ada-80fb-4143bf685520-6 -> No File <==== ATTENTION
Task: {63995AA0-29DB-480C-8C12-ED256677392E} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-10_user -> No File <==== ATTENTION
Task: {6BCA1027-793E-4F88-AAF5-C5695A0B6647} - \Funmoods -> No File <==== ATTENTION
Task: {751DE27D-BFF0-4F74-8C05-BD5B6FA1B878} - \868351e2-b93b-4ada-80fb-4143bf685520-5_user -> No File <==== ATTENTION
Task: {7D54291D-D776-4FC5-B43C-BDC36300A8D3} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {818D1F48-5262-4256-AF94-43453E0B8DD2} - \868351e2-b93b-4ada-80fb-4143bf685520-10_user -> No File <==== ATTENTION
Task: {82635AC0-682F-48E3-A4E3-02296A3D7C15} - \Bidaily Synchronize Task[8da6] -> No File <==== ATTENTION
Task: {8DE3F959-3521-4C46-B8F3-0E7BF828ED0F} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-6 -> No File <==== ATTENTION
Task: {91BE9379-8C6C-4095-872B-EC195ABE6908} - \Super Optimizer Schedule -> No File <==== ATTENTION
Task: {93627C55-0C79-4DD5-B1AA-C93BB67EE3BF} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {972216C2-B51C-4C9C-B12C-D68730462E65} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {9F347E15-230C-498E-8DBA-6ABB526CDEC2} - \868351e2-b93b-4ada-80fb-4143bf685520-3 -> No File <==== ATTENTION
Task: {AF707EE6-FAC6-4896-8039-91EE54686B3E} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-1-6 -> No File <==== ATTENTION
Task: {B2226F28-E444-495D-9998-E25B5C863B7B} - System32\Tasks\{C6410244-1CB4-4BBD-8479-367637C0DE50} => pcalua.exe -a E:\setup.exe -d E:\
Task: {BA80A5CC-866B-4B85-BAC5-E4E68DB22A1C} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-7 -> No File <==== ATTENTION
Task: {DCF55243-896D-4F66-B3E7-D965DD0D7F9B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {DFB1EB9A-2411-4C17-BA34-93E5A7C3C53A} - \868351e2-b93b-4ada-80fb-4143bf685520-5 -> No File <==== ATTENTION
Task: {E2C2FBF7-3318-4441-8089-EB2A046E4FEB} - \507b847c-ac6f-45b5-a0bc-d3d6711d2855-5_user -> No File <==== ATTENTION
Task: {EF2AB06E-5CC2-418D-9BF9-CAADB26CB7E5} - System32\Tasks\{AB373B5B-A06C-4D92-BADC-1E2D31A1184E} => pcalua.exe -a C:\Users\user\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cmi
C:\Users\user\AppData\Roaming\mystartsearch
cmd: netsh winsock reset
Emptytemp:
Reboot:
End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-378641337-597838875-491265271-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-378641337-597838875-491265271-500\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => key removed successfully
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\Extensions\dribqjfkvzsxwhojoz@whanqvqrgdtnle.edu => moved successfully
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\Extensions\dribqjfkvzsxwhojoz@whanqvqrgdtnle.edu => path removed successfully
FF Extension: coupcoup - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\Extensions\dribqjfkvzsxwhojoz@whanqvqrgdtnle.edu [2015-08-07] => not found
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\jh_hkkadvdsqtcbqtom@pijbitbnxbhtgaqv.org => path removed successfully
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\jh_hkkadvdsqtcbqtom@pijbitbnxbhtgaqv.org [not found] => not found
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com => path removed successfully
FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found] => not found
TrustedInstaller => service removed successfully
catchme => service removed successfully
massfilter => service removed successfully
massfilter_hs => service removed successfully
nmwcd => service removed successfully
nmwcdc => service removed successfully
pccsmcfd => service removed successfully
upperdev => service removed successfully
zgwhsdiag => service removed successfully
ZTEusbmdm6k => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
C:\Users\Administrator\AppData\Roaming\gDm8BoVeIll7dbhxY => moved successfully
"C:\ProgramData\01Jmpaj.dat" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{046C7B17-3286-4B79-9F9F-CFAFCA3B4661}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{046C7B17-3286-4B79-9F9F-CFAFCA3B4661}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0774EB42-1EB4-4EF9-A38E-2F1568045DCE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0774EB42-1EB4-4EF9-A38E-2F1568045DCE}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Superclean => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E2D826D-1ACE-42C5-AFCD-1A102125CC3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E2D826D-1ACE-42C5-AFCD-1A102125CC3C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1633633B-EA60-4065-9498-DF17F2EC110A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1633633B-EA60-4065-9498-DF17F2EC110A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-5 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19B5D08F-7AC2-4171-A4A2-879C47D76D3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19B5D08F-7AC2-4171-A4A2-879C47D76D3A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7] => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23A310E3-4DA9-4CAC-8268-6D87B761DD33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23A310E3-4DA9-4CAC-8268-6D87B761DD33}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-1-6 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{251D8B8F-51F2-4C39-8953-B06D694D0D14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{251D8B8F-51F2-4C39-8953-B06D694D0D14}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-1-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2570E304-D1B4-4E28-8A2D-4C067067A209}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2570E304-D1B4-4E28-8A2D-4C067067A209}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB847DA-D8F7-4101-BEB8-5D46ADCFA8E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB847DA-D8F7-4101-BEB8-5D46ADCFA8E7}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Glopbbiq => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2FDB174E-305E-40A3-A24F-2B5775A4FB27}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDB174E-305E-40A3-A24F-2B5775A4FB27}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42EB867B-9EAB-4866-9D1D-5DD1561DD964}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42EB867B-9EAB-4866-9D1D-5DD1561DD964}" => key removed successfully
C:\Windows\System32\Tasks\{EFA1BD0D-540F-4E2E-BB06-9B2AF734D294} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EFA1BD0D-540F-4E2E-BB06-9B2AF734D294}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4768C090-2CC6-4521-98AF-F22C2D3D1DD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4768C090-2CC6-4521-98AF-F22C2D3D1DD9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-1-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{493FC893-1A47-4D02-BD86-E14F620E56B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{493FC893-1A47-4D02-BD86-E14F620E56B8}" => key removed successfully
C:\Windows\System32\Tasks\{5E0D0262-FD6F-49BA-9236-94D0AD08438D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5E0D0262-FD6F-49BA-9236-94D0AD08438D}" => key removed successfully
"C:\Users\user\AppData\Local\Babylon" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E7C942F-D932-4A96-A354-79FE3486D988}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E7C942F-D932-4A96-A354-79FE3486D988}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55B16AEC-B46D-4A90-A2DA-049FAE9F3604}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55B16AEC-B46D-4A90-A2DA-049FAE9F3604}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56471DB5-3052-494D-9AB8-BD0EC46A83EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56471DB5-3052-494D-9AB8-BD0EC46A83EF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62E4A043-FBD9-4671-ABCE-B47EBA782DCB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E4A043-FBD9-4671-ABCE-B47EBA782DCB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62F9EF48-5835-416B-93DF-5485155A87F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62F9EF48-5835-416B-93DF-5485155A87F9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-6 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63995AA0-29DB-480C-8C12-ED256677392E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63995AA0-29DB-480C-8C12-ED256677392E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-10_user => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BCA1027-793E-4F88-AAF5-C5695A0B6647}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BCA1027-793E-4F88-AAF5-C5695A0B6647}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{751DE27D-BFF0-4F74-8C05-BD5B6FA1B878}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{751DE27D-BFF0-4F74-8C05-BD5B6FA1B878}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-5_user => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D54291D-D776-4FC5-B43C-BDC36300A8D3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D54291D-D776-4FC5-B43C-BDC36300A8D3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{818D1F48-5262-4256-AF94-43453E0B8DD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{818D1F48-5262-4256-AF94-43453E0B8DD2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-10_user => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82635AC0-682F-48E3-A4E3-02296A3D7C15}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82635AC0-682F-48E3-A4E3-02296A3D7C15}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6] => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DE3F959-3521-4C46-B8F3-0E7BF828ED0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DE3F959-3521-4C46-B8F3-0E7BF828ED0F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-6 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91BE9379-8C6C-4095-872B-EC195ABE6908}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91BE9379-8C6C-4095-872B-EC195ABE6908}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93627C55-0C79-4DD5-B1AA-C93BB67EE3BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93627C55-0C79-4DD5-B1AA-C93BB67EE3BF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{972216C2-B51C-4C9C-B12C-D68730462E65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{972216C2-B51C-4C9C-B12C-D68730462E65}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F347E15-230C-498E-8DBA-6ABB526CDEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F347E15-230C-498E-8DBA-6ABB526CDEC2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF707EE6-FAC6-4896-8039-91EE54686B3E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF707EE6-FAC6-4896-8039-91EE54686B3E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-1-6 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2226F28-E444-495D-9998-E25B5C863B7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2226F28-E444-495D-9998-E25B5C863B7B}" => key removed successfully
C:\Windows\System32\Tasks\{C6410244-1CB4-4BBD-8479-367637C0DE50} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6410244-1CB4-4BBD-8479-367637C0DE50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA80A5CC-866B-4B85-BAC5-E4E68DB22A1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA80A5CC-866B-4B85-BAC5-E4E68DB22A1C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCF55243-896D-4F66-B3E7-D965DD0D7F9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF55243-896D-4F66-B3E7-D965DD0D7F9B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFB1EB9A-2411-4C17-BA34-93E5A7C3C53A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFB1EB9A-2411-4C17-BA34-93E5A7C3C53A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\868351e2-b93b-4ada-80fb-4143bf685520-5 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2C2FBF7-3318-4441-8089-EB2A046E4FEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2C2FBF7-3318-4441-8089-EB2A046E4FEB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\507b847c-ac6f-45b5-a0bc-d3d6711d2855-5_user => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF2AB06E-5CC2-418D-9BF9-CAADB26CB7E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF2AB06E-5CC2-418D-9BF9-CAADB26CB7E5}" => key removed successfully
C:\Windows\System32\Tasks\{AB373B5B-A06C-4D92-BADC-1E2D31A1184E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB373B5B-A06C-4D92-BADC-1E2D31A1184E}" => key removed successfully
"C:\Users\user\AppData\Roaming\mystartsearch" => File/Folder not found.

