Jump to content

Softcomp Privoxy virus


Recommended Posts

Hello!

I have a problem with my laptop. This problem began well over a year ago and anything I've tried to do hasn't fixed it.

Everytime I browse(on any browser), occasionally my clicks send me to some ad filled pages. I've traced it down to a privoxy service hijacking my proxy settings. The privoxy.exe file is situated in a Softcomp folder and restores itself even after removing.

Please help me

Heidi

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01Ran by Heidi (administrator) on HEIDI-PC (15-01-2016 21:36:25)Running from C:\Users\Heidi\DesktopLoaded Profiles: Heidi (Available Profiles: Heidi & Anne)Platform: Windows 8.1 (X64) Language: Eesti (Eesti)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe() C:\ProgramData\DatacardService\HWDeviceService64.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Softcomp Software\privoxy.exe(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe() C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\ouc.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Spotify Ltd) C:\Users\Heidi\AppData\Roaming\Spotify\SpotifyWebHelper.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Dropbox, Inc.) C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.213.2940.0.exe(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe() C:\Program Files (x86)\Google\Update\Install\{8A6D3EE5-C1C1-4909-99A8-032C05A3D202}\47.0.2526.111_47.0.2526.106_chrome_updater_3stage.exe(Google Inc.) C:\Windows\Temp\CR_634E1.tmp\setup.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-22] (Realtek Semiconductor)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [Spotify Web Helper] => C:\Users\Heidi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-23] (Spotify Ltd)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [Facebook Update] => "C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverHKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [GoogleChromeAutoLaunch_AA537932F3BCB6B838877BF7BBE6F21F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [Dropbox Update] => C:\Users\Heidi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [Spotify] => C:\Users\Heidi\AppData\Roaming\Spotify\Spotify.exe [8316528 2015-12-23] (Spotify Ltd)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {001b9916-7270-11e3-be98-8c736eb636c2} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {10c7f6a9-6ed4-11e5-bef7-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {155fbbc9-381f-11e3-be88-8c736eb636c2} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {4d434157-2589-11e4-bec2-8c736eb636c2} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {54a0270f-d622-11e4-bedf-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {550ddc09-53e0-11e4-bec9-3859f9f621ac} - "G:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {59ffb74f-2d58-11e5-beeb-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {684d9c1a-b31e-11e5-bf08-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {7db156e6-57ac-11e4-bec9-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {84da2dd3-8668-11e4-bed2-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {9990ac96-6a6f-11e5-bef7-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {afeb78d9-8cac-11e3-bea0-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {c789e5b4-cd86-11e4-bedc-8c736eb636c2} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {dce3f442-c723-11e3-beb1-8c736eb636c2} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {ddafe344-2f0f-11e5-beec-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {e4cb9a9b-3623-11e5-beed-3859f9f621ac} - "F:\AutoRun.exe" HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation)AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-13]ShortcutTarget: Dropbox.lnk -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.4.lnk [2015-02-21]ShortcutTarget: LibreOffice 4.4.lnk -> C:\Program Files (x86)\LibreOffice 4\program\quickstart.exe ()CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 85.253.0.2 85.253.0.130Tcpip\..\Interfaces\{4D0DF066-A028-41E5-963F-5F93214226FB}: [DhcpNameServer] 85.253.0.2 85.253.0.130Tcpip\..\Interfaces\{BEF437FF-1164-4541-9C6B-9BAC09C7B096}: [NameServer] 212.247.156.70 212.247.156.66Tcpip\..\Interfaces\{D0EABFC4-F963-4EFF-BF01-02B8ECB3402C}: [NameServer] 212.247.156.70 212.247.156.66Internet Explorer:==================HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll [2015-04-13] (RIA)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll [2015-04-13] (RIA)BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No FileBHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No FileBHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)FireFox:========FF ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.defaultFF NetworkProxy: "type", 5)user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf"FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-22] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll [2015-04-13] (RIA)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-22] ()FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll [2015-04-13] (RIA)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2129919252-2856369786-1848260543-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]FF Plugin HKU\S-1-5-21-2129919252-2856369786-1848260543-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heidi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not foundFF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a66}] - C:\Program Files (x86)\Estonian ID Card\Firefox PKCS11 LoaderFF Extension: Estonian ID Card authentication module - C:\Program Files (x86)\Estonian ID Card\Firefox PKCS11 Loader [2015-04-16] [not signed]Chrome: =======CHR HomePage: Profile 1 -> hxxp://www.search.ask.com/?gct=hpCHR DefaultSearchURL: Profile 1 -> hxxp://www.search.ask.com/web?q={searchTerms}CHR DefaultSearchKeyword: Profile 1 -> search.ask.comCHR DefaultSuggestURL: Profile 1 -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}CHR Session Restore: Profile 1 -> is enabled.CHR Profile: C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1CHR Extension: (Google Slides) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]CHR Extension: (Google Docs) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]CHR Extension: (Google Drive) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]CHR Extension: (YouTube) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]CHR Extension: (Adblock Plus) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]CHR Extension: (Google Search) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]CHR Extension: (Google Sheets) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]CHR Extension: (Google Docs Offline) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]CHR Extension: (Chrome Web Store Payments) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]CHR Extension: (Marc Ecko) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2014-12-10]CHR Extension: (Gmail) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [182304 2014-12-14] (EasyAntiCheat Ltd)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)R2 PrivoxyService; C:\Program Files (x86)\Softcomp Software\privoxy.exe [371200 2016-01-14] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTIONR2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)S2 Tele2 Mobile Partner. RunOuc; C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe [655744 2013-10-18] ()R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S3 ACTIVhidmini; C:\Windows\System32\drivers\ACTIVhidmini.sys [102384 2012-10-30] (Promethean Technologies Ltd) [File not signed]R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)S3 atrfiltr; C:\Windows\system32\DRIVERS\atrfiltr.sys [16224 2013-11-28] (Windows (R) Win 7 DDK provider)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [134696 2012-01-27] (Broadcom Corporation.)S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [143360 2013-03-22] (HID Global Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2015-12-29] ()S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [239104 2013-10-18] (Huawei Technologies Co., Ltd.)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-01-15] (Malwarebytes)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)S3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [10240 2013-08-12] (SMART Technologies) [File not signed]S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2013-08-12] (SMART Technologies) [File not signed]S3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [22184 2013-08-12] (SMART Technologies ULC) [File not signed]R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1803264 2011-03-10] ()S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)U0 xoxosfdd; C:\Windows\System32\drivers\oflskx.sys [79064 2016-01-15] (Malwarebytes)==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-01-15 21:36 - 2016-01-15 21:37 - 00023603 _____ C:\Users\Heidi\Desktop\FRST.txt2016-01-15 21:36 - 2016-01-15 21:36 - 00000000 ____D C:\FRST2016-01-15 21:35 - 2016-01-15 21:35 - 02370560 _____ (Farbar) C:\Users\Heidi\Desktop\FRST64.exe2016-01-15 21:34 - 2016-01-15 21:34 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\oflskx.sys2016-01-14 20:20 - 2016-01-14 20:20 - 00000000 ____D C:\ProgramData\Package Cache2016-01-14 19:43 - 2016-01-14 19:43 - 00000000 ____D C:\Program Files (x86)\Softcomp Software2016-01-14 19:17 - 2015-12-11 06:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2016-01-14 19:17 - 2015-12-11 05:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2016-01-14 19:17 - 2015-12-11 05:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2016-01-14 19:17 - 2015-12-11 04:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2016-01-14 19:16 - 2015-12-30 21:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2016-01-14 19:16 - 2015-12-11 06:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2016-01-14 19:16 - 2015-12-11 05:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2016-01-14 19:16 - 2015-12-11 05:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2016-01-14 19:16 - 2015-12-11 05:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2016-01-14 19:16 - 2015-12-11 05:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2016-01-14 19:16 - 2015-12-11 05:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2016-01-14 19:16 - 2015-12-11 05:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2016-01-14 19:16 - 2015-12-11 04:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2016-01-14 19:16 - 2015-12-11 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2016-01-14 19:16 - 2015-12-11 04:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2016-01-14 19:16 - 2015-12-11 04:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2016-01-14 19:16 - 2015-12-11 04:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2016-01-14 19:16 - 2015-12-11 04:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2016-01-14 19:16 - 2015-12-11 04:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2016-01-14 19:16 - 2015-12-11 04:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2016-01-14 19:16 - 2015-12-11 04:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2016-01-14 19:16 - 2015-12-11 04:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2016-01-14 19:16 - 2015-12-07 12:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll2016-01-14 19:16 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2016-01-14 19:16 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2016-01-14 19:16 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll2016-01-14 19:16 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll2016-01-14 19:16 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll2016-01-14 19:16 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll2016-01-14 19:16 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll2016-01-14 19:16 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL2016-01-14 19:16 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll2016-01-14 19:16 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll2016-01-14 19:16 - 2015-12-04 17:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll2016-01-14 19:16 - 2015-12-03 21:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2016-01-14 19:16 - 2015-12-03 21:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll2016-01-14 19:16 - 2015-12-03 21:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll2016-01-14 19:16 - 2015-12-03 21:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll2016-01-14 19:16 - 2015-12-03 21:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2016-01-14 19:16 - 2015-12-03 20:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll2016-01-14 19:16 - 2015-12-03 20:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll2016-01-14 19:16 - 2015-12-03 20:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll2016-01-14 