Jump to content

Browser redirected to ad sites, coupons on webpages, s.hklmm.com in the status bar


Recommended Posts

Hello,

 

I am having issues with Mozilla Firefox and have also had this issue with Chrome in the past.  Malwarebytes finds nothing every time.  Certain pages that I view get constant redirected clicks to advertisements and there will be large coupon pictures on the side and also the status bar in Firefox will say 's.hklmm.com/........' and when I click anywhere on the page, a new tab will open up to more advertising.

 

I have attached a screenshot of Firefox with the problem and here are the Farbar logs pasted:

 

Thank you for your time and assistance.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 02
Ran by X (administrator) on X-PC (12-10-2015 22:30:49)
Running from C:\Users\X\Desktop
Loaded Profiles: X (Available Profiles: X)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) D:\ProgramFiles\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) D:\ProgramFiles\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
() C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(Ideazon, Inc.) C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) D:\ProgramFiles\AMD\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) D:\ProgramFiles\AVAST Software\Avast\AvastUI.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Avast Software) D:\ProgramFiles\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Advanced Micro Devices Inc.) D:\ProgramFiles\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\X\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
() C:\Program Files\HexChat\hexchat.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe [817440 2014-01-21] ()
HKLM-x32\...\Run: [Zboard] => C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe [182784 2011-02-22] (Ideazon, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-31] (Razer Inc.)
HKLM-x32\...\Run: [startCCC] => D:\ProgramFiles\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => D:\ProgramFiles\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-18] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\ProgramFiles\AVAST Software\Avast\ashShA64.dll [2015-09-18] (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk [2015-08-22]
ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org)
Startup: C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameVox.lnk [2015-10-01]
ShortcutTarget: GameVox.lnk -> D:\ProgramFiles\GameVox\GameVox.exe (GameVox LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{12DE2C1C-DE29-46C9-B6B4-1C901552DA3C}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{68B078CC-7D6A-4D73-8EC3-704D661510A3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{79E09C33-C65C-4E20-991F-73DCDDC0E37D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8D9DE396-E6AA-4CF6-A1C9-3F5F54B387C7}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1887836958-2272079228-483403304-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1887836958-2272079228-483403304-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\ProgramFiles\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> D:\ProgramFiles\VS2012\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-30] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\ProgramFiles\AVAST Software\Avast\aswWebRepIE.dll [2015-09-17] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF ProfilePath: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\sacrmssf.default-1442405752290
FF Homepage: www.google.com.au
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-1887836958-2272079228-483403304-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-09-30] ()
FF Extension: YouTube Control Center - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\sacrmssf.default-1442405752290\Extensions\jid1-CikLKKPVkw6ipw@jetpack.xpi [2015-09-18]
FF Extension: Reddit Enhancement Suite - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\sacrmssf.default-1442405752290\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-09-18]
FF Extension: uBlock Origin - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\sacrmssf.default-1442405752290\Extensions\uBlock0@raymondhill.net.xpi [2015-10-03]
FF Extension: NoScript - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\sacrmssf.default-1442405752290\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-09-17]
FF Extension: Download YouTube Videos as MP4 - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\sacrmssf.default-1442405752290\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-09-18]
FF Extension: Adblock Plus - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\sacrmssf.default-1442405752290\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\ProgramFiles\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\ProgramFiles\AVAST Software\Avast\WebRep\FF [2015-09-17]