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

EmptyTemp: => 105.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 00:28:43 ====

 

# AdwCleaner v5.010 - Logfile created 07/10/2015 at 00:32:27
# Updated 04/10/2015 by Xplode
# Database : 2015-10-04.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Administrator - SHARMAINE
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****

[-] File Disinfected : C:\Windows\SysNative\dnsapi.dll
[!] File Not Disinfected : C:\Windows\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [778 bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on Wed 07/10/2015 at  0:37:14.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Administrator\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/10/2015 at  0:39:28.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Administrator (administrator) on SHARMAINE (07-10-2015 00:39:54)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Sharmaine & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-378641337-597838875-491265271-500\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk /p \??\i:autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3B5034A5-D8AE-4AD1-A007-1ED263ACD8D8}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FA6A3F7F-AE7B-48B0-A9C7-64E8E5D8852C}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130874421890286527&GUID=27FB73A8-DB0C-4490-A65B-C10BE4B14E80
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-378641337-597838875-491265271-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-378641337-597838875-491265271-500 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-01-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-01-13] (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-07]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-07]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2010-08-06] (Hewlett-Packard) [File not signed]
S2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [129648 2010-12-02] (Portrait Displays, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-13] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-07 00:39 - 2015-10-07 00:39 - 00001111 _____ C:\Users\Administrator\Desktop\JRT3.txt
2015-10-07 00:39 - 2015-10-07 00:39 - 00001111 _____ C:\Users\Administrator\Desktop\JRT.txt
2015-10-07 00:36 - 2015-10-07 00:36 - 00000856 _____ C:\Users\Administrator\Desktop\AdwCleaner3.txt
2015-10-07 00:36 - 2015-10-06 21:13 - 00006787 _____ C:\Users\Administrator\Desktop\Fixlist.txt
2015-10-06 22:01 - 2015-10-06 22:01 - 00044169 _____ C:\Users\Administrator\Desktop\Addition2.txt
2015-10-06 22:01 - 2015-10-06 22:01 - 00029377 _____ C:\Users\Administrator\Desktop\FRST2.txt
2015-10-06 21:57 - 2015-10-06 21:57 - 00000856 _____ C:\Users\Administrator\Desktop\AdwCleaner[C4].txt
2015-10-06 21:52 - 2015-10-06 21:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2015
2015-10-06 21:47 - 2015-10-06 21:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2015-10-06 21:41 - 2015-10-06 21:40 - 01801288 _____ (Malwarebytes) C:\Users\Administrator\Desktop\JRT.exe
2015-10-06 21:41 - 2015-10-06 21:40 - 01681920 _____ C:\Users\Administrator\Desktop\AdwCleaner.exe
2015-10-06 21:13 - 2015-10-06 21:52 - 00577039 _____ C:\Users\Administrator\Desktop\avgremover.log
2015-10-06 21:13 - 2015-10-06 21:11 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Administrator\Desktop\avg_remover_stf_x64_2015_5501.exe
2015-10-06 20:00 - 2015-10-06 22:00 - 00044169 _____ C:\Users\Administrator\Desktop\Addition.txt
2015-10-06 19:59 - 2015-10-07 00:40 - 00012254 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-10-06 19:58 - 2015-10-06 19:59 - 00003708 _____ C:\Users\Administrator\Desktop\SystemLook.txt
2015-10-06 19:57 - 2015-10-06 19:55 - 00165376 _____ C:\Users\Administrator\Desktop\SystemLook_x64.exe
2015-10-06 19:57 - 2015-10-06 09:32 - 02193920 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-10-06 09:53 - 2015-10-07 00:39 - 00000000 ____D C:\FRST
2015-10-06 09:53 - 2015-10-06 09:54 - 00035772 _____ C:\Users\Sharmaine\Desktop\Addition.txt
2015-10-06 09:53 - 2015-10-06 09:54 - 00031155 _____ C:\Users\Sharmaine\Desktop\FRST.txt
2015-10-06 09:51 - 2015-10-06 09:32 - 02193920 _____ (Farbar) C:\Users\Sharmaine\Desktop\FRST64.exe
2015-10-05 22:45 - 2015-10-05 22:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SHARMAINE-Windows-7-Home-Premium-(64-bit).dat
2015-10-05 22:45 - 2015-10-05 22:45 - 00000000 ____D C:\RegBackup
2015-10-05 22:10 - 2015-10-05 22:10 - 00003664 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-10-05 22:10 - 2015-10-05 22:10 - 00002117 _____ C:\Users\Sharmaine\Desktop\Tweaking.com - Windows Repair.lnk
2015-10-05 22:10 - 2015-10-05 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-05 22:09 - 2015-10-05 22:09 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-10-05 22:09 - 2015-10-05 21:51 - 20389640 _____ (Tweaking.com) C:\Users\Sharmaine\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\Users\Sharmaine\Desktop\mbar
2015-10-05 21:42 - 2015-10-05 22:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-05 21:42 - 2015-10-05 21:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-05 21:42 - 2015-10-05 21:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-05 21:42 - 2015-10-05 21:38 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Sharmaine\Desktop\mbar-1.09.3.1001.exe
2015-10-05 21:41 - 2015-10-05 21:40 - 22772808 _____ C:\Users\Sharmaine\Desktop\RogueKillerX64.exe
2015-10-05 21:33 - 2015-10-05 21:40 - 00002432 _____ C:\Users\Sharmaine\Desktop\Rkill.txt
2015-10-05 21:30 - 2015-10-05 21:30 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Sharmaine\Desktop\rkill.exe
2015-10-05 21:30 - 2015-10-05 21:28 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Sharmaine\Desktop\mbam-clean-2.1.1.1001.exe
2015-10-05 08:58 - 2015-10-07 00:35 - 00000672 _____ C:\Windows\setupact.log
2015-10-05 08:58 - 2015-10-06 21:14 - 00021960 _____ C:\Windows\PFRO.log
2015-10-05 08:58 - 2015-10-05 23:21 - 00113504 _____ C:\Users\Sharmaine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-05 08:58 - 2015-10-05 23:20 - 00418464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-05 08:58 - 2015-10-05 08:58 - 00000000 _____ C:\Windows\setuperr.log
2015-10-05 08:35 - 2015-10-05 20:31 - 00075752 _____ C:\Users\Sharmaine\Desktop\RegSetup-60769920.exe
2015-10-05 08:35 - 2015-10-05 20:28 - 06677440 _____ (Piriform Ltd) C:\Users\Sharmaine\Desktop\ccsetup510.exe
2015-10-05 08:35 - 2015-10-05 08:35 - 00002800 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-05 08:35 - 2015-10-05 08:35 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-05 08:35 - 2015-10-05 08:35 - 00000000 ____D C:\Program Files\CCleaner
2015-10-05 08:21 - 2015-10-05 08:21 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\TuneUp Software
2015-10-05 08:04 - 2015-10-05 08:04 - 00021696 _____ C:\ComboFix.txt