19:16 - 2015-12-03 20:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys2016-01-14 19:16 - 2015-12-03 20:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys2016-01-14 19:16 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll2016-01-14 19:16 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax2016-01-14 19:16 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL2016-01-14 19:16 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL2016-01-14 19:16 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL2016-01-14 19:16 - 2015-12-03 19:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll2016-01-14 19:16 - 2015-12-03 19:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2016-01-14 19:16 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll2016-01-14 19:16 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL2016-01-14 19:16 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll2016-01-14 19:16 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax2016-01-14 19:16 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL2016-01-14 19:16 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL2016-01-14 19:16 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL2016-01-14 19:16 - 2015-12-03 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2016-01-14 19:16 - 2015-12-03 19:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2016-01-14 19:16 - 2015-12-03 19:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2016-01-14 19:16 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll2016-01-14 19:16 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL2016-01-14 19:16 - 2015-12-03 18:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2016-01-14 19:16 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL2016-01-14 19:16 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL2016-01-14 19:16 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll2016-01-14 19:16 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll2016-01-14 19:15 - 2015-12-30 21:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2016-01-14 19:15 - 2015-12-30 21:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2016-01-14 19:15 - 2015-12-10 02:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe2016-01-14 19:15 - 2015-12-08 21:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll2016-01-14 19:15 - 2015-12-08 21:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll2016-01-14 19:15 - 2015-11-17 23:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2016-01-14 19:15 - 2015-11-17 23:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2016-01-14 19:15 - 2015-11-17 23:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2016-01-14 19:15 - 2015-11-17 23:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2016-01-14 19:15 - 2015-11-17 23:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2016-01-14 19:15 - 2015-11-17 23:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2016-01-14 19:15 - 2015-11-17 23:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll2016-01-04 22:24 - 2015-12-22 23:38 - 00019326 _____ C:\Users\Heidi\Documents\töö%20vormistus.doc_0.odt2016-01-04 22:17 - 2016-01-04 22:17 - 13467990 _____ C:\Users\Heidi\Desktop\e-home_recording_studio_full-site_download.zip2016-01-04 22:15 - 2016-01-15 20:32 - 00003272 _____ C:\WINDOWS\System32\Tasks\Softcomp Software Viewer2015-12-29 00:39 - 2015-12-29 00:39 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys2015-12-28 23:49 - 2015-12-28 23:49 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-12-28 23:49 - 2015-12-28 23:49 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk2015-12-28 23:49 - 2015-12-28 23:49 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Mozilla2015-12-28 23:49 - 2015-12-28 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-28 23:49 - 2015-12-28 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-28 23:47 - 2015-12-28 23:47 - 00248632 _____ C:\Users\Heidi\Downloads\Firefox Setup Stub 43.0.3.exe2015-12-28 23:37 - 2015-12-28 23:37 - 00000000 ____D C:\Users\Heidi\Desktop\Firefoxi vanad andmed2015-12-28 23:10 - 2015-12-28 23:11 - 25186399 _____ (Audacity Team ) C:\Users\Heidi\Desktop\audacity-win-2.1.1.exe==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2016-01-15 21:36 - 2013-08-22 15:36 - 00000000 ____D C:\Windows2016-01-15 21:33 - 2014-04-30 23:45 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FA3FB4DE-7EA4-4C12-9083-9C2C6783CA85}2016-01-15 21:33 - 2013-05-05 12:13 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2016-01-15 21:23 - 2013-07-04 20:51 - 00000438 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics2016-01-15 21:07 - 2015-06-19 21:57 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA.job2016-01-15 20:37 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness2016-01-15 20:37 - 2013-05-04 09:26 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2129919252-2856369786-1848260543-10022016-01-15 20:35 - 2014-12-19 23:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2016-01-15 20:34 - 2013-06-19 23:42 - 00000000 ____D C:\Program Files (x86)\AVS4YOU2016-01-15 20:33 - 2013-09-30 06:18 - 00925226 _____ C:\WINDOWS\system32\PerfStringBackup.INI2016-01-15 20:33 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf2016-01-15 20:33 - 2013-05-05 13:30 - 00062210 _____ C:\WINDOWS\system32\perfh025.dat2016-01-15 20:33 - 2013-05-05 13:30 - 00016230 _____ C:\WINDOWS\system32\perfc025.dat2016-01-15 20:29 - 2015-03-29 20:25 - 00000000 ___RD C:\Users\Heidi\Dropbox2016-01-15 20:29 - 2015-03-29 20:14 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Dropbox2016-01-15 20:27 - 2013-10-21 23:26 - 00000000 __RDO C:\Users\Heidi\SkyDrive2016-01-15 20:27 - 2013-05-05 12:13 - 00000960 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2016-01-15 20:25 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2016-01-15 20:22 - 2013-08-22 15:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI2016-01-15 07:36 - 2014-12-14 14:06 - 00000000 ___SD C:\WINDOWS\system32\CompatTel2016-01-15 07:36 - 2014-12-14 14:06 - 00000000 ____D C:\WINDOWS\system32\appraiser2016-01-15 02:07 - 2015-06-19 21:57 - 00000884 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core.job2016-01-15 01:59 - 2013-06-23 22:04 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Spotify2016-01-14 23:39 - 2013-10-24 13:13 - 00000000 ____D C:\Users\Heidi\AppData\Local\Spotify2016-01-14 20:29 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps2016-01-14 20:29 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp2016-01-14 20:28 - 2013-05-05 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2016-01-14 20:28 - 2013-05-05 12:47 - 00000000 ____D C:\ProgramData\Microsoft Help2016-01-14 20:26 - 2013-05-05 15:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight2016-01-14 20:26 - 2013-05-05 15:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2016-01-14 20:22 - 2012-07-26 07:26 - 00000167 _____ C:\WINDOWS\win.ini2016-01-06 21:36 - 2013-06-26 11:53 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\vlc2016-01-06 03:15 - 2013-10-21 03:05 - 00000000 ____D C:\Users\Heidi2016-01-06 00:18 - 2013-05-05 13:04 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Skype2016-01-05 22:04 - 2014-12-14 15:39 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2016-01-05 22:04 - 2014-12-14 15:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2016-01-04 14:05 - 2015-12-03 21:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2016-01-04 14:04 - 2015-11-16 22:00 - 00000000 ____D C:\Users\Heidi\Documents\MÕTE2016-01-04 14:04 - 2013-05-09 12:48 - 00000000 ____D C:\Users\Heidi\Documents\HHH2016-01-04 14:00 - 2013-05-05 15:18 - 00000000 ____D C:\Users\Heidi\AppData\Local\Adobe2016-01-01 02:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF2015-12-29 00:39 - 2013-10-21 03:57 - 00000000 ___DC C:\WINDOWS\Panther2015-12-29 00:35 - 2015-12-03 22:07 - 00000770 _____ C:\WINDOWS\system32\.crusader2015-12-29 00:18 - 2015-12-03 21:16 - 11323704 _____ (SurfRight B.V.) C:\Users\Heidi\Desktop\HitmanPro_x64.exe2015-12-29 00:17 - 2015-12-03 21:53 - 00000000 ____D C:\ProgramData\HitmanPro2015-12-28 23:34 - 2014-12-19 23:26 - 00003908 _____ C:\WINDOWS\wininit.ini2015-12-28 23:34 - 2014-12-19 22:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2015-12-28 23:34 - 2014-12-19 22:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22015-12-28 23:08 - 2013-06-19 23:59 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\AVS4YOU2015-12-24 01:13 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache2015-12-23 03:27 - 2015-04-12 19:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX2015-12-23 03:27 - 2015-04-12 19:06 - 00000000 ___SD C:\WINDOWS\system32\GWX2015-12-22 21:19 - 2013-05-05 13:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Fujitsu==================== Files in the root of some directories =======2015-05-24 21:43 - 2015-05-24 21:43 - 0000000 _____ () C:\Users\Heidi\AppData\Roaming\27DC.tmp2015-08-13 00:52 - 2015-08-13 00:52 - 0002430 _____ () C:\Users\Heidi\AppData\Local\recently-used.xbel2013-12-31 22:06 - 2013-12-31 22:07 - 0828671 ____N () C:\Users\Heidi\AppData\Local\Tempmusic.oggSome files in TEMP:====================C:\Users\Heidi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphtpfja.dllC:\Users\Heidi\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2016-01-05 00:10==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01Ran by Heidi (2016-01-15 21:37:40)Running from C:\Users\Heidi\DesktopWindows 8.1 (X64) (2013-10-21 12:48:33)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-2129919252-2856369786-1848260543-500 - Administrator - Disabled)Anne (S-1-5-21-2129919252-2856369786-1848260543-1008 - Limited - Enabled) => C:\Users\AnneGuest (S-1-5-21-2129919252-2856369786-1848260543-501 - Limited - Disabled)Heidi (S-1-5-21-2129919252-2856369786-1848260543-1002 - Administrator - Enabled) => C:\Users\HeidiHomeGroupUser$ (S-1-5-21-2129919252-2856369786-1848260543-1037 - Limited - Enabled)User (S-1-5-21-2129919252-2856369786-1848260543-1035 - Limited - Enabled)==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)alien_crossfire (HKLM\...\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb) (Version:  - )alpha_centauri (HKLM\...\{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb) (Version:  - )AquaNox (HKLM-x32\...\Steam App 39630) (Version:  - Nordic Games)Black Mirror (HKLM-x32\...\Steam App 292930) (Version:  - Future Games)Defcon (HKLM-x32\...\GOGPACKDEFCON_is1) (Version: 2.0.0.6 - GOG.com)DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.14.0118 - Fujitsu Technology Solutions)Dropbox (HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)Eesti ID-kaardi tarkvara 3.10.3.1575 (64 bit) (HKLM\...\{4611D691-0205-4278-8A95-0301F65AAC6E}) (Version: 3.10.3.1575 - RIA)Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52024.0 - Sonix)GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenGrand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version:  - Size Five Games)Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)LibreOffice 4.4.0.3 (HKLM-x32\...\{8BEE1CDD-F95D-4759-952D-6B38DF99D1F0}) (Version: 4.4.0.3 - The Document Foundation)Malwarebytes Anti-Malware versioon 2.2.0.1024. (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Firefox 43.0.3 (x86 et) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 et)) (Version: 43.0.3 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6358 - Realtek Semiconductor Corp.)Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.)Samsung Kies (x32 Version: 2.6.3.15024.5 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) HiddenSid Meier's Alpha Centauri (HKLM-x32\...\GOGPACKSIDMEIERSALPHACENTAURI_is1) (Version: 2.0.2.23 - GOG.com)Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)Spotify (HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Summoner (HKLM-x32\...\Steam App 275570) (Version:  - Volition)Supreme Commander (HKLM-x32\...\Steam App 9350) (Version:  - Gas Powered Games)Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)Tele2 Mobile Partner (HKLM-x32\...\Tele2 Mobile Partner) (Version: 21.005.11.25.56 - Huawei Technologies Co.,Ltd)Unity Web Player (HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)Warsow 1.51 (HKLM-x32\...\{24508D50-EB8F-4FE6-B69D-E5035D8745EF}_is1) (Version: 1.51 - Chasseur de bots)Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (09/02/2014 3.10.0.1160) (HKLM\...