Chrome:
=======
CHR Profile: C:\Users\X\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-17]
CHR Extension: (Google Docs) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-17]
CHR Extension: (Google Drive) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-17]
CHR Extension: (YouTube) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-17]
CHR Extension: (Google Search) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-17]
CHR Extension: (Google Sheets) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Avast Online Security) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR Extension: (Gmail) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\ProgramFiles\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; D:\ProgramFiles\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-18] (AVAST Software)
R3 AvastVBoxSvc; D:\ProgramFiles\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-18] (Avast Software)
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2015-07-21] (Apple Inc.) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-24] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-19] (Razer, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [134656 2015-07-09] (Microsoft Corporation) [File not signed]
R2 TeamViewer; D:\ProgramFiles\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-12] (TeamViewer GmbH)
S3 VSStandardCollectorService140; D:\ProgramFiles\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-14] (Microsoft Corporation)
R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [105984 2015-08-22] (BiniSoft.org) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-18] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-18] (AVAST Software)
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-19] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-19] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-13] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-15] ()
R2 VBoxAswDrv; D:\ProgramFiles\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-18] (Avast Software)
S3 VSPerfDrv110; D:\ProgramFiles\VS2012\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 22:30 - 2015-10-12 22:31 - 00021649 _____ C:\Users\X\Desktop\FRST.txt
2015-10-12 21:52 - 2015-10-12 22:30 - 00000000 ____D C:\FRST
2015-10-12 21:51 - 2015-10-12 21:51 - 02195968 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe
2015-10-12 20:38 - 2015-10-12 20:38 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-12 17:23 - 2015-10-12 17:23 - 00458176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-12 17:23 - 2015-10-12 17:23 - 00000056 _____ C:\Windows\setupact.log
2015-10-12 17:23 - 2015-10-12 17:23 - 00000000 _____ C:\Windows\setuperr.log
2015-10-10 20:53 - 2015-10-10 20:53 - 00000000 ____D C:\Windows\SysWOW64\obj
2015-10-10 20:53 - 2015-10-10 20:53 - 00000000 ____D C:\Windows\SysWOW64\DTAR_08E86330_4835_4B5C_9E5A_61F37AE1A077_DTAR
2015-10-10 15:55 - 2015-10-10 15:55 - 01801288 _____ (Malwarebytes) C:\Users\X\Desktop\JRT.exe
2015-10-10 15:55 - 2015-10-10 15:55 - 01682432 _____ C:\Users\X\Desktop\adwcleaner_5.013.exe
2015-10-10 15:51 - 2015-10-10 15:51 - 00448512 _____ (OldTimer Tools) C:\Users\X\Desktop\TFC.exe
2015-10-03 16:22 - 2015-10-12 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-01 17:47 - 2015-10-01 17:48 - 00048710 _____ C:\Users\X\Documents\11263.bmp
2015-10-01 14:29 - 2015-10-12 22:08 - 00000000 ____D C:\Users\X\AppData\Roaming\GameVox
2015-10-01 14:29 - 2015-10-01 14:29 - 00002465 _____ C:\Users\Public\Desktop\GameVox.lnk
2015-10-01 14:29 - 2015-10-01 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVox
2015-10-01 13:33 - 2015-10-01 13:33 - 00031097 _____ C:\Users\X\Documents\11262.xcf
2015-09-30 20:20 - 2015-10-01 12:51 - 00011445 _____ C:\Users\X\Documents\DiagonalGuide.xcf
2015-09-22 03:45 - 2015-09-22 03:45 - 00000000 ____D C:\Users\X\.nuget
2015-09-20 15:34 - 2015-09-20 15:34 - 00000000 ____D C:\Users\X\Documents\Graphics
2015-09-19 13:16 - 2015-08-03 14:39 - 00000236 _____ C:\Users\X\Documents\gitignore_global.txt
2015-09-19 13:16 - 2015-08-03 14:39 - 00000173 _____ C:\Users\X\Documents\hgignore_global.txt
2015-09-19 13:11 - 2015-09-19 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2015-09-19 13:11 - 2015-09-19 13:11 - 00000000 ____D C:\ProgramData\Caphyon
2015-09-19 13:11 - 2015-09-19 13:11 - 00000000 ____D C:\ProgramData\Atlassian