2015-10-05 07:31 - 2015-10-05 07:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-10-05 07:18 - 2015-10-07 00:32 - 00000000 ____D C:\AdwCleaner
2015-10-05 07:17 - 2015-10-05 19:14 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Sharmaine\Desktop\avast_free_antivirus_setup_online.exe
2015-10-05 07:17 - 2015-10-05 19:11 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sharmaine\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-05 07:17 - 2015-10-05 19:05 - 23579408 _____ (SUPERAntiSpyware) C:\Users\Sharmaine\Desktop\SAS_271753.EXE
2015-10-05 07:17 - 2015-10-05 19:05 - 04559688 _____ (Avira Operations GmbH & Co. KG) C:\Users\Sharmaine\Desktop\avira_en_av_56123618e8f86__ws.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 11427128 _____ (Bitdefender LLC) C:\Users\Sharmaine\Desktop\BootkitRemoval_x64.exe
2015-10-05 07:17 - 2015-10-05 19:03 - 00783640 _____ (McAfee, Inc.) C:\Users\Sharmaine\Desktop\rootkitremover.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Sharmaine\Desktop\tdsskiller.exe
2015-10-05 07:17 - 2015-10-05 19:01 - 01681920 _____ C:\Users\Sharmaine\Desktop\adwcleaner_5.010.exe
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Mozilla
2015-10-05 06:53 - 2015-10-05 06:53 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Mozilla
2015-10-05 06:50 - 2015-10-05 18:49 - 42802928 _____ C:\Users\Sharmaine\Desktop\Firefox Setup 41.0.1.exe
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\Documents\Bluetooth Exchange Folder
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-10-01 05:09 - 2015-10-01 05:09 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Broadcom
2015-09-26 09:08 - 2015-09-26 09:08 - 00000274 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.bat
2015-09-26 09:07 - 2015-09-26 09:07 - 00001181 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy (1).vbs
2015-09-26 09:06 - 2015-09-26 09:07 - 00001181 _____ C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.vbs
2015-09-26 08:58 - 2015-09-26 08:58 - 00001755 _____ C:\Users\Administrator\Desktop\Internet Explorer (No Add-ons).lnk
2015-09-26 08:57 - 2015-09-26 08:57 - 00302011 _____ C:\Users\Administrator\Downloads\WindowsUpdateDiagnostic (2).diagcab
2015-09-26 08:56 - 2015-09-26 08:56 - 00985600 _____ C:\Users\Administrator\Downloads\MicrosoftFixit50123.msi
2015-09-26 08:02 - 2015-10-05 22:09 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-26 08:02 - 2015-09-26 08:24 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-26 08:00 - 2015-09-26 08:01 - 18801736 _____ C:\Users\Sharmaine\Downloads\RogueKiller.exe
2015-09-25 13:55 - 2015-09-25 13:55 - 00481870 _____ C:\Users\Sharmaine\Downloads\s.jpeg
2015-09-23 10:55 - 2015-09-23 10:55 - 00001461 _____ C:\Users\Sharmaine\Desktop\Internet Explorer (No Add-ons).lnk
2015-09-23 10:49 - 2015-09-23 10:49 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\SUPERAntiSpyware.com
2015-09-23 10:39 - 2015-09-23 10:39 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Hewlett-Packard
2015-09-22 17:45 - 2015-09-22 17:45 - 00380416 _____ C:\Users\Sharmaine\Downloads\d8971d85.exe
2015-09-22 17:25 - 2015-09-22 17:25 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\GWX
2015-09-22 16:58 - 2011-06-26 17:15 - 00256000 _____ C:\Windows\PEV.exe
2015-09-22 16:58 - 2010-11-08 03:50 - 00208896 _____ C:\Windows\MBR.exe
2015-09-22 16:58 - 2009-04-20 15:26 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00098816 _____ C:\Windows\sed.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00080412 _____ C:\Windows\grep.exe
2015-09-22 16:58 - 2000-08-31 10:30 - 00068096 _____ C:\Windows\zip.exe
2015-09-22 16:57 - 2015-10-05 08:04 - 00000000 ____D C:\Qoobox
2015-09-22 16:57 - 2015-09-22 17:20 - 00000000 ____D C:\Windows\erdnt
2015-09-22 16:56 - 2015-09-22 16:55 - 05635484 ____R (Swearware) C:\Users\Sharmaine\Desktop\ComboFix.exe
2015-09-22 16:55 - 2015-09-22 16:55 - 05635484 _____ (Swearware) C:\Users\Sharmaine\Downloads\ComboFix.exe
2015-09-22 16:31 - 2015-09-22 16:31 - 00302011 _____ C:\Users\Sharmaine\Downloads\WindowsUpdateDiagnostic.diagcab
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-18 15:34 - 2015-09-18 15:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-09-18 15:32 - 2015-09-18 15:32 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Avg
2015-09-18 15:32 - 2015-09-18 15:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-07 00:40 - 2009-07-14 15:43 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-07 00:38 - 2011-04-14 09:01 - 01726614 _____ C:\Windows\WindowsUpdate.log
2015-10-07 00:37 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-07 00:37 - 2009-07-14 15:15 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-07 00:35 - 2009-07-14 15:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-06 21:17 - 2014-09-30 17:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-06 19:57 - 2015-08-07 22:09 - 00113504 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-06 09:31 - 2015-08-21 13:41 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\qBittorrent
2015-10-05 23:06 - 2009-07-14 13:04 - 00000560 _____ C:\Windows\win.ini
2015-10-05 22:30 - 2009-07-14 13:50 - 00000000 __RHD C:\Users\Default
2015-10-05 21:15 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\system32\NDF
2015-10-05 09:09 - 2015-06-20 14:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-05 08:36 - 2012-11-26 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
2015-10-05 08:36 - 2011-07-05 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2015-10-05 08:36 - 2009-07-14 16:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-05 08:20 - 2014-05-25 22:42 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-05 08:02 - 2009-07-14 13:04 - 00000215 _____ C:\Windows\system.ini
2015-10-05 06:43 - 2012-04-26 16:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-05 04:01 - 2015-08-21 13:46 - 00000000 ____D C:\Users\Sharmaine\AppData\Roaming\Apple Computer
2015-09-30 10:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Hewlett-Packard
2015-09-30 10:28 - 2011-09-14 22:39 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-26 08:30 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\registration
2015-09-26 08:23 - 2009-07-14 13:04 - 00000000 _____ C:\Windows\system32\Drivers\etc\hosts_bak_723
2015-09-25 14:36 - 2015-08-20 14:43 - 00000000 ____D C:\Users\Sharmaine\Desktop\Brad
2015-09-23 16:05 - 2009-07-14 13:50 - 00000000 ____D C:\Windows\Globalization
2015-09-23 11:17 - 2014-09-26 12:20 - 00000000 ____D C:\Windows\Minidump
2015-09-22 17:24 - 2009-07-14 15:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-22 16:43 - 2011-09-02 01:03 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-22 13:00 - 2009-07-14 15:38 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 15:28 - 2015-08-13 05:06 - 00000000 ____D C:\Users\Sharmaine\AppData\Local\Google