\34A28236E549CC8F14D06B194594C5FFE9773A5D) (Version: 09/02/2014 3.10.0.1160 - RIA (Estonian National ID Card))Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {01AE496A-4636-4BEA-898E-A5693C8E1D63} - \Malware Cleaner -> No File <==== ATTENTIONTask: {04332F3F-2C51-4F0B-B479-DD022DADFDC4} - System32\Tasks\Maintenance Service Viewer => C:\Program Files (x86)\Maintenance Service\MaintenanceService.exe [2015-10-09] (Backup Updater) <==== ATTENTIONTask: {0C05B936-6DDE-4D0D-89C8-1D6196D6C41A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA => C:\Users\Heidi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)Task: {164B43A3-A7E5-4470-86CC-9F7F9E3849D9} - System32\Tasks\id updater task => id-updater.exeTask: {1AD9BC01-C275-4D83-B044-54E6EA30F6AA} - System32\Tasks\Internet Installer => C:\Users\Heidi\AppData\Roaming\Internet Installer\Internet Installer.exe [2015-08-11] () <==== ATTENTIONTask: {3F7C65EA-72D7-4D06-9B89-B36389083C47} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: {7D1EBE85-107C-4277-B6FC-0981D9AA5C81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: {8469FAEC-0B88-423A-95BC-D216E8F4CD71} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)Task: {86FF662B-8B2A-47D4-AD24-5C517D75A32D} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-02-26] (Fujitsu Technology Solutions)Task: {8D808732-F6A2-423D-914F-3475198193E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-10] (Google Inc.)Task: {A513FACA-869B-4203-8E15-21D0C132B79B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-10] (Google Inc.)Task: {AD0221AB-C891-47B1-A5A4-8D572436DCE8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: {B591C864-44D6-4E97-AE13-10772454B690} - System32\Tasks\Security Updater => C:\Users\Heidi\AppData\Roaming\Updater\winupd.exe <==== ATTENTIONTask: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {C20D7505-194D-4E50-972B-201C67E46E11} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {C9DEF33A-DC28-4947-B033-1267055045D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)Task: {CA55F594-BCBE-4CB8-AAE6-34EFA17DE4CC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {D90843AC-6966-4069-A437-A1618B8CDD15} - System32\Tasks\Softcomp Software Viewer => C:\Program Files (x86)\Softcomp Software\swjob.exe [2016-01-14] (West CH Soft) <==== ATTENTIONTask: {DEBF04CA-A1DA-4A59-A2BA-6439BB616CD9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core => C:\Users\Heidi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core.job => C:\Users\Heidi\AppData\Local\Dropbox\Update\DropboxUpdate.exeTask: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA.job => C:\Users\Heidi\AppData\Local\Dropbox\Update\DropboxUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core.job => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA.job => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2013-10-27 08:03 - 2013-10-27 08:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2013-10-21 03:00 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe2013-10-18 20:51 - 2013-10-18 20:50 - 00655744 _____ () C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\ouc.exe2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2016-01-15 20:51 - 2016-01-15 20:51 - 02776656 _____ () C:\Program Files (x86)\Google\Update\Install\{8A6D3EE5-C1C1-4909-99A8-032C05A3D202}\47.0.2526.111_47.0.2526.106_chrome_updater_3stage.exe2016-01-14 19:43 - 2016-01-14 19:43 - 00086528 _____ () C:\Program Files (x86)\Softcomp Software\mgwz.dll2013-10-18 20:51 - 2013-10-18 20:50 - 00011362 _____ () C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\mingwm10.dll2013-10-18 20:51 - 2013-10-18 20:50 - 00043008 _____ () C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll2013-10-18 20:51 - 2013-10-18 20:50 - 02415104 _____ () C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\QtCore4.dll2013-10-18 20:51 - 2013-10-18 20:50 - 01148416 _____ () C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\QtNetwork4.dll2013-10-18 20:51 - 2013-10-18 20:50 - 00843264 _____ () C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\QueryStrategy.dll2013-10-18 20:51 - 2013-10-18 20:50 - 00398336 _____ () C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\QtXml4.dll2012-10-08 10:42 - 2013-10-27 08:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2015-12-22 21:51 - 2015-12-11 05:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll2015-12-22 21:51 - 2015-12-11 05:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll2015-12-13 20:41 - 2015-10-31 02:59 - 00034768 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd2015-12-13 20:40 - 2015-10-31 03:00 - 00019408 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\faulthandler.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00022848 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00023352 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00042296 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd2015-12-13 20:40 - 2015-10-31 02:59 - 00116688 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\pywintypes27.dll2015-12-13 20:41 - 2015-10-31 02:59 - 00093640 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_ctypes.pyd2015-12-13 20:41 - 2015-10-31 02:59 - 00018376 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\select.pyd2015-12-13 20:41 - 2015-12-08 23:36 - 00019760 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00105928 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32api.pyd2015-12-13 20:40 - 2015-10-31 02:59 - 00392144 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\pythoncom27.dll2015-12-13 20:41 - 2015-12-08 23:36 - 00381752 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd2015-12-13 20:41 - 2015-10-31 02:59 - 00692688 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\unicodedata.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00020816 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00109520 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 01737032 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00020808 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd2015-12-13 20:41 - 2015-12-08 23:36 - 00020800 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd2015-12-13 20:41 - 2015-12-08 23:36 - 00021840 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00038696 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\fastpath.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00024528 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32event.pyd2015-12-13 20:40 - 2015-10-31 03:00 - 00020936 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\mmapfile.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00114640 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32security.pyd2015-12-13 20:41 - 2015-12-08 23:36 - 00021320 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00124880 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32file.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00030160 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32pipe.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00043472 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32process.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00175560 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32gui.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00028616 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32ts.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00024016 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32clipboard.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00048592 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32service.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00024392 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd2015-12-13 20:40 - 2015-10-31 03:00 - 00036296 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\librsync.dll2015-12-13 20:41 - 2015-10-31 03:00 - 00024016 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\win32profile.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00117056 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd2015-12-13 20:41 - 2015-12-08 23:36 - 00023376 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd2015-12-13 20:41 - 2015-10-31 02:59 - 00134608 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_elementtree.pyd2015-12-13 20:40 - 2015-10-31 02:59 - 00134088 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\pyexpat.pyd2015-12-13 20:40 - 2015-10-31 03:00 - 00240584 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\jpegtran.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00020280 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00052024 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00021304 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00350152 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\winxpgui.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00084792 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL2015-12-13 20:40 - 2015-12-08 23:36 - 01826608 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd2015-12-13 20:41 - 2015-10-31 03:00 - 00083912 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\sip.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 03891504 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 01950000 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00519984 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00133936 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00225080 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00207672 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00486704 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd2015-12-13 20:40 - 2015-12-08 23:36 - 00357680 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd2015-12-13 20:41 - 2015-10-31 03:01 - 00019920 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll2015-12-13 20:40 - 2015-10-31 03:00 - 00786904 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll2015-12-13 20:41 - 2015-10-31 03:00 - 00063448 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll2015-12-13 20:41 - 2015-10-31 03:00 - 00019408 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll2015-12-13 20:41 - 2015-12-08 23:36 - 00024904 _____ () C:\Users\Heidi\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd2015-12-27 12:30 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\ProgramData\TEMP:373E1720==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.comIE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.comIE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.comIE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.comIE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.comIE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.comIE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.comIE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.netIE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.netIE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.infoIE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.comThere are 7866 more sites.IE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\007guard.com -> install.007guard.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\008i.com -> 008i.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\008k.com -> www.008k.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\00hq.com -> www.00hq.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\010402.com -> 010402.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\0scan.com -> www.0scan.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\1-2005-search.com -> www.1-2005-search.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\1-domains-registrations.com -> www.1-domains-registrations.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\1000gratisproben.com -> www.1000gratisproben.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\1001namen.com -> www.1001namen.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\100888290cs.com -> mir.100888290cs.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\100sexlinks.com -> www.100sexlinks.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\10sek.com -> www.10sek.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\12-26.net -> user1.12-26.netIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\12-27.net -> user1.12-27.netIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\123fporn.info -> www.123fporn.infoIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\123moviedownload.com -> www.123moviedownload.comIE restricted site: HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\123simsen.com -> www.123simsen.comThere are 7866 more sites.==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-22 15:25 - 2015-12-03 12:22 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1	www.007guard.com127.0.0.1	007guard.com127.0.0.1	008i.com127.0.0.1	www.008k.com127.0.0.1	008k.com127.0.0.1	www.00hq.com127.0.0.1	00hq.com127.0.0.1	010402.com127.0.0.1	www.032439.com127.0.0.1	032439.com127.0.0.1	www.0scan.com127.0.0.1	0scan.com127.0.0.1	1000gratisproben.com127.0.0.1	www.1000gratisproben.com127.0.0.1	1001namen.com127.0.0.1	www.1001namen.com127.0.0.1	100888290cs.com127.0.0.1	www.100888290cs.com127.0.0.1	www.100sexlinks.com127.0.0.1	100sexlinks.com127.0.0.1	10sek.com127.0.0.1	www.10sek.com127.0.0.1	www.1-2005-search.com127.0.0.1	1-2005-search.com127.0.0.1	123fporn.info127.0.0.1	www.123fporn.info127.0.0.1	www.123haustiereundmehr.com127.0.0.1	123haustiereundmehr.com127.0.0.1	123moviedownload.com127.0.0.1	www.123moviedownload.comThere are 15463 more lines.