2015-09-18 10:26 - 2015-09-18 10:32 - 00000000 ____D C:\Users\X\dwhelper
2015-09-18 03:43 - 2015-09-18 03:43 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-18 03:43 - 2015-09-18 03:43 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-17 12:10 - 2015-09-17 12:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-17 12:10 - 2015-09-17 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-17 11:57 - 2015-09-17 11:57 - 00000000 ____D C:\Users\X\AppData\Roaming\AVAST Software
2015-09-17 11:56 - 2015-09-18 03:44 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-17 11:56 - 2015-09-18 03:43 - 01049880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00448968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00153744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00132656 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-17 11:56 - 2015-09-18 03:43 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-17 11:56 - 2015-09-17 11:56 - 00001007 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-17 11:56 - 2015-09-17 11:56 - 00000000 ____D C:\Windows\SysWOW64\vbox
2015-09-17 11:56 - 2015-09-17 11:56 - 00000000 ____D C:\Windows\system32\vbox
2015-09-17 11:56 - 2015-09-17 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-17 11:56 - 2015-09-17 11:56 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-17 11:51 - 2015-09-17 11:51 - 05685704 _____ (AVAST Software) C:\Users\X\Downloads\avast_free_antivirus_setup_online.exe
2015-09-17 11:51 - 2015-09-17 11:51 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-17 11:26 - 2015-09-26 23:51 - 00002215 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-17 11:26 - 2015-09-17 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-17 10:20 - 2015-09-17 10:20 - 00043795 _____ C:\ComboFix.txt
2015-09-17 03:05 - 2015-09-17 03:05 - 00000000 ____D C:\Users\X\Downloads\Autoruns
2015-09-17 03:04 - 2015-09-17 03:04 - 00593693 _____ C:\Users\X\Downloads\Autoruns.zip
2015-09-17 02:31 - 2015-09-17 02:31 - 01186640 _____ C:\Users\X\Downloads\ProcessExplorer.zip
2015-09-17 02:31 - 2015-09-17 02:31 - 00000000 ____D C:\Users\X\Downloads\ProcessExplorer
2015-09-17 00:51 - 2015-09-17 00:52 - 20391688 _____ (Tweaking.com) C:\Users\X\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-09-17 00:43 - 2015-09-17 00:43 - 00000207 _____ C:\Windows\tweaking.com-regbackup-X-PC-Windows-7-Ultimate-(64-bit).dat
2015-09-17 00:43 - 2015-09-17 00:43 - 00000000 ____D C:\RegBackup
2015-09-17 00:42 - 2015-09-17 00:42 - 00002191 _____ C:\Users\X\Desktop\Tweaking.com - Windows Repair.lnk
2015-09-17 00:41 - 2015-09-17 00:41 - 00003638 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-09-17 00:41 - 2015-09-17 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-17 00:41 - 2015-09-17 00:41 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-09-16 23:21 - 2015-09-16 23:21 - 844129924 _____ C:\Users\X\Documents\backup_9_16_2015.reg
2015-09-16 23:14 - 2015-10-03 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-16 23:14 - 2015-09-16 23:14 - 00001191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-16 23:14 - 2015-09-16 23:14 - 00001179 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-16 23:13 - 2015-09-16 23:13 - 00242752 _____ C:\Users\X\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-16 23:10 - 2015-09-16 23:10 - 00000000 __SHD C:\Users\X\AppData\LocalLow\EmieBrowserModeList
2015-09-16 21:47 - 2015-09-16 21:47 - 00000725 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-16 21:47 - 2015-09-16 21:47 - 00000725 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-16 10:12 - 2015-09-15 22:36 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.20150916-091235.backup
2015-09-16 01:25 - 2015-09-16 01:25 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-16 01:19 - 2015-09-16 10:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-16 01:19 - 2015-09-16 01:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-16 01:19 - 2015-09-16 01:19 - 00001423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-16 01:19 - 2015-09-16 01:19 - 00001411 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-16 01:19 - 2015-09-16 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-16 01:19 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-09-14 17:13 - 2015-09-14 17:13 - 00000000 ____D C:\Users\X\AppData\Roaming\ICSharpCode