==================== Files in the root of some directories =======

2015-06-20 14:43 - 2015-08-07 22:24 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-08-12 19:50 - 2015-08-12 19:50 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
2011-09-12 18:26 - 2012-04-16 12:56 - 0003578 _____ () C:\ProgramData\hpzinstall.log
2011-08-17 23:23 - 2015-03-22 16:51 - 0045083 _____ () C:\ProgramData\MusicStation.log
2011-08-17 23:21 - 2011-08-17 23:21 - 0000224 _____ () C:\ProgramData\MusicStation.xml

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2011-08-17 17:39] - [2015-08-07 23:11] - 0357888 ____A (Microsoft Corporation) AE17E3B7BDC6DE01C03635E6E9C5310E

C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 03:17

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Administrator (2015-10-07 00:40:36)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-05 01:49:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-378641337-597838875-491265271-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-378641337-597838875-491265271-501 - Limited - Disabled)
Sharmaine (S-1-5-21-378641337-597838875-491265271-1138 - Limited - Enabled) => C:\Users\Sharmaine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{73AC89D8-5AFD-72F4-5266-03327E392C85}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2011.0112.2151.39168 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP AppsCenter for TouchSmart (HKLM-x32\...\{8317485C-067B-4B5B-A2A3-9D36B7B0399E}) (Version: 4.0.0.1 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.02.031 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{1502291B-3C1B-4781-99F8-9D6D8C650588}) (Version: 4.0.41.0 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart Browser (HKLM-x32\...\{4ACC9E9C-12D6-4A9D-8FBC-3FD469B9FD34}) (Version: 4.1.0012 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{297FA7DE-08E5-44A6-8F66-9E26F61F4810}) (Version: 4.1.3869.29064 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{909CE9B4-76A7-4C3D-A9AC-CE231B3E4B40}) (Version: 2.0.3917.26233 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{97AA232A-58CB-41A2-A258-0593F98AB1E0}) (Version: 3.1.3881.29051 - Hewlett-Packard)
HP TouchSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4625 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{967C033E-00C7-4805-9A80-C1C35DA4CF0C}) (Version: 1.0.3923.31229 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4700 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{1F40643A-3489-4262-B7BA-F2EC6FA0A1C8}) (Version: 4.1.3916.21107 - Hewlett-Packard)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart RSS (HKLM-x32\...\{608D7847-39B7-4D1D-AF6D-7DCC38C77615}) (Version: 4.1.0009 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 3.2.0.2 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{0581D120-6992-46FA-AAA2-42FA7EFF99C1}) (Version: 3.0.3910.29600 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.1.4503 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3303 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6308.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\{E74E7F63-E70F-43f2-873F-35FB66F263B2}) (Version: 2.0.2.124 - Hewlett-Packard)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SDK (x32 Version: 2.22.002 - Portrait Displays, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.1 - Tweaking.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2015-10-05 23:06 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2530C749-5125-46CF-8732-D5D56CA37B33} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {38506543-C5E1-4025-928B-444885B22C0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3B674D0B-B219-4FC4-8FD8-545CF02A20CA} - System32\Tasks\{64CBFA77-8918-433B-AFE4-BBE2EA2D32B6} => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPTouchSmartWebcam.exe [2010-09-04] (CyberLink Corp.)
Task: {4114CE76-A8CA-4D3C-892E-A2DB81C4DAA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4AF5C4F6-27A2-41E2-B28C-8724561881E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {5B0D52EB-6443-47AC-B644-8017DD4D764F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {5E3581C3-D840-4FE3-967A-76B6C2DD733A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8F6405CD-D1E3-4F3F-AA47-64CFCAF59CF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AE221F83-8156-4E04-AAB3-B53B5BACEC9D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {C753EB21-8EC8-43AB-B5F7-8200BB979454} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D85EA6AE-EF9B-44A9-8200-1FFB054B8182} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E85B7609-7781-43CD-91DB-30D743BFAD35} - System32\Tasks\{71068796-E000-42AC-AF90-06D550CF899F} => C:\Program Files (x86)\fliptoast\fliptoast.exe
Task: {F76AA726-0172-4FA4-AB9D-2632F9A2532C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-09-04] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2015-05-15 17:26 - 2015-05-15 17:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 17:26 - 2015-05-15 17:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-08 00:07 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-08 00:07 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-08 00:07 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-08 00:07 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-08 00:07 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk => C:\Windows\pss\fliptoast.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\e98f9eb8-5445-4d32-8de1-23dc0cf8cf71.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDAgent => "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe"
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: ConvertAd => C:\Users\user\AppData\Local\ConvertAd\ConvertAd.exe
MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
MSCONFIG\startupreg: HP KEYBOARDx => "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Nokia.PCSync => "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TornTv Downloader => C:\Users\user\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1B1531A5-612E-4655-89E8-DAAF96D36E78}] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{2F7CC19C-8BFC-43C6-B717-CB4579CD10DD}] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}] => (Allow) LPort=2869
FirewallRules: [{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}] => (Allow) LPort=1900
FirewallRules: [{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}] => (Allow) LPort=48113
FirewallRules: [{740197B5-9B91-43DC-9448-5F2FAA99E4ED}] => (Allow) LPort=48113
FirewallRules: [TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [uDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe] => (Allow) E:\programmation\qtchat\release\qtchat.exe
FirewallRules: [{7AD81C20-BE2E-4D3D-B728-4E8C36659827}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp DVD A  DC8A2LH
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/06/2015 09:55:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 5.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1388

Start Time: 01d1002934901dfc

Termination Time: 16

Application Path: C:\Users\Administrator\Desktop\AdwCleaner.exe

Report Id:

Error: (10/06/2015 09:47:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDTray.exe, version: 2.4.40.129, time stamp: 0x535a51a2
Faulting module name: RpcRtRemote.dll, version: 6.1.7601.17514, time stamp: 0x4ce7992f
Exception code: 0xc0000005
Fault offset: 0x000013e4
Faulting process id: 0xac0
Faulting application start time: 0xSDTray.exe0
Faulting application path: SDTray.exe1
Faulting module path: SDTray.exe2
Report Id: SDTray.exe3

Error: (10/05/2015 11:23:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2015 11:23:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/05/2015 11:08:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: SHARMAINE)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (10/05/2015 11:08:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: SHARMAINE)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (10/05/2015 11:05:03 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\OSPPWMI.MOF

Error: (10/05/2015 11:05:03 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: 0x8004401eC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICESOFTWAREPROTECTIONPLATFORM\OSPPWMI.MOF

Error: (10/05/2015 10:41:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.


Operation:
   Set Snapshot Context

Context:
   Execution Context: Requestor

Error: (10/05/2015 10:41:15 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and Name Software Provider is [0x80040154, Class not registered
].


Operation:
   Set Snapshot Context

Context:
   Execution Context: Requestor


System errors:
=============
Error: (10/07/2015 12:39:31 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error:
%%1056

Error: (10/07/2015 12:37:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053

Error: (10/07/2015 12:37:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%1053

Error: (10/07/2015 12:37:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect.

Error: (10/07/2015 12:37:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/07/2015 12:37:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/07/2015 12:37:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/07/2015 12:37:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/07/2015 12:37:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/07/2015 12:37:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Portrait Displays SDK Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2015-09-22 16:09:46.268
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-22 16:09:46.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-04-25 14:49:09.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 14:42:49.916
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 13:06:06.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 12:06:33.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-25 11:57:56.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00134_019\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-24 15:50:43.862
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00129_017\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-21 16:12:44.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00129_017\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2012-04-21 15:39:23.664
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00129_017\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i3 CPU 560 @ 3.33GHz
Percentage of memory in use: 30%
Total physical RAM: 3959.11 MB
Available physical RAM: 2770.77 MB
Total Virtual: 7916.43 MB
Available Virtual: 6667.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:910.08 GB) (Free:858.58 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:21.33 GB) (Free:2.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (UUI) (Removable) (Total:14.87 GB) (Free:14.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E19AF561)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

==================== End of Addition.txt ============================

Link to post
Share on other sites

See if you can run the following:

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender


  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


 

Also right click on the internet icon in system tray next to clock, select "Troubleshoot Problems" what information do you see?

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Trouble shoot just says it was unable to resolve the problem.

 

 

 

 

Farbar Service Scanner Version: 26-07-2015
Ran by Administrator (administrator) on 07-10-2015 at 10:21:22
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Download, transfer to sick PC desktop and run the following:

 

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe 

 

Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Next,

 

Please download http://www.majorgeeks.com/mg/getmirror/complete_internet_repair,1.html Complete Internet Repair and transfer it to sick PC Desktop. <--- Do not save anywhere else

 

Download Mirror http://www.majorgeeks.com/mg/getmirror/complete_internet_repair,2.html

 

Double click the icon and select Extract (accept UAC alert if applicable)

 

Double click the Complete Internet Repair folder on your desktop.

 

Run the version relevant to your system, 32 bit or 64 bit.

 

Double click the CIntRep.exe icon  <----32 bit version.

Double click the ClntRep_64.exe icon  <--- 64 bit version

 

Place a checkmark next to the following entries:

 

Reset Internet Protocol (TCP/IP)

Repair Winsock (Reset Catalog)

Renew Internet Connections

Flush DNS Resolver Cache

Repair Internet Explorer

Clear Windows Update History

Repair Windows / Automatic Updates

Repair SSL / HTTPS / Cryptography

Reset Windows Firewall Configuration

Restore the default hosts file

Repair Workgroup Computers view

 

Click Go!

 

Ignore any error messages for now

Click OK to reboot your computer

 

Is connection restored?

 

Thank you,

 

Kevin..

Link to post
Share on other sites

The connection is active, though i am unable to access any webpage. I tried a fresh install of Mozilla (latest build direct from their site) and like before, every time you try to open it it automatically crashes to the error report prompt box.