==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Heidi\Pictures\DPd\Backgrounds_19378.pngDNS Servers: 85.253.0.2 - 85.253.0.130HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\Run: => "ShadowPlay"HKLM\...\StartupApproved\Run32: => "SMART Board Service"HKLM\...\StartupApproved\Run32: => "SMART Floating Tools"HKLM\...\StartupApproved\Run32: => "SMARTNotification"HKLM\...\StartupApproved\Run32: => "SMART Tray Tools"HKLM\...\StartupApproved\Run32: => "SDTray"HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\StartupFolder: => "LibreOffice 4.4.lnk"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\Run: => "iLivid"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\Run: => "Facebook Update"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\Run: => "Spybot-S&D Cleaning"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\Run: => "Dropbox Update"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_AA537932F3BCB6B838877BF7BBE6F21F"==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{FBDEC9AB-F806-4DC8-8C80-BE3B4AF7B9A5}] => (Allow) svchost.exeFirewallRules: [{037278F2-1D7A-42DB-AAB9-D60527C90327}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeFirewallRules: [{2997850E-90AA-4226-862C-76707FF8F342}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exeFirewallRules: [{DE6FA838-123D-46D8-A506-237CCB422680}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [TCP Query User{A8445637-B787-4E7A-86ED-8B8AC2DD3F66}C:\users\heidi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\heidi\appdata\roaming\spotify\spotify.exeFirewallRules: [UDP Query User{94C9F011-87A7-491B-88D3-EAC91D7A4891}C:\users\heidi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\heidi\appdata\roaming\spotify\spotify.exeFirewallRules: [{06379BCA-5B32-4106-9C5C-0B13823FA6E6}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exeFirewallRules: [{D0BD0969-3F13-4C2E-865B-1A1B6AA4A8A5}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exeFirewallRules: [{FDAEA722-6CEB-4A66-8874-2C824B9047D9}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exeFirewallRules: [{5E1ABB6C-5DAA-43D0-94D8-6FF7E898A069}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exeFirewallRules: [{2DA8C6A1-6051-425A-8240-FA5A630EC981}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{A3A2CC5A-F0D5-419A-8F65-F03819A01488}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [TCP Query User{61BFCA47-3111-4C30-A2D4-5E26A422F626}C:\users\anne\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anne\appdata\roaming\spotify\spotify.exeFirewallRules: [UDP Query User{8A94DE90-90AD-47A3-878B-ACFD76C4817B}C:\users\anne\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anne\appdata\roaming\spotify\spotify.exeFirewallRules: [{7BA5CA16-9AC5-4649-82C5-9832211C8A87}] => (Allow) C:\Users\Heidi\Downloads\Steam\Steam.exeFirewallRules: [{EF67646D-F1B7-4340-ACAE-C805C49B5148}] => (Allow) C:\Users\Heidi\Downloads\Steam\Steam.exeFirewallRules: [{45E76E2D-B989-47A0-AC6A-55107EAFABE4}] => (Allow) C:\Users\Heidi\Downloads\Steam\bin\steamwebhelper.exeFirewallRules: [{6C46D12A-D9CA-473C-8225-92EDC3F822D4}] => (Allow) C:\Users\Heidi\Downloads\Steam\bin\steamwebhelper.exeFirewallRules: [{0C84DFFC-E7F8-44D4-9021-B2357539E15D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{2753344B-1072-4975-9CC2-4B821B9A0193}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [TCP Query User{40E68FA0-D809-493B-8874-3A65470F9AAB}C:\gog games\defcon\defcon.exe] => (Allow) C:\gog games\defcon\defcon.exeFirewallRules: [UDP Query User{9324AD04-D54D-43BD-88F2-FD6F0BFFFF8C}C:\gog games\defcon\defcon.exe] => (Allow) C:\gog games\defcon\defcon.exeFirewallRules: [{CEB6393C-360A-4503-9AAD-D88C78EBD2FD}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\AquaNox\Aqua.exeFirewallRules: [{8A19223C-DFF3-483D-9652-B377C8445341}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\AquaNox\Aqua.exeFirewallRules: [{644E9515-FCED-4C02-95AF-0626A3B8CF21}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Supreme Commander\bin\SupremeCommander.exeFirewallRules: [{302B255A-B55E-484C-A988-3C1EE0DE17A8}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Supreme Commander\bin\SupremeCommander.exeFirewallRules: [TCP Query User{36EB8631-C87D-473D-B67C-6CCAD369A141}C:\program files (x86)\warsow 1.51\warsow_x64.exe] => (Allow) C:\program files (x86)\warsow 1.51\warsow_x64.exeFirewallRules: [UDP Query User{B064A3E8-31A4-442B-A6A7-F934D226EBC9}C:\program files (x86)\warsow 1.51\warsow_x64.exe] => (Allow) C:\program files (x86)\warsow 1.51\warsow_x64.exeFirewallRules: [{8BA33B3A-28EE-43EF-AA8A-609105E5FEF4}] => (Block) C:\program files (x86)\warsow 1.51\warsow_x64.exeFirewallRules: [{F96EE3D2-A29C-4DC3-B84A-F42EDFF3DAA0}] => (Block) C:\program files (x86)\warsow 1.51\warsow_x64.exeFirewallRules: [{C94DA45F-E030-4BE9-A8B1-B92F39269F1C}] => (Allow) C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exeFirewallRules: [TCP Query User{8329DA47-0EE0-46CA-89FB-EF569CF751A2}C:\users\heidi\downloads\utorrent.exe] => (Block) C:\users\heidi\downloads\utorrent.exeFirewallRules: [UDP Query User{CC11BF10-AD20-4985-A78A-3AC568F28E1F}C:\users\heidi\downloads\utorrent.exe] => (Block) C:\users\heidi\downloads\utorrent.exeFirewallRules: [{2260A7FA-C8B4-471F-BE41-0B80BCCBA6F7}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exeFirewallRules: [{1690F60C-11CF-484B-A255-888EEEF1F535}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Grand Theft Auto San Andreas\gta-sa.exeFirewallRules: [{43635B47-792E-4BF2-889F-35D295C06F5E}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Gun Monkeys\Gun_Monkeys.exeFirewallRules: [{220D9360-B93F-4B2F-85C3-BFBC89DD894C}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Gun Monkeys\Gun_Monkeys.exeFirewallRules: [{2923948B-C1F1-4570-9E46-53B532E851B6}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Robocraft\Robocraft.exeFirewallRules: [{BC828868-85F7-4FDB-9B8C-9D53293DEC50}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Robocraft\Robocraft.exeFirewallRules: [{DA27E380-883F-433B-A0D8-05F8170742EC}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Black Mirror\agds.exeFirewallRules: [{56AFA9EB-E851-4195-9153-CF2044B173A4}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Black Mirror\agds.exeFirewallRules: [{94EBE641-AD6F-4384-AC02-76F02E857168}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exeFirewallRules: [{D430FC08-502B-4E3B-AE01-06A397F94F1F}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exeFirewallRules: [{C3BD2ACF-2FA4-4F12-96AF-CA8F7FC39E3B}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Portal\hl2.exeFirewallRules: [{EEAF1A38-E824-46E2-9FD2-C4703B02206D}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Portal\hl2.exeFirewallRules: [{5D966A5F-9759-47C2-B71D-9CD7AB0F0BF1}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{9B9A4370-A0BD-4C54-839C-16E68AD89A56}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Portal 2\portal2.exeFirewallRules: [{9CC0F0F7-B987-4333-A04F-504F1A212301}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Summoner\Summoner.exeFirewallRules: [{9042BC27-D943-48AD-817E-1BEDE86EC75D}] => (Allow) C:\Users\Heidi\Downloads\Steam\SteamApps\common\Summoner\Summoner.exeFirewallRules: [{4A269488-B3F1-4E98-A72B-E46C882DD5C6}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{C2146E69-5EBA-4C27-9521-40E5BC2FA65E}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{F91464F6-38FE-492B-A912-3C6338562CB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{15BEE775-D3B8-4C08-8CD2-5ADC779A069B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{26772AFC-3EDD-4B8B-9835-C52E24D534A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeFirewallRules: [{113D6871-8821-4E66-8807-65DBD00BA3E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeFirewallRules: [{D1D06B83-9CD2-422F-AF8F-8BFB8F9A3116}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{208389A7-B1E8-4A44-8E42-0458787FB3F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{21CA16CC-BF73-4AD0-9AB8-960AD8F55840}] => (Allow) C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{CC6EB367-6799-4C3E-B1C4-CB5C5A07B843}] => (Allow) C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{3D72EF0A-F928-4F08-83A3-A8EBA6720E05}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{2040239B-AA2C-4521-B9F5-4665DD73E06F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{741D8D2F-ADD9-4778-852F-9F4059C3B1A7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Restore Points =========================29-12-2015 00:34:45 HitmanPro kontrollpunkt01-01-2016 15:15:23 Windows Update14-01-2016 20:16:52 Windows Update==================== Faulty Device Manager Devices =============Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: PCI Simple Communications ControllerDescription: PCI Simple Communications ControllerClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (01/15/2016 09:36:26 PM) (Source: MsiInstaller) (EventID: 1024) (User: HEIDI-PC)Description: Toode: Adobe Acrobat Reader DC - Värskendust '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' ei saanud installida. Tõrkekood: 1625. Windows Installer võib tarkvarapakettide installimisprobleemide lahendamiseks luua logisid. Kasutage juhiste saamiseks, kuidas lülitada sisse logimistuge, järgmist linki: http://go.microsoft.com/fwlink/?LinkId=23127Error: (01/15/2016 09:23:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 09:10:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 07:11:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 07:11:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 05:41:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingWeather_8wekyb3d8bbwe!App aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 05:37:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingWeather_8wekyb3d8bbwe!App aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 05:37:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 05:37:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.Error: (01/15/2016 01:11:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEIDI-PC)Description: Rakenduse Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance aktiveerimine nurjus tõrkega: -2144927148. Lisateavet leiate logist Microsoft-Windows-TWinUI/Operational.System errors:=============Error: (01/15/2016 09:23:40 PM) (Source: ipnathlp) (EventID: 30013) (User: )Description: 192.168.0.12192.168.137.0255.255.255.0Error: (01/15/2016 09:23:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )Description: Error: (01/15/2016 08:26:03 PM) (Source: ipnathlp) (EventID: 30013) (User: )Description: 192.168.0.12192.168.137.0255.255.255.0Error: (01/15/2016 08:26:03 PM) (Source: ipnathlp) (EventID: 1233) (User: )Description: Error: (01/15/2016 08:26:03 PM) (Source: ipnathlp) (EventID: 1233) (User: )Description: Error: (01/15/2016 08:26:03 PM) (Source: ipnathlp) (EventID: 1233) (User: )Description: Error: (01/15/2016 08:25:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Teenuse Tele2 Mobile Partner. OUC käivitamine nurjus järgmise tõrke tõttu: %%1053Error: (01/15/2016 08:25:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: Teenuse ühendamise ooteajal saabus aegumisperiood (30000 millisekundit) Tele2 Mobile Partner. OUC.Error: (01/15/2016 08:21:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: Supervõtmine teenus lõpetati järgmise tõrkega: %%1062Error: (01/15/2016 08:21:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Saabus aegumisperiood (30000 millisekundit)teenuse NvNetworkService toimingu vastuse ooteajal.CodeIntegrity:===================================  Date: 2016-01-14 19:58:29.340  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:58:29.027  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:58:28.715  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:57:50.996  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:57:50.199  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:57:49.636  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:57:49.172  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:57:01.109  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:57:00.718  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.  Date: 2016-01-14 19:57:00.406  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHzPercentage of memory in use: 63%Total physical RAM: 4008.67 MBAvailable physical RAM: 1450.33 MBTotal Virtual: 4904.67 MBAvailable Virtual: 1850.67 MB==================== Drives ================================Drive c: () (Fixed) (Total:465.42 GB) (Free:170.43 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A91B4057)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)==================== End of Addition.txt ============================