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-12 22:06 - 2015-06-24 12:37 - 00000000 ____D C:\Program Files\EditPlus 3
2015-10-12 21:50 - 2015-06-26 22:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-12 17:31 - 2009-07-14 15:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-12 17:31 - 2009-07-14 15:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-12 17:29 - 2015-08-24 12:58 - 00389936 _____ C:\Windows\system32\prfh0404.dat
2015-10-12 17:29 - 2015-08-24 12:58 - 00114748 _____ C:\Windows\system32\prfc0404.dat
2015-10-12 17:29 - 2015-08-24 12:54 - 00705474 _____ C:\Windows\system32\prfh0416.dat
2015-10-12 17:29 - 2015-08-24 12:54 - 00147314 _____ C:\Windows\system32\prfc0416.dat
2015-10-12 17:29 - 2015-08-24 12:51 - 00720612 _____ C:\Windows\system32\prfh0816.dat
2015-10-12 17:29 - 2015-08-24 12:51 - 00152564 _____ C:\Windows\system32\prfc0816.dat
2015-10-12 17:29 - 2015-08-24 12:48 - 00372764 _____ C:\Windows\system32\prfh0804.dat
2015-10-12 17:29 - 2015-08-24 12:48 - 00119250 _____ C:\Windows\system32\prfc0804.dat
2015-10-12 17:29 - 2015-08-24 12:44 - 00420018 _____ C:\Windows\system32\perfh012.dat
2015-10-12 17:29 - 2015-08-24 12:44 - 00120042 _____ C:\Windows\system32\perfc012.dat
2015-10-12 17:29 - 2015-08-24 12:38 - 00731640 _____ C:\Windows\system32\perfh010.dat
2015-10-12 17:29 - 2015-08-24 12:38 - 00146504 _____ C:\Windows\system32\perfc010.dat
2015-10-12 17:29 - 2015-08-24 12:35 - 00688802 _____ C:\Windows\system32\perfh007.dat
2015-10-12 17:29 - 2015-08-24 12:35 - 00148774 _____ C:\Windows\system32\perfc007.dat
2015-10-12 17:29 - 2015-07-05 16:19 - 00408372 _____ C:\Windows\system32\perfh011.dat
2015-10-12 17:29 - 2015-07-05 16:19 - 00121758 _____ C:\Windows\system32\perfc011.dat
2015-10-12 17:29 - 2015-07-05 16:16 - 00724324 _____ C:\Windows\system32\perfh019.dat
2015-10-12 17:29 - 2015-07-05 16:16 - 00150626 _____ C:\Windows\system32\perfc019.dat
2015-10-12 17:29 - 2015-07-05 16:13 - 00737050 _____ C:\Windows\system32\perfh00A.dat
2015-10-12 17:29 - 2015-07-05 16:13 - 00158132 _____ C:\Windows\system32\perfc00A.dat
2015-10-12 17:29 - 2009-07-14 16:13 - 08050858 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-12 17:27 - 2014-07-18 16:50 - 01595172 _____ C:\Windows\WindowsUpdate.log
2015-10-12 17:24 - 2015-06-26 22:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-12 17:23 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-12 17:22 - 2015-09-08 10:23 - 00000000 ____D C:\AdwCleaner
2015-10-12 16:56 - 2015-09-08 11:28 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-12 16:43 - 2014-08-25 03:11 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-12 16:12 - 2015-07-15 13:23 - 00000000 ____D C:\Users\X\AppData\Roaming\HexChat
2015-10-12 16:12 - 2015-06-13 04:01 - 00000000 ____D C:\Users\X\AppData\Roaming\.purple
2015-10-12 16:12 - 2015-05-02 21:04 - 00000000 ____D C:\Users\X\AppData\Roaming\Skype
2015-10-12 15:35 - 2014-08-19 10:57 - 00000000 ____D C:\Users\X\AppData\Roaming\TS3Client
2015-10-10 16:00 - 2014-07-18 16:49 - 00000000 ____D C:\Users\X
2015-10-09 13:09 - 2014-11-01 09:20 - 00000000 ____D C:\Users\X\Documents\The Lord of the Rings Online
2015-10-06 22:54 - 2015-08-02 23:32 - 00000000 ____D C:\Users\X\.gimp-2.8
2015-10-06 21:32 - 2015-05-02 21:04 - 00000000 ____D C:\ProgramData\Skype
2015-10-06 14:50 - 2015-07-25 12:18 - 00000000 ____D C:\Users\X\Documents\Visual Studio 2015
2015-10-05 17:24 - 2014-11-01 17:58 - 00000000 ____D C:\Users\X\Documents\Visual Studio 2012
2015-10-01 14:29 - 2015-09-03 16:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-30 23:10 - 2014-10-13 16:17 - 00000898 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-30 14:53 - 2014-10-13 16:17 - 00000000 ____D C:\Program Files\CCleaner
2015-09-22 00:39 - 2015-05-21 23:34 - 00000000 ____D C:\Users\X\AppData\Roaming\UoFiddler
2015-09-19 13:16 - 2015-06-01 01:08 - 00000164 _____ C:\Users\X\mercurial.ini
2015-09-17 12:10 - 2015-05-02 21:04 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-17 11:11 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-17 10:42 - 2015-06-24 12:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-17 10:42 - 2015-06-24 12:32 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-17 10:42 - 2010-11-21 18:16 - 00000000 ____D C:\Windows\ShellNew
2015-09-17 10:42 - 2009-07-14 14:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-17 10:41 - 2009-07-14 14:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-17 10:41 - 2009-07-14 13:34 - 00000387 _____ C:\Windows\win.ini
2015-09-17 10:20 - 2015-09-08 10:54 - 00000000 ____D C:\Qoobox
2015-09-17 10:10 - 2009-07-14 13:34 - 00000215 ____N C:\Windows\system.ini
2015-09-17 00:47 - 2010-11-21 18:16 - 00000000 ____D C:\Windows\CSC
2015-09-16 17:17 - 2015-08-23 02:30 - 00001013 _____ C:\Users\X\Desktop\.NET Reflector.lnk
2015-09-16 17:10 - 2015-06-28 23:08 - 00000000 ____D C:\Users\X\AppData\Roaming\GitHub
2015-09-16 17:10 - 2015-06-04 16:27 - 00000000 ____D C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-09-16 17:06 - 2015-09-08 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-09-16 17:06 - 2015-09-08 11:48 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-09-16 16:58 - 2015-07-25 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-09-16 16:58 - 2015-07-25 11:58 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-16 16:43 - 2009-07-14 16:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-09-16 16:36 - 2015-06-26 22:26 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-15 23:45 - 2015-06-26 22:26 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 23:45 - 2015-06-26 22:26 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 22:53 - 2015-09-08 11:21 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-15 22:39 - 2015-06-01 13:06 - 00000000 ____D C:\Users\X\AppData\Local\Apps\2.0
2015-09-15 20:52 - 2015-07-13 14:46 - 00000000 ____D C:\Program Files (x86)\JetBrains