Link to post
Share on other sites

51a612a8b27e2-Zoek.pngScan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:


services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults;

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)


Please include its content in your next reply. Don't forget to re-enable security software!

 

Do browsers now open successfully?

 

Thank you,

 

Kevin.....

Link to post
Share on other sites

Mozilla still fails to open. Can't access internet through I.E.

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Administrator on Wed 07/10/2015 at 19:38:42.77.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Administrator\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2015-10-07-090502.log    49198 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Users\Administrator\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Windows\wininit.ini deleted

==== System Specs ======================

Operating System: Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 64-bit
Manufacturer: Hewlett-Packard - Model: 610-1010a
Install Date: 5/07/2011 11:19:53 AM
Last Boot: 7/10/2015 7:37:56 PM
Processor: Intel® Core i3 CPU         560  @ 3.33GHz
Number of Processors: 4
Work Station
Bootmode: Normal boot
Total RAM: 3959 MB (free 2586 MB - 65)
Computername: SHARMAINE
Domain: HOME
User: Administrator (Administrator account)
Local Disk:        C:\ - NTFS - 910 GB (free 857 GB)
Local Disk:        D:\ - NTFS - 21 GB (free 2 GB)
Removable Disk:    F:\ - FAT32 - 14 GB (free 14 GB)
Removable Disk:    I:\ -  -  GB (free  GB)
Bootdevice: \Device\HarddiskVolume1
Windows update:
Country: Australia
Language: ENA

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Firefox    41.0.1
Internet Explorer Version: 11.0.9600.17843
Mozilla Firefox version: 41.0.1 (x86 en-US)

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-10-05 12:15:02    CA2A8AF1DBAD0F31F9B33A2827DFBC16    207    ----a-w-    C:\Windows\tweaking.com-regbackup-SHARMAINE-Windows-7-Home-Premium-(64-bit).dat
2015-09-22 06:28:14    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2015-09-22 06:28:14    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
2015-09-22 06:28:04    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2015-09-22 06:28:04    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2015-09-22 06:28:03    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
====== C:\Users\ADMINI~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-10-04 22:28:03    8B84735F3FB5C48CACA254EA717E2EF6    418464    ----a-w-    C:\Windows\Sysnative\FNTCACHE.DAT
====== C:\Windows\Sysnative\drivers =====
2015-10-05 11:12:41    78488AF2AB2111D67B3C4044707A519B    192216    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-10-05 11:12:31    47701ECA633574E122687693B5C5D35C    109272    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-09-25 21:32:36    531121E7ED50084B493A69F8F8A7A927    37624    ----a-w-    C:\Windows\Sysnative\drivers\TrueSight.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-10-07 08:25:37    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
2015-10-05 11:39:56    --------    d-----w-    C:\PROGRA~2\Tweaking.com
======= C: =====
====== C:\Users\Administrator\AppData\Roaming ======
2015-10-07 09:03:50    --------    d-----w-    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-10-07 09:03:50    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-10-07 09:03:50    --------    d-----w-    C:\Users\user\AppData\Local\temp
2015-10-07 09:03:50    --------    d-----w-    C:\Users\Sharmaine\AppData\Local\temp
2015-10-07 09:03:50    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2015-10-07 09:03:50    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2015-10-07 09:03:50    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2015-10-07 09:03:50    --------    d-----w-    C:\Users\Administrator\AppData\Local\Temp
2015-10-07 08:20:01    207B40DFBD17837C1AAFC5FFB25B61BF    233528    ----a-w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2015-10-06 11:22:05    --------    d-----w-    C:\Users\Administrator\AppData\Local\Avg2015
2015-10-06 11:17:29    --------    d-----w-    C:\Users\Administrator\AppData\Local\CrashDumps
2015-10-05 12:00:07    --------    d-----w-    C:\Users\user\AppData\Roaming\Microsoft
2015-10-05 12:00:06    --------    d-----w-    C:\Users\user\AppData\Local\Microsoft
2015-10-04 22:28:40    ED0CDB63E38BB644D541B0B0C48442C2    113504    ----a-w-    C:\Users\Sharmaine\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-04 22:12:46    --------    d-----w-    C:\Users\Sharmaine\AppData\Local\ElevatedDiagnostics
2015-10-04 21:51:07    --------    d-----w-    C:\Users\Sharmaine\AppData\Roaming\TuneUp Software
2015-10-04 21:17:36    --------    d-----w-    C:\Users\Sharmaine\AppData\Local\Programs
2015-10-04 20:23:21    --------    d-----w-    C:\Users\Sharmaine\AppData\Roaming\Mozilla
2015-10-04 20:23:21    --------    d-----w-    C:\Users\Sharmaine\AppData\Local\Mozilla
2015-10-04 15:55:24    --------    d-----w-    C:\Users\Sharmaine\AppData\Local\Diagnostics