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 17.01.2016

Scan Time: 14:12

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.01.17.02

Rootkit Database: v2016.01.09.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Heidi

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 475394

Time Elapsed: 55 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 1

PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [04b288b272271a1c756362aa857ff60a]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 2

PUP.Optional.Helper, C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.default\extensions\firefox@helper, Quarantined, [625441f9a5f4b4823241c8fe39c9619f], 

PUP.Optional.Helper, C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.default\extensions\firefox@helper\content, Quarantined, [625441f9a5f4b4823241c8fe39c9619f], 

 

Files: 5

PUP.Optional.Helper, C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.default\extensions\firefox@helper\chrome.manifest, Quarantined, [625441f9a5f4b4823241c8fe39c9619f], 

PUP.Optional.Helper, C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.default\extensions\firefox@helper\install.rdf, Quarantined, [625441f9a5f4b4823241c8fe39c9619f], 

PUP.Optional.Helper, C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.default\extensions\firefox@helper\content\load.js, Quarantined, [625441f9a5f4b4823241c8fe39c9619f], 

PUP.Optional.Helper, C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.default\extensions\firefox@helper\content\overlay.xul, Quarantined, [625441f9a5f4b4823241c8fe39c9619f], 

PUP.Optional.Helper, C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\wzsigiam.default\extensions\firefox@helper\content\style.css, Quarantined, [625441f9a5f4b4823241c8fe39c9619f], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

  • Root Admin

Thanks, looks like some items were removed. Let's look a bit deeper.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Hello

I ran rKill before the tests(due to restarting my computer) and after some tests which required a restart.

Here are the results(MBAM copied here, the others attached as txt files)

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 18.01.2016

Scan Time: 10:40

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2016.01.18.02

Rootkit Database: v2016.01.09.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Heidi

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 475632

Time Elapsed: 47 min, 15 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.Privoxy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Softcomp Software Viewer, Delete-on-Reboot, [9d7daa91ff9a0531bc75a7269c6644bc], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Privoxy, C:\Windows\System32\Tasks\Softcomp Software Viewer, Quarantined, [1efcaf8cbcddb581210e2aa3a85acd33], 

 

Physical Sectors: 0

(No malicious items detected)

 

 


Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Next,

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Link to post
Share on other sites

  • Root Admin

Should be okay. Please restart the computer and then run the following for me.

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

Hello

Somehow my search engine has been set to  https://gosearch.me/?u=17b758f99a3bdcf123eef97053b9c6b1&c=gpupdater&src=hp&inst=1453236579on all browsers. Seems like the pc is still not clean, or may it be just an aftereffect of it all?

 

Results of screen317's Security Check version 1.009  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 MVPS Hosts File  

  Adobe Flash Player 16.0.0.235 Flash Player out of Date!  