==================== Files in the root of some directories =======

2014-09-12 20:14 - 2014-11-11 20:38 - 0001138 _____ () C:\Users\X\AppData\Roaming\combobox_u.ini
2014-07-23 21:52 - 2014-11-24 16:29 - 0000982 _____ () C:\Users\X\AppData\Roaming\editplus_u.ini
2015-08-26 04:07 - 2015-09-08 08:37 - 0001456 _____ () C:\Users\X\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-09-11 02:10 - 2015-10-01 18:11 - 0015360 _____ () C:\Users\X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-06 14:48 - 2015-10-06 14:48 - 0025556 _____ () C:\Users\X\AppData\Local\recently-used.xbel
2014-07-18 18:08 - 2015-10-12 16:12 - 0007615 _____ () C:\Users\X\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 00:11

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
Ran by X (2015-10-12 22:31:16)
Running from C:\Users\X\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-07-18 05:49:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1887836958-2272079228-483403304-500 - Administrator - Disabled)
Guest (S-1-5-21-1887836958-2272079228-483403304-501 - Limited - Disabled)
X (S-1-5-21-1887836958-2272079228-483403304-1000 - Administrator - Enabled) => C:\Users\X

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

.NET Reflector Desktop (HKLM-x32\...\{60EDFDF5-224E-4CB3-8BE8-55A6D852C0A8}) (Version: 8.3.3.115 - Red Gate Software Ltd)
.NET Reflector Visual Studio Extension 8.3 (HKLM-x32\...\{78AB5E88-4A49-43FF-9657-37935971F355}) (Version: 8.3.3.115 - Red Gate Software Ltd)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3.1 - Microsoft Corporation) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Azure Resource Manager Tools (VS 14) - v2.7 (x32 Version: 2.7.0.0 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30728.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.0 - Borland Software Corporation)
Build Tools for Windows 10 - ENU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
calibre (HKLM-x32\...\{B4B62C79-A41D-47C6-B689-0416BEA6678F}) (Version: 2.35.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CentrED+ 0.7.8 (HKLM-x32\...\{7D57FDCD-E0FD-4055-B478-911F7FF2711E}_is1) (Version: 0.7.8 - uoquint.ru)
Cloud Deployment Project for Microsoft Visual Studio 14 - v2.7 (x32 Version: 2.7.30713.1 - Microsoft Corporation) Hidden
Cloud Explorer - v1.0 (x32 Version: 2.7.30728.1602 - Microsoft Corporation) Hidden
CodedUITestUAP (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
EditPlus 3 (64 bit) (HKLM\...\EditPlus 3) (Version:  - ES-Computing)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Five Nights at Freddy's (HKU\S-1-5-21-1887836958-2272079228-483403304-1000\...\Five Nights at Freddy's) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Free Pascal 2.6.4 (HKLM-x32\...\FreePascal_is1) (Version:  - Free Pascal Team)
GameVox 0.18.4.56 (HKLM-x32\...\{d1b6d93c-44b5-4130-bff4-95c9b6d141d3}) (Version: 0.18.4.56 - GameVox LLC)
GameVox 0.18.4.56 (x32 Version: 0.18.4.56 - GameVox LLC) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
IDA Pro v6.6 and Hex-Rays Decompiler (ARM,x64,x86) (HKLM-x32\...\IDA Pro_6.6_is1) (Version:  - Hex-Rays SA)
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intellisense Lang Pack Mobile Extension SDK 10.0.10240.0 (x32 Version: 10.0.10240.0 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 10.0.26624 - Microsoft) Hidden
Lazarus 1.4.0 (HKLM\...\lazarus_is1) (Version: 1.4.0 - Lazarus Team)
Lazarus 1.4.0 (HKLM\...\lazarus_sec_fada641f8061f965fccd2f0d0a9211507191e2e0_12_is1) (Version: 1.4.0 - Lazarus Team)
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
LuaEdit 2010 (x86 - 3.0.10.0) (HKLM-x32\...\LuaEdit 2010_is1) (Version:  - Open Source)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mercurial 3.4 (64-bit) (HKLM\...\{4B95A5F1-EF59-4B08-BED8-C891C46121B3}_is1) (Version:  - Matt Mackall and others)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET and Web Tools 2015 - Visual Studio 2015 (HKLM-x32\...\{793E0ACB-A990-3C19-BC72-0C3096CC60C7}) (Version: 14.0.20711.0 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.7 (HKLM\...\{345F324D-D270-4051-95FA-55AAA9CA7FE7}) (Version: 2.7.6496.6 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.7 (HKLM\...\Microsoft Azure Compute Emulator - v2.7) (Version: 2.7.6496.6 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.7 (HKLM\...\{CBF95044-8CCB-492A-B46C-87CE75325CAD}) (Version: 2.7.0707.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V2.0 (HKLM-x32\...\{55682DAE-D723-40A1-B448-3D259DEF5073}) (Version: 2.0.30626.0 - Microsoft Corporation)