2015-09-30 18:39:11    --------    d-----w-    C:\Users\Sharmaine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-09-30 18:39:06    --------    d-----w-    C:\Users\Sharmaine\AppData\Local\Broadcom
2015-09-23 00:19:43    --------    d-----w-    C:\Users\Sharmaine\AppData\Roaming\SUPERAntiSpyware.com
2015-09-23 00:09:17    --------    d-----w-    C:\Users\Sharmaine\AppData\Roaming\Hewlett-Packard
2015-09-22 06:55:04    --------    d-----w-    C:\Users\Sharmaine\AppData\Local\GWX
2015-09-18 05:04:39    --------    d-----w-    C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-18 05:04:39    --------    d-----w-    C:\Users\Default User\AppData\Roaming\TuneUp Software
====== C:\Users\Administrator ======
2015-10-07 08:25:20    CEF47813B7BACC9D2D75FFFFF9275378    42802928    ----a-w-    C:\Users\Administrator\Desktop\Firefox Setup 41.0.1.exe
2015-10-07 08:19:48    FFF0BD7669C420AF07BF6E6C1DF7CA3D    4009167    ----a-w-    C:\Users\Administrator\Desktop\ServicesRepair.exe
2015-10-07 08:19:31    C2B9CB997461A1EC1199AF8634273E7D    1586165    ----a-w-    C:\Users\Administrator\Desktop\ComIntRepair.exe
2015-10-06 23:51:03    3FE85FE8E673CC7C464A0F96774857AC    899072    ----a-w-    C:\Users\Administrator\Desktop\FSS.exe
2015-10-06 11:11:45    38BE4E69AED17CFF7C001E56C4AC95A0    1801288    ----a-w-    C:\Users\Administrator\Desktop\JRT.exe
2015-10-06 11:11:35    9429879C217CB59F3E86912573B7E6CB    1681920    ----a-w-    C:\Users\Administrator\Desktop\AdwCleaner.exe
2015-10-06 09:27:42    F783EC309D42813F74319EB776153B2B    165376    ----a-w-    C:\Users\Administrator\Desktop\SystemLook_x64.exe
2015-10-06 09:27:34    7488DA0E1209C8BD432A7710C24E6729    2193920    ----a-w-    C:\Users\Administrator\Desktop\FRST64.exe
2015-10-05 23:21:55    7488DA0E1209C8BD432A7710C24E6729    2193920    ----a-w-    C:\Users\Sharmaine\Desktop\FRST64.exe
2015-10-05 12:00:08    --------    d-----w-    C:\Users\user\Videos
2015-10-05 12:00:08    --------    d-----w-    C:\Users\user\Pictures
2015-10-05 12:00:08    --------    d-----w-    C:\Users\user\Documents
2015-10-05 12:00:06    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\Videos
2015-10-05 12:00:06    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\Pictures
2015-10-05 12:00:06    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\Music
2015-10-05 11:39:38    B0EA2F8288CB4F59159B04510C2FE701    20389640    ----a-w-    C:\Users\Sharmaine\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-10-05 11:12:05    67B0906B68164E807BD5691C67696DA4    16563352    ----a-w-    C:\Users\Sharmaine\Desktop\mbar-1.09.3.1001.exe
2015-10-05 11:11:57    76424017EC2915596F45E32461EFE665    22772808    ----a-w-    C:\Users\Sharmaine\Desktop\RogueKillerX64.exe
2015-10-05 11:00:39    3C7707013DEEA5ED7F68A29A007A7D57    321848    ----a-w-    C:\Users\Sharmaine\Desktop\mbam-clean-2.1.1.1001.exe
2015-10-05 11:00:37    456FD750BA7349202281AF7729ECD987    2019656    ----a-w-    C:\Users\Sharmaine\Desktop\rkill.exe
2015-10-04 22:05:15    BD4122D5B2830C8DB3992CB9D2920F0E    6677440    ----a-w-    C:\Users\Sharmaine\Desktop\ccsetup510.exe
2015-10-04 22:05:12    9246E0AFC61B213A2DEE1E82FEBA0B78    75752    ----a-w-    C:\Users\Sharmaine\Desktop\RegSetup-60769920.exe
2015-10-04 20:47:58    D3B6FA14CB7E12B7FBC0B3AA26235898    24345872    ----a-w-    C:\Users\Sharmaine\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-04 20:47:58    1D7F6FACF57ABE021853D0EDBC4E2647    23579408    ----a-w-    C:\Users\Sharmaine\Desktop\SAS_271753.EXE
2015-10-04 20:47:58    0170A4503F85F2D7ABCBEF0419B1C35A    4404952    ----a-w-    C:\Users\Sharmaine\Desktop\tdsskiller.exe
2015-10-04 20:47:56    2E0AD51E723FB9F7B342FC5B9759D69A    11427128    ----a-w-    C:\Users\Sharmaine\Desktop\BootkitRemoval_x64.exe
2015-10-04 20:47:54    AFD8C4F21A7E04CD4A99572C5C2CA5E0    4559688    ----a-w-    C:\Users\Sharmaine\Desktop\avira_en_av_56123618e8f86__ws.exe
2015-10-04 20:47:54    9429879C217CB59F3E86912573B7E6CB    1681920    ----a-w-    C:\Users\Sharmaine\Desktop\adwcleaner_5.010.exe
2015-10-04 20:47:54    595B7BE35F2A33B0A1CA1801F57A8707    5500000    ----a-w-    C:\Users\Sharmaine\Desktop\avast_free_antivirus_setup_online.exe
2015-10-04 20:20:29    CEF47813B7BACC9D2D75FFFFF9275378    42802928    ----a-w-    C:\Users\Sharmaine\Desktop\Firefox Setup 41.0.1.exe
2015-09-25 22:38:12    CC74FD95B9730AA7A895E7106ECE57F1    274    ----a-w-    C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.bat
2015-09-25 22:37:14    CAE0708AAFA194089B0FE05E5D878895    1181    ----a-w-    C:\Users\Administrator\Downloads\Reset_Local_Group_Policy (1).vbs
2015-09-25 22:36:36    CAE0708AAFA194089B0FE05E5D878895    1181    ----a-w-    C:\Users\Administrator\Downloads\Reset_Local_Group_Policy.vbs
2015-09-25 21:32:31    --------    d-----w-    C:\ProgramData\RogueKiller
2015-09-25 21:30:36    09FB30B059A8CB5D61A872B89C03B233    18801736    ----a-w-    C:\Users\Sharmaine\Downloads\RogueKiller.exe
2015-09-22 06:51:55    --------    d-----w-    C:\Users\Public\AppData