 Mozilla Firefox (43.0.3) 

 Google Chrome (47.0.2526.106) 

 Google Chrome (47.0.2526.111) 

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSMpEng.exe 

 Windows Defender MpCmdRun.exe   

 Tele2 Mobile Partner OnlineUpdate ouc.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

I ran JRT first and then the AdwCleaner tool. AdwCleaner said nothing found thus will be providing only the scan file.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64
Ran by Heidi (Administrator) on L 23.01.2016 at 23:02:02,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\i6kqzzpv.default-1453229009673\searchplugins\search.xml (File)

Deleted the following from C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\i6kqzzpv.default-1453229009673\prefs.js
user_pref(browser.startup.homepage, hxxps://gosearch.me/?u=17b758f99a3bdcf123eef97053b9c6b1&c=gpupdater&src=hp&inst=1453236579);



Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\Tabs (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on L 23.01.2016 at 23:04:05,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

# AdwCleaner v5.030 - Logfile created 23/01/2016 at 23:04:47
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [server]
# Operating system : Windows 8.1 (x64)
# Username : Heidi - HEIDI-PC
# Running from : C:\Users\Heidi\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[s7].txt - [557 bytes] ##########

Link to post
Share on other sites

  • Root Admin

Let's try doing another browser reset.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Link to post
Share on other sites

  • Root Admin

Please restart the computer. Then browse the Web as you normally do and let me know if there are any redirects again or if all is still okay.

 

If all is okay then here is our final clean up speech for you as I will be out of town a little bit later today.

 

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

Hello

It seems like the proxy redirecting is back. The only thing I did was install the latest windows updates..