Microsoft Azure Quickstarts (HKLM-x32\...\{A6ACA586-9C39-3F57-82B6-9345FF1672F9}) (Version: 1.6 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v4.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v4.1) (Version: 4.1.6848.8 - Microsoft Corporation)
Microsoft Azure Storage Tools - v3.1.0 (HKLM-x32\...\{B24BC91A-09AF-4695-8CE5-D62582B57946}) (Version: 3.1.0.0 - Microsoft Corporation)
Microsoft Azure Tools for Microsoft Visual Studio 2015 - v2.7 (HKLM-x32\...\{2ba3b504-c86f-4742-a89e-6faa157422ad}) (Version: 2.7.30728.1602 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Hive ODBC Driver (HKLM\...\{AC9970E8-7F55-4F50-A6D3-2BC041589904}) (Version: 1.0.5.5 - Microsoft Corporation)
Microsoft Hive ODBC Driver (HKLM-x32\...\{7A580208-9E61-47FD-9AEB-DDDAA67CF0F6}) (Version: 1.0.5.5 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 SDK - ENU (HKLM-x32\...\{028a4515-c200-4460-bccf-a9b338b0c0f4}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Plantronics® GameCom 780/788 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 3.20.0001 - Plantronics)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Python Tools 2.2 for Visual Studio 2015 (HKLM-x32\...\{DE3F045F-57D5-4DAF-A479-DB759047966B}) (Version: 2.2.30718.00 - Microsoft Corporation)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27599 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RedNotebook 1.10.1 (HKLM-x32\...\{82A7E9C3-D3F3-4B85-9AC3-D0E011D19E50}_is1) (Version:  - )
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 15.0.4641.1002 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.3104.1200 - Microsoft Corporation) Hidden
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SourceGear DiffMerge 4.2.0.697.stable (x64) (HKLM\...\{F6BEC317-F689-4158-B1F0-F229B794CFBA}) (Version: 4.2.0.697 - SourceGear, LLC)
SourceTree (HKLM-x32\...\SourceTree 1.6.20) (Version: 1.6.20 - Atlassian)
SourceTree (x32 Version: 1.6.20 - Atlassian) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TortoiseHg 3.4.107 (x64) (HKLM\...\{0A8E4DB6-5D97-436F-B9C9-3EB9B918A43E}) (Version: 3.4.107 - Steve Borho and others)
TortoiseSVN 1.9.0.26652 (64 bit) (HKLM\...\{C35C94DD-E13F-4504-BB97-0CE2D9A0ED73}) (Version: 1.9.26652 - TortoiseSVN)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.5.0 - Tweaking.com)
TypeScript Power Tool (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.4.0 (HKLM-x32\...\{4cde0c8c-47b3-448f-babf-fe5d392432a6}) (Version: 1.5.23128.0 - Microsoft Corporation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version:  - Electronic Arts)
Ultima Online Forever (x32 Version: 1.0.0 - Ultima Online Forever (Razor)) Hidden
Ultima Online: Mondain's Legacy (HKLM-x32\...\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}) (Version: 1.00.0000 - EA Games)
Ultima Online: Samurai Empire (HKLM-x32\...\{0A416BE7-AC93-414B-0093-7193CAF18296}) (Version:  - )
Uninstall Finalizer (x32 Version: 2.7.30728.1602 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual C++ for Mobile Development (Android support) (HKLM-x32\...\{de973d66-fb42-4f73-85cd-7167caaaa669}) (Version: 14.0.23027.0 - Microsoft Corporation)
Visual C++ for Mobile Development (iOS support) (HKLM-x32\...\{bc53ba6f-cc3a-487b-b600-fb0814668a99}) (Version: 14.0.23027.0 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
VisualSVN 5.0.2 (HKLM-x32\...\{746613E6-55ED-43BB-801B-8FDA3B488604}) (Version: 5.0.2.0 - VisualSVN Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WildStarPTR (HKLM-x32\...\WildStarPTR) (Version:  - NCSOFT)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Z Engine (HKLM-x32\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.30_NA - Ideazon)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