====== C: exe-files ==
2074-05-07 08:08:48    A9EE10092FB05C4EA5918756C822D131    203576    ----a-w-    C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2015-10-07 08:25:38    AD58FEB99BEEE7E78E8BA45BA172B6BF    107202    ----a-w-    C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2015-10-07 08:25:37    6215DA3AD492CFBEBEE2ADBED0A6CC22    147624    ----a-w-    C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2015-10-07 08:25:20    CEF47813B7BACC9D2D75FFFFF9275378    42802928    ----a-w-    C:\Users\Administrator\Desktop\Firefox Setup 41.0.1.exe
2015-10-07 08:21:36    54327E1383CABE5BE6CC18FE2F0DF38E    728576    ----a-w-    C:\Users\Administrator\Desktop\ComIntRepair\CIntRep.exe
2015-10-07 08:21:36    34A43FF6AB11C96212DB39E747567216    1314304    ----a-w-    C:\Users\Administrator\Desktop\ComIntRepair\CIntRep_x64.exe
2015-10-07 08:19:48    FFF0BD7669C420AF07BF6E6C1DF7CA3D    4009167    ----a-w-    C:\Users\Administrator\Desktop\ServicesRepair.exe
2015-10-07 08:19:31    C2B9CB997461A1EC1199AF8634273E7D    1586165    ----a-w-    C:\Users\Administrator\Desktop\ComIntRepair.exe
2015-10-06 23:51:03    3FE85FE8E673CC7C464A0F96774857AC    899072    ----a-w-    C:\Users\Administrator\Desktop\FSS.exe
2015-10-06 11:11:45    38BE4E69AED17CFF7C001E56C4AC95A0    1801288    ----a-w-    C:\Users\Administrator\Desktop\JRT.exe
2015-10-06 11:11:35    9429879C217CB59F3E86912573B7E6CB    1681920    ----a-w-    C:\Users\Administrator\Desktop\AdwCleaner.exe
2015-10-06 09:27:42    F783EC309D42813F74319EB776153B2B    165376    ----a-w-    C:\Users\Administrator\Desktop\SystemLook_x64.exe
2015-10-06 09:27:34    7488DA0E1209C8BD432A7710C24E6729    2193920    ----a-w-    C:\Users\Administrator\Desktop\FRST64.exe
2015-10-05 23:21:55    7488DA0E1209C8BD432A7710C24E6729    2193920    ----a-w-    C:\Users\Sharmaine\Desktop\FRST64.exe
2015-10-05 11:39:38    B0EA2F8288CB4F59159B04510C2FE701    20389640    ----a-w-    C:\Users\Sharmaine\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-10-05 11:12:29    8D704E13B735D87D227D05B5495F1B1B    270136    ----a-w-    C:\Users\Sharmaine\Desktop\mbar\mbar.exe
2015-10-05 11:12:29    7A2EBC02187D471E16EF38D230C16D7E    54072    ----a-w-    C:\Users\Sharmaine\Desktop\mbar\mbamdor.exe
2015-10-05 11:12:29    4A5EA67F0B25AEF8AAD9EF1404230AFA    822584    ----a-w-    C:\Users\Sharmaine\Desktop\mbar\Plugins\fixdamage.exe
2015-10-05 11:12:05    67B0906B68164E807BD5691C67696DA4    16563352    ----a-w-    C:\Users\Sharmaine\Desktop\mbar-1.09.3.1001.exe
2015-10-05 11:11:57    76424017EC2915596F45E32461EFE665    22772808    ----a-w-    C:\Users\Sharmaine\Desktop\RogueKillerX64.exe
2015-10-05 11:00:39    3C7707013DEEA5ED7F68A29A007A7D57    321848    ----a-w-    C:\Users\Sharmaine\Desktop\mbam-clean-2.1.1.1001.exe
2015-10-05 11:00:37    456FD750BA7349202281AF7729ECD987    2019656    ----a-w-    C:\Users\Sharmaine\Desktop\rkill.exe
2015-10-04 22:05:15    BD4122D5B2830C8DB3992CB9D2920F0E    6677440    ----a-w-    C:\Users\Sharmaine\Desktop\ccsetup510.exe
2015-10-04 22:05:12    9246E0AFC61B213A2DEE1E82FEBA0B78    75752    ----a-w-    C:\Users\Sharmaine\Desktop\RegSetup-60769920.exe
2015-10-04 20:47:58    D3B6FA14CB7E12B7FBC0B3AA26235898    24345872    ----a-w-    C:\Users\Sharmaine\Desktop\mbam-setup-2.1.8.1057.exe
2015-10-04 20:47:58    1D7F6FACF57ABE021853D0EDBC4E2647    23579408    ----a-w-    C:\Users\Sharmaine\Desktop\SAS_271753.EXE
2015-10-04 20:47:58    0170A4503F85F2D7ABCBEF0419B1C35A    4404952    ----a-w-    C:\Users\Sharmaine\Desktop\tdsskiller.exe
2015-10-04 20:47:56    2E0AD51E723FB9F7B342FC5B9759D69A    11427128    ----a-w-    C:\Users\Sharmaine\Desktop\BootkitRemoval_x64.exe
2015-10-04 20:47:54    AFD8C4F21A7E04CD4A99572C5C2CA5E0    4559688    ----a-w-    C:\Users\Sharmaine\Desktop\avira_en_av_56123618e8f86__ws.exe
2015-10-04 20:47:54    9429879C217CB59F3E86912573B7E6CB    1681920    ----a-w-    C:\Users\Sharmaine\Desktop\adwcleaner_5.010.exe
2015-10-04 20:47:54    595B7BE35F2A33B0A1CA1801F57A8707    5500000    ----a-w-    C:\Users\Sharmaine\Desktop\avast_free_antivirus_setup_online.exe
2015-10-04 20:20:29    CEF47813B7BACC9D2D75FFFFF9275378    42802928    ----a-w-    C:\Users\Sharmaine\Desktop\Firefox Setup 41.0.1.exe
2015-09-30 16:19:27    07D733DAB53FD7E2E7C8442216073379    873800    ----a-w-    C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.2\software_reporter_tool.exe
=== C: other files ==
2015-10-05 11:12:41    78488AF2AB2111D67B3C4044707A519B    192216    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-10-05 11:12:31    47701ECA633574E122687693B5C5D35C    109272    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-378641337-597838875-491265271-500\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"SpybotPostWindows10UpgradeReInstall"="C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BeatsOSDApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BeatsOSDApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\IDT\\WDM\\beats64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DT HPO]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DT HPO"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DT_startup.exe -HPO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP KEYBOARDx]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP KEYBOARDx"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Hewlett-Packard\\HP Desktop Keyboard\\HPKEYBOARDx.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSC"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SysTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\IDT\\WDM\\sttray64.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Hp\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Snapfish PictureMover.lnk"
"backup"="C:\\Windows\\pss\\Snapfish PictureMover.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PICTUR~1\\Bin\\PICTUR~1.EXE -det"
"item"="Snapfish PictureMover"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
"path"="C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Facebook Messenger.lnk"
"backup"="C:\\Windows\\pss\\Facebook Messenger.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\user\\AppData\\Local\\Facebook\\Messenger\\2.1.4814.0\\FacebookMessenger.exe "
"item"="Facebook Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk]
"path"="C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\fliptoast.lnk"
"backup"="C:\\Windows\\pss\\fliptoast.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files (x86)\\fliptoast\\fliptoast.exe "
"item"="fliptoast"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ServiceLayer]