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Heidi (administrator) on HEIDI-PC (30-01-2016 21:17:57)
Running from C:\Users\Heidi\Desktop
Loaded Profiles: Heidi (Available Profiles: Heidi & Anne)
Platform: Windows 8.1 (X64) Language: Eesti (Eesti)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Softcomp Software\privoxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Tele2 Mobile Partner\Tele2 Mobile Partner.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Heidi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dropbox, Inc.) C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(RIA) C:\Program Files (x86)\Estonian ID Card\id-updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-22] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [102968 2013-02-26] (Fujitsu Technology Solutions)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [spotify Web Helper] => C:\Users\Heidi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-23] (Spotify Ltd)
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [Facebook Update] => "C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [Dropbox Update] => C:\Users\Heidi\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [spotify] => C:\Users\Heidi\AppData\Roaming\Spotify\Spotify.exe [8316528 2015-12-23] (Spotify Ltd)
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {001b9916-7270-11e3-be98-8c736eb636c2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {10c7f6a9-6ed4-11e5-bef7-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {155fbbc9-381f-11e3-be88-8c736eb636c2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {274972e5-bdc6-11e5-bf0b-3859f9f621ac} - "G:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {4d434157-2589-11e4-bec2-8c736eb636c2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {54a0270f-d622-11e4-bedf-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {550ddc09-53e0-11e4-bec9-3859f9f621ac} - "G:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {59ffb74f-2d58-11e5-beeb-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {684d9c1a-b31e-11e5-bf08-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {7db156e6-57ac-11e4-bec9-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {84da2dd3-8668-11e4-bed2-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {9990ac96-6a6f-11e5-bef7-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {afeb78d9-8cac-11e3-bea0-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {c789e5b4-cd86-11e4-bedc-8c736eb636c2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {dce3f442-c723-11e3-beb1-8c736eb636c2} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {ddafe344-2f0f-11e5-beec-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {e4cb9a9b-3623-11e5-beed-3859f9f621ac} - "F:\AutoRun.exe" 
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [185816 2015-11-06] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [185816 2015-11-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164008 2015-11-06] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Heidi\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 4.4.lnk [2015-02-21]
ShortcutTarget: LibreOffice 4.4.lnk -> C:\Program Files (x86)\LibreOffice 4\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [s-1-5-21-2129919252-2856369786-1848260543-1002] => Proxy is enabled.
ProxyServer: [s-1-5-21-2129919252-2856369786-1848260543-1002] => 127.0.0.1:8118
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 85.253.0.2 85.253.0.130
Tcpip\..\Interfaces\{4D0DF066-A028-41E5-963F-5F93214226FB}: [DhcpNameServer] 85.253.0.2 85.253.0.130
Tcpip\..\Interfaces\{8EF2B25F-F1C9-41B5-BF6A-D24D52C0550E}: [NameServer] 212.247.156.70 212.247.156.66
Tcpip\..\Interfaces\{BEF437FF-1164-4541-9C6B-9BAC09C7B096}: [NameServer] 212.247.156.70 212.247.156.66
Tcpip\..\Interfaces\{D0EABFC4-F963-4EFF-BF01-02B8ECB3402C}: [NameServer] 212.247.156.70 212.247.156.66
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll [2015-04-13] (RIA)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: EstEIDIEPluginBHO Class -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll [2015-04-13] (RIA)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\p9dtl2wd.default-1453905801314
FF NetworkProxy: "user_pref("network.proxy.type", 5)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll [2015-04-13] (RIA)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll [2015-04-13] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2129919252-2856369786-1848260543-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Heidi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-2129919252-2856369786-1848260543-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heidi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Extension: Firefox Helper - C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\p9dtl2wd.default-1453905801314\Extensions\firefox@helper [2016-01-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a66}] - C:\Program Files (x86)\Estonian ID Card\Firefox PKCS11 Loader
FF Extension: Estonian ID Card authentication module - C:\Program Files (x86)\Estonian ID Card\Firefox PKCS11 Loader [2015-04-16] [not signed]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.search.ask.com/?gct=hp
CHR DefaultSearchURL: Profile 1 -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> search.ask.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Docs Offline) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Marc Ecko) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-01-27]
CHR Extension: (Gmail) - C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2246184 2011-12-15] (Broadcom Corporation.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [182304 2014-12-14] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-20] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-20] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
R2 PrivoxyService; C:\Program Files (x86)\Softcomp Software\privoxy.exe [371200 2016-01-27] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S2 Tele2 Mobile Partner. RunOuc; C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe [655744 2013-10-18] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACTIVhidmini; C:\Windows\System32\drivers\ACTIVhidmini.sys [102384 2012-10-30] (Promethean Technologies Ltd) [File not signed]
R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
S3 atrfiltr; C:\Windows\system32\DRIVERS\atrfiltr.sys [16224 2013-11-28] (Windows ® Win 7 DDK provider)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [134696 2012-01-27] (Broadcom Corporation.)
S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [143360 2013-03-22] (HID Global Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2015-12-29] ()
R3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [239104 2013-10-18] (Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-05-07] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [10240 2013-08-12] (SMART Technologies) [File not signed]
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [9216 2013-08-12] (SMART Technologies) [File not signed]
S3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [22184 2013-08-12] (SMART Technologies ULC) [File not signed]
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [1803264 2011-03-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 21:17 - 2016-01-30 21:17 - 02370560 _____ (Farbar) C:\Users\Heidi\Desktop\FRST64.exe
2016-01-30 21:17 - 2016-01-30 21:17 - 00023792 _____ C:\Users\Heidi\Desktop\FRST.txt
2016-01-27 20:56 - 2016-01-30 21:15 - 00003272 _____ C:\WINDOWS\System32\Tasks\Softcomp Software Viewer
2016-01-27 20:56 - 2016-01-27 20:56 - 00000000 ____D C:\Program Files (x86)\Softcomp Software
2016-01-27 20:46 - 2016-01-27 20:46 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-01-27 20:46 - 2016-01-27 20:46 - 00000000 ____D C:\WINDOWS\system32\NV
2016-01-27 17:17 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2016-01-27 17:17 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2016-01-27 17:17 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2016-01-27 17:17 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2016-01-27 17:09 - 2014-11-17 22:17 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-01-27 17:09 - 2014-11-17 22:17 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-01-27 17:09 - 2014-11-14 08:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2016-01-27 17:09 - 2014-11-14 08:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-01-27 17:08 - 2015-12-16 19:11 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-01-27 17:08 - 2015-12-16 18:51 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-01-27 17:07 - 2015-05-01 03:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-01-27 17:07 - 2015-05-01 03:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-01-27 17:07 - 2015-05-01 03:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-01-27 17:07 - 2014-11-15 21:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-01-27 17:07 - 2014-11-15 08:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-01-27 17:07 - 2014-11-14 08:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-01-27 17:07 - 2014-11-14 07:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-01-27 17:07 - 2014-11-10 20:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2016-01-27 17:07 - 2014-11-10 04:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2016-01-27 17:07 - 2014-11-10 03:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-01-27 17:07 - 2014-11-10 03:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 17:07 - 2014-11-10 02:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-27 17:07 - 2014-11-08 06:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2016-01-27 17:07 - 2014-11-08 05:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-01-27 17:07 - 2014-11-08 05:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2016-01-27 17:07 - 2014-11-08 05:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2016-01-27 17:07 - 2014-11-08 05:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2016-01-27 17:07 - 2014-11-08 05:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2016-01-27 17:07 - 2014-11-08 05:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2016-01-27 17:07 - 2014-11-08 05:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2016-01-27 17:07 - 2014-11-08 05:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2016-01-27 17:07 - 2014-11-08 04:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2016-01-27 17:07 - 2014-11-08 04:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-01-27 17:07 - 2014-11-08 04:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-01-27 17:07 - 2014-11-08 04:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2016-01-27 17:07 - 2014-11-08 03:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-01-27 17:07 - 2014-11-08 03:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-01-27 17:07 - 2014-11-07 05:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-01-27 17:07 - 2014-11-07 05:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-01-27 17:07 - 2014-11-05 04:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2016-01-27 17:07 - 2014-11-05 04:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2016-01-27 17:07 - 2014-11-05 04:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-01-27 17:07 - 2014-11-05 03:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-01-27 17:07 - 2014-11-05 03:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-01-27 17:07 - 2014-11-05 03:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2016-01-27 17:07 - 2014-11-05 03:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2016-01-27 17:07 - 2014-11-05 03:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-01-27 17:07 - 2014-11-05 03:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-01-27 17:07 - 2014-11-05 03:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-01-27 17:07 - 2014-11-05 03:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2016-01-27 17:07 - 2014-11-05 03:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-01-27 17:07 - 2014-11-04 21:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-01-27 17:07 - 2014-11-04 08:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-01-27 17:07 - 2014-11-04 07:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-01-27 17:07 - 2014-10-29 05:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-01-27 17:07 - 2014-10-29 03:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2016-01-27 17:07 - 2014-10-29 03:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2016-01-27 17:07 - 2014-10-21 03:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2016-01-27 17:07 - 2014-10-21 03:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2016-01-27 17:07 - 2014-10-21 02:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2016-01-27 17:07 - 2014-10-21 02:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2016-01-27 17:07 - 2014-10-21 02:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2016-01-27 17:07 - 2014-10-21 02:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-01-27 17:07 - 2014-10-21 02:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2016-01-27 17:07 - 2014-10-17 06:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2016-01-27 17:07 - 2014-10-17 05:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-01-27 17:06 - 2015-06-10 00:39 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-01-27 17:06 - 2015-06-10 00:39 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-01-27 17:06 - 2015-06-10 00:38 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-27 16:42 - 2016-01-27 20:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-23 23:00 - 2016-01-27 23:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-23 23:00 - 2016-01-23 23:00 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-01-20 21:44 - 2016-01-20 21:44 - 00852720 _____ C:\Users\Heidi\Downloads\28E.tmp
2016-01-20 21:29 - 2016-01-20 21:42 - 00000000 ____D C:\Users\Heidi\Documents\HiSuite
2016-01-20 21:29 - 2016-01-20 21:29 - 00001007 _____ C:\Users\Public\Desktop\HiSuite.lnk
2016-01-20 21:29 - 2016-01-20 21:29 - 00000000 ____D C:\Users\Heidi\AppData\Local\HiSuite
2016-01-20 21:29 - 2016-01-20 21:29 - 00000000 ____D C:\Users\Heidi\.android
2016-01-20 21:29 - 2016-01-20 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2016-01-20 21:29 - 2016-01-20 21:29 - 00000000 ____D C:\ProgramData\HiSuiteOuc
2016-01-20 21:29 - 2016-01-20 21:29 - 00000000 ____D C:\ProgramData\HandSetService
2016-01-20 21:27 - 2016-01-20 21:29 - 00000000 ____D C:\Program Files (x86)\HiSuite
2016-01-20 21:27 - 2015-05-07 13:40 - 02152176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
2016-01-20 21:27 - 2015-05-07 13:40 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2016-01-20 21:27 - 2015-05-07 13:40 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01009.dll
2016-01-20 21:27 - 2015-05-07 13:40 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
2016-01-20 21:27 - 2015-05-07 13:40 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2016-01-20 21:27 - 2015-05-07 13:40 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2016-01-20 21:27 - 2015-05-07 13:40 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2016-01-20 21:27 - 2015-05-07 13:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-17 14:08 - 2016-01-17 14:08 - 00000000 ____D C:\WINDOWS\ERDNT
2016-01-17 14:07 - 2016-01-17 14:07 - 00000940 _____ C:\Users\Heidi\Desktop\NTREGOPT.lnk
2016-01-17 14:07 - 2016-01-17 14:07 - 00000940 _____ C:\Users\Anne\Desktop\NTREGOPT.lnk
2016-01-17 14:07 - 2016-01-17 14:07 - 00000921 _____ C:\Users\Anne\Desktop\ERUNT.lnk
2016-01-17 14:07 - 2016-01-17 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-01-17 14:07 - 2016-01-17 14:07 - 00000000 ____D C:\Program Files (x86)\ERUNT
2016-01-15 21:36 - 2016-01-30 21:17 - 00000000 ____D C:\FRST
2016-01-14 20:20 - 2016-01-14 20:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-14 19:17 - 2015-12-11 06:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-14 19:17 - 2015-12-11 05:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-14 19:17 - 2015-12-11 05:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-14 19:17 - 2015-12-11 04:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-14 19:16 - 2015-12-30 21:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-14 19:16 - 2015-12-11 06:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-14 19:16 - 2015-12-11 05:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-14 19:16 - 2015-12-11 05:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-14 19:16 - 2015-12-11 05:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-14 19:16 - 2015-12-11 05:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-14 19:16 - 2015-12-11 05:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-14 19:16 - 2015-12-11 05:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-14 19:16 - 2015-12-11 04:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-14 19:16 - 2015-12-11 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-14 19:16 - 2015-12-11 04:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-14 19:16 - 2015-12-11 04:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-14 19:16 - 2015-12-11 04:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-14 19:16 - 2015-12-11 04:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-14 19:16 - 2015-12-11 04:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-14 19:16 - 2015-12-11 04:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-14 19:16 - 2015-12-11 04:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-14 19:16 - 2015-12-11 04:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-14 19:16 - 2015-12-07 12:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-14 19:16 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-14 19:16 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-14 19:16 - 2015-12-04 17:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-14 19:16 - 2015-12-03 21:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-14 19:16 - 2015-12-03 21:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-14 19:16 - 2015-12-03 21:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-14 19:16 - 2015-12-03 21:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-14 19:16 - 2015-12-03 21:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-14 19:16 - 2015-12-03 20:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-14 19:16 - 2015-12-03 20:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-14 19:16 - 2015-12-03 20:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-14 19:16 - 2015-12-03 20:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-14 19:16 - 2015-12-03 20:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-14 19:16 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-14 19:16 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-14 19:16 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-14 19:16 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-14 19:16 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-14 19:16 - 2015-12-03 19:58 - 00378880 ____C (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-14 19:16 - 2015-12-03 19:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-14 19:16 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-14 19:16 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-14 19:16 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-14 19:16 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-14 19:16 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-14 19:16 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-14 19:16 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-14 19:16 - 2015-12-03 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-14 19:16 - 2015-12-03 19:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-14 19:16 - 2015-12-03 19:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-14 19:16 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-14 19:16 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-14 19:16 - 2015-12-03 18:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-14 19:16 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-14 19:16 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-14 19:16 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-14 19:16 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-14 19:15 - 2015-12-30 21:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-14 19:15 - 2015-12-30 21:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-14 19:15 - 2015-12-10 02:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-14 19:15 - 2015-12-08 21:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-14 19:15 - 2015-12-08 21:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-14 19:15 - 2015-11-17 23:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-14 19:15 - 2015-11-17 23:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-14 19:15 - 2015-11-17 23:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-14 19:15 - 2015-11-17 23:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-14 19:15 - 2015-11-17 23:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-14 19:15 - 2015-11-17 23:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-14 19:15 - 2015-11-17 23:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-04 22:24 - 2015-12-22 23:38 - 00019326 _____ C:\Users\Heidi\Documents\töö%20vormistus.doc_0.odt
2016-01-04 22:17 - 2016-01-04 22:17 - 13467990 _____ C:\Users\Heidi\Desktop\e-home_recording_studio_full-site_download.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 21:15 - 2014-04-30 23:45 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FA3FB4DE-7EA4-4C12-9083-9C2C6783CA85}
2016-01-30 21:12 - 2015-03-29 20:25 - 00000000 ___RD C:\Users\Heidi\Dropbox
2016-01-30 21:12 - 2015-03-29 20:14 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Dropbox
2016-01-30 21:12 - 2013-05-05 12:13 - 00000960 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-30 21:11 - 2013-10-21 23:26 - 00000000 __RDO C:\Users\Heidi\SkyDrive
2016-01-30 21:11 - 2013-07-04 20:51 - 00000438 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-01-27 23:50 - 2013-05-05 12:13 - 00000964 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 23:07 - 2015-06-19 21:57 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA.job
2016-01-27 21:09 - 2013-05-05 13:04 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Skype
2016-01-27 20:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-27 20:46 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-27 20:46 - 2013-05-04 09:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-27 20:45 - 2015-12-28 23:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 20:43 - 2013-08-22 15:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-01-27 20:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-01-27 20:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\setup
2016-01-27 20:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-01-27 20:40 - 2013-10-21 03:05 - 00000000 ____D C:\Users\Heidi
2016-01-27 17:31 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-27 17:25 - 2013-10-21 02:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-27 17:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-27 17:08 - 2013-05-04 09:26 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2129919252-2856369786-1848260543-1002
2016-01-27 16:47 - 2015-01-04 17:47 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 16:43 - 2015-12-28 23:37 - 00000000 ____D C:\Users\Heidi\Desktop\Firefoxi vanad andmed
2016-01-27 16:13 - 2013-10-24 13:13 - 00000000 ____D C:\Users\Heidi\AppData\Local\Spotify
2016-01-24 22:43 - 2013-06-23 22:04 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\Spotify
2016-01-24 22:42 - 2015-11-16 22:00 - 00000000 ____D C:\Users\Heidi\Documents\MÕTE
2016-01-24 15:21 - 2013-05-05 13:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Fujitsu
2016-01-23 23:08 - 2015-01-04 01:14 - 00000000 ____D C:\AdwCleaner
2016-01-23 23:00 - 2013-05-05 15:18 - 00000000 ____D C:\Users\Heidi\AppData\Local\Adobe
2016-01-21 23:32 - 2013-05-09 12:49 - 00000000 ____D C:\Users\Heidi\Documents\Koolistuff
2016-01-20 23:28 - 2013-07-16 12:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-20 23:20 - 2013-05-05 11:53 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-20 23:06 - 2014-12-31 21:04 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-20 23:05 - 2015-12-03 21:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-20 21:53 - 2013-09-30 06:18 - 00925226 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-20 21:53 - 2013-05-05 13:30 - 00062210 _____ C:\WINDOWS\system32\perfh025.dat
2016-01-20 21:53 - 2013-05-05 13:30 - 00016230 _____ C:\WINDOWS\system32\perfc025.dat
2016-01-20 21:29 - 2013-05-04 09:21 - 00000000 ____D C:\Users\Heidi\AppData\Local\VirtualStore
2016-01-18 14:23 - 2014-12-19 23:28 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-18 11:30 - 2013-08-22 16:45 - 00000000 ____D C:\WINDOWS\Setup
2016-01-18 10:36 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-01-17 21:36 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-17 15:40 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-01-17 02:07 - 2015-06-19 21:57 - 00000884 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core.job
2016-01-15 20:34 - 2013-06-19 23:42 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2016-01-15 07:36 - 2014-12-14 14:06 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-15 07:36 - 2014-12-14 14:06 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-14 20:29 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 20:28 - 2013-05-05 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-14 20:26 - 2013-05-05 15:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 20:26 - 2013-05-05 15:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 20:22 - 2012-07-26 07:26 - 00000167 _____ C:\WINDOWS\win.ini
2016-01-06 21:36 - 2013-06-26 11:53 - 00000000 ____D C:\Users\Heidi\AppData\Roaming\vlc
2016-01-05 22:04 - 2014-12-14 15:39 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-05 22:04 - 2014-12-14 15:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-04 14:04 - 2013-05-09 12:48 - 00000000 ____D C:\Users\Heidi\Documents\HHH
 