08-10-2015 17:17:30 Scheduled Checkpoint
10-10-2015 15:59:21 JRT Pre-Junkware Removal
12-10-2015 16:13:43 JRT Pre-Junkware Removal
12-10-2015 16:59:09 Checkpoint by HitmanPro
12-10-2015 17:00:50 Checkpoint by HitmanPro

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:34 - 2015-09-17 10:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0095E2B3-7251-46C2-A9E9-7B46FFD7B1BB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7D57B159-227C-4F19-8453-B5037544B9D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {CDB492C6-19A2-4105-B40B-8A4A5521405C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {D2F8F65D-B721-421B-AD9F-44AE604A42ED} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com)
Task: {F8381D36-A110-473B-BC71-0BAFD2F67D74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-17] (Piriform Ltd)
Task: {FF00CC38-025B-4CCC-BEC5-D5C56C0C269E} - System32\Tasks\avast! Emergency Update => D:\ProgramFiles\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-18] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 17:26 - 2015-05-15 17:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-24 06:11 - 2015-06-24 06:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-08-03 21:59 - 2015-08-03 21:59 - 00088576 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2015-06-24 12:36 - 2014-03-26 06:54 - 00062512 _____ () C:\Program Files\EditPlus 3\eppshell64.dll
2015-03-14 18:57 - 2014-01-21 16:40 - 00817440 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
2015-07-15 13:23 - 2014-11-25 20:09 - 00741888 _____ () C:\Program Files\HexChat\hexchat.exe
2015-07-15 13:23 - 2014-11-22 20:48 - 00028160 _____ () C:\Program Files\HexChat\iconv.dll
2015-07-15 13:23 - 2014-11-22 20:50 - 01394688 _____ () C:\Program Files\HexChat\cairo.dll
2015-07-15 13:23 - 2014-11-22 20:48 - 00682496 _____ () C:\Program Files\HexChat\fontconfig.dll
2015-07-15 13:23 - 2014-11-22 20:48 - 01502720 _____ () C:\Program Files\HexChat\libxml2.dll
2015-07-15 13:23 - 2014-11-22 20:49 - 00613888 _____ () C:\Program Files\HexChat\pixman-1.dll
2015-07-15 13:23 - 2014-11-22 20:48 - 00225280 _____ () C:\Program Files\HexChat\libpng16.dll
2015-07-15 13:23 - 2014-11-22 20:48 - 00076288 _____ () C:\Program Files\HexChat\zlib1.dll
2015-07-15 13:23 - 2014-11-22 20:50 - 00783360 _____ () C:\Program Files\HexChat\harfbuzz.dll
2015-07-15 13:23 - 2014-11-22 20:51 - 00056832 _____ () C:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
2015-07-15 13:23 - 2014-11-22 20:50 - 00287744 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2015-07-15 13:23 - 2014-11-25 20:09 - 00011264 _____ () C:\Program Files\HexChat\plugins\hcupd.dll
2015-07-15 13:23 - 2014-11-25 20:09 - 00010240 _____ () C:\Program Files\HexChat\plugins\hcwinamp.dll
2015-10-12 20:39 - 2015-05-14 11:54 - 00422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-09-18 03:43 - 2015-09-18 03:43 - 00103376 _____ () D:\ProgramFiles\AVAST Software\Avast\log.dll
2015-09-18 03:43 - 2015-09-18 03:43 - 00123976 _____ () D:\ProgramFiles\AVAST Software\Avast\JsonRpcServer.dll
2015-10-11 19:56 - 2015-10-11 19:56 - 02994544 _____ () D:\ProgramFiles\AVAST Software\Avast\defs\15101100\algo.dll
2015-09-16 01:19 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-16 01:19 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-16 01:19 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-16 01:19 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-09-16 01:19 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-14 18:57 - 2014-01-21 16:40 - 00149792 ____N () C:\Program Files\Plantronics\GameCom 780 & 788\VmixPLGC.dll
2015-10-12 17:24 - 2015-10-12 17:24 - 00112318 _____ () H:\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
2011-02-16 14:38 - 2011-02-16 14:38 - 00015872 _____ () C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll
2009-07-14 08:03 - 2009-07-14 12:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2015-09-05 12:42 - 2015-09-05 12:42 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-07-24 09:02 - 2014-11-26 14:12 - 40622592 _____ () C:\Users\X\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2015-09-18 03:43 - 2015-09-18 03:43 - 40539648 _____ () D:\ProgramFiles\AVAST Software\Avast\libcef.dll
2015-07-24 09:02 - 2014-11-26 14:12 - 00911360 _____ () C:\Users\X\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-07-24 09:02 - 2014-11-26 14:12 - 00134144 _____ () C:\Users\X\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