==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{E3FBEBC8-3411-462C-A391-438872211628}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{64CBFA77-8918-433B-AFE4-BBE2EA2D32B6}" [C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPTouchSmartWebcam.exe]
"C:\Windows\SysNative\tasks\{71068796-E000-42AC-AF90-06D550CF899F}" [C:\Program Files (x86)\fliptoast\fliptoast.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\79n69pbi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [04/10/2011 06:28 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================


Google Drive - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Chrome Web Store Payments - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
https //mynamedomain.koko//0service/update2/crx - Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Google Slides - Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Gmail - Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [spybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA6A3F7F-AE7B-48B0-A9C7-64E8E5D8852C}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Sharmaine\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=455 folders=174 379695114 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Sharmaine\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 07/10/2015 at 19:57:06.60 ======================
 

Link to post
Share on other sites

Do the following for Internet Explorer:

 

1.      Select Windows key and R key together, please type or copy paste inetcpl.cpl into the run box, select enter
2.      Select the Advanced tab.
3.      Click the Reset Internet Explorer Settings button.
4.      Click Reset to confirm the operation.
5.      Click Close when the resetting process finished.
6.      Uncheck Enable third-party browser extensions option in the Settings box.
7.      Click Apply, click OK.

Check if IE will now run...

Link to post
Share on other sites

Go here: http://windows.microsoft.com/en-gb/internet-explorer/install-ie#ie=ie-11-win-7 scroll to the option how to uninstall IE, follow those instructions. IE should then revert to IE 10.

 

Does that version run ok.

 

For Firefox, Hold down the "Shift" key whilst starting FF, it should start in "Safemode" does it run in that mode...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.