2015-08-03 21:53 - 2015-08-03 21:53 - 00073088 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15749 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1887836958-2272079228-483403304-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\X\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^X^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Gitter.lnk => C:\Windows\pss\Gitter.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MP2 ClientLauncher => "C:\Program Files (x86)\Team MediaPortal\MP2-Client\Tools\MP2-ClientLauncher\MP2-ClientLauncher.exe"
MSCONFIG\startupreg: MP2 ServiceMonitor => "C:\Program Files (x86)\Team MediaPortal\MP2-ServiceMonitor\MP2-ServiceMonitor.exe" -m
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TortoiseHgOverlayIconServer => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F9AB647E-D0A2-4D36-9B72-BEFE77411D32}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [uDP Query User{F5FE707E-26B8-4C31-A207-4BB0A2DF9E42}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/12/2015 08:38:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/12/2015 05:24:08 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (10/12/2015 08:47:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/12/2015 08:47:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\H:\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/12/2015 08:47:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/12/2015 08:47:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\H:\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/12/2015 08:47:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/12/2015 08:47:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\H:\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/12/2015 08:40:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/12/2015 08:40:17 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\H:\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/12/2015 08:40:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (10/12/2015 08:40:17 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\H:\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


CodeIntegrity:
===================================
  Date: 2015-09-25 03:09:23.989
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Temp\MHS6.1\ROTO because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-25 03:09:23.917
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Temp\MHS6.1\ROTO because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-17 09:05:04.319
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-17 09:05:04.273
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-17 09:05:04.226
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-17 09:05:04.182
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 21:34:48.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 21:34:47.965
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 21:34:47.919
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-15 21:34:47.874
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 34%
Total physical RAM: 16382.43 MB
Available physical RAM: 10771.56 MB
Total Virtual: 49145.5 MB
Available Virtual: 43761.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:79.9 GB) (Free:5.47 GB) NTFS
Drive d: () (Fixed) (Total:158.47 GB) (Free:47.18 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:931.51 GB) (Free:261.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: () (Fixed) (Total:931.41 GB) (Free:520.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 84084276)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1C122B93)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 89183CF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=79.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=158.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

post-193928-0-24580600-1444649823_thumb.

Link to post
Share on other sites

  • Staff

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

  • Staff

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)

Recommended reading:

icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

icon_arrow.gifCCleaner - to clean unneeded temporary files.

icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gifMcShield - to prevent infections spread by removable media.

icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.

icon_arrow.gifAdblock - to surf the web without annoying ads!

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.

If you're happy with the help provided and/or wish to show your appreciation for the assistance you received, then you can consider a donation:

btn_donateCC_LG.gif

Thank you!

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.