==================== Files in the root of some directories =======
 
2015-05-24 21:43 - 2015-05-24 21:43 - 0000000 _____ () C:\Users\Heidi\AppData\Roaming\27DC.tmp
2015-08-13 00:52 - 2015-08-13 00:52 - 0002430 _____ () C:\Users\Heidi\AppData\Local\recently-used.xbel
2013-12-31 22:06 - 2013-12-31 22:07 - 0828671 ____N () C:\Users\Heidi\AppData\Local\Tempmusic.ogg
 
Some files in TEMP:
====================
C:\Users\Heidi\AppData\Local\Temp\hp_u_232312312.exe
C:\Users\Heidi\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-27 20:57
 
==================== End of FRST.txt ============================
 
 
 
 

Addition.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Heidi (2016-01-31 12:30:54) Run:1
Running from C:\Users\Heidi\Desktop
Loaded Profiles: Heidi (Available Profiles: Heidi & Anne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {001b9916-7270-11e3-be98-8c736eb636c2} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {10c7f6a9-6ed4-11e5-bef7-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {155fbbc9-381f-11e3-be88-8c736eb636c2} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {274972e5-bdc6-11e5-bf0b-3859f9f621ac} - "G:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {4d434157-2589-11e4-bec2-8c736eb636c2} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {54a0270f-d622-11e4-bedf-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {550ddc09-53e0-11e4-bec9-3859f9f621ac} - "G:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {59ffb74f-2d58-11e5-beeb-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {684d9c1a-b31e-11e5-bf08-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {7db156e6-57ac-11e4-bec9-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {84da2dd3-8668-11e4-bed2-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {9990ac96-6a6f-11e5-bef7-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {afeb78d9-8cac-11e3-bea0-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {c789e5b4-cd86-11e4-bedc-8c736eb636c2} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {dce3f442-c723-11e3-beb1-8c736eb636c2} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {ddafe344-2f0f-11e5-beec-3859f9f621ac} - "F:\AutoRun.exe"
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\...\MountPoints2: {e4cb9a9b-3623-11e5-beed-3859f9f621ac} - "F:\AutoRun.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [s-1-5-21-2129919252-2856369786-1848260543-1002] => Proxy is enabled.
ProxyServer: [s-1-5-21-2129919252-2856369786-1848260543-1002] => 127.0.0.1:8118
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NetworkProxy: "user_pref("network.proxy.type", 5)
CHR HomePage: Profile 1 -> hxxp://www.search.ask.com/?gct=hp
CHR DefaultSearchURL: Profile 1 -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> search.ask.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
R2 PrivoxyService; C:\Program Files (x86)\Softcomp Software\privoxy.exe [371200 2016-01-27] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
C:\Users\Heidi\AppData\Local\Temp\hp_u_232312312.exe
C:\Users\Heidi\AppData\Local\Temp\sqlite3.dll
Task: {01AE496A-4636-4BEA-898E-A5693C8E1D63} - \Malware Cleaner -> No File <==== ATTENTION
Task: {04332F3F-2C51-4F0B-B479-DD022DADFDC4} - System32\Tasks\Maintenance Service Viewer => C:\Program Files (x86)\Maintenance Service\MaintenanceService.exe [2015-10-09] (Backup Updater) <==== ATTENTION
Task: {164B43A3-A7E5-4470-86CC-9F7F9E3849D9} - System32\Tasks\id updater task => id-updater.exe
Task: {1AD9BC01-C275-4D83-B044-54E6EA30F6AA} - System32\Tasks\Internet Installer => C:\Users\Heidi\AppData\Roaming\Internet Installer\Internet Installer.exe [2015-08-11] () <==== ATTENTION
Task: {3F7C65EA-72D7-4D06-9B89-B36389083C47} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {7D1EBE85-107C-4277-B6FC-0981D9AA5C81} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA => C:\Users\Heidi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B591C864-44D6-4E97-AE13-10772454B690} - System32\Tasks\Security Updater => C:\Users\Heidi\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {CA3BE627-51C5-4E4E-A938-7A466617170E} - System32\Tasks\Softcomp Software Viewer => C:\Program Files (x86)\Softcomp Software\swjob.exe [2016-01-27] (West CH Soft) <==== ATTENTION
Task: {F0BEA6E9-E09A-4111-925A-AD2AA8FF62B3} - System32\Tasks\Softcomp Software Viewer => C:\Program Files (x86)\Softcomp Software\swjob.exe [2016-01-27] (West CH Soft) <==== ATTENTION
FirewallRules: [{2DA8C6A1-6051-425A-8240-FA5A630EC981}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3A2CC5A-F0D5-419A-8F65-F03819A01488}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8329DA47-0EE0-46CA-89FB-EF569CF751A2}C:\users\heidi\downloads\utorrent.exe] => (Block) C:\users\heidi\downloads\utorrent.exe
FirewallRules: [uDP Query User{CC11BF10-AD20-4985-A78A-3AC568F28E1F}C:\users\heidi\downloads\utorrent.exe] => (Block) C:\users\heidi\downloads\utorrent.exe
FirewallRules: [{4A269488-B3F1-4E98-A72B-E46C882DD5C6}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C2146E69-5EBA-4C27-9521-40E5BC2FA65E}] => (Allow) C:\Users\Heidi\AppData\Roaming\uTorrent\uTorrent.exe
EmptyTemp:
Reboot:

*****************

"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{001b9916-7270-11e3-be98-8c736eb636c2}" => key removed successfully
HKCR\CLSID\{001b9916-7270-11e3-be98-8c736eb636c2} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10c7f6a9-6ed4-11e5-bef7-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{10c7f6a9-6ed4-11e5-bef7-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{155fbbc9-381f-11e3-be88-8c736eb636c2}" => key removed successfully
HKCR\CLSID\{155fbbc9-381f-11e3-be88-8c736eb636c2} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{274972e5-bdc6-11e5-bf0b-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{274972e5-bdc6-11e5-bf0b-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d434157-2589-11e4-bec2-8c736eb636c2}" => key removed successfully
HKCR\CLSID\{4d434157-2589-11e4-bec2-8c736eb636c2} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{54a0270f-d622-11e4-bedf-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{54a0270f-d622-11e4-bedf-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550ddc09-53e0-11e4-bec9-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{550ddc09-53e0-11e4-bec9-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59ffb74f-2d58-11e5-beeb-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{59ffb74f-2d58-11e5-beeb-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{684d9c1a-b31e-11e5-bf08-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{684d9c1a-b31e-11e5-bf08-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7db156e6-57ac-11e4-bec9-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{7db156e6-57ac-11e4-bec9-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84da2dd3-8668-11e4-bed2-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{84da2dd3-8668-11e4-bed2-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9990ac96-6a6f-11e5-bef7-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{9990ac96-6a6f-11e5-bef7-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afeb78d9-8cac-11e3-bea0-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{afeb78d9-8cac-11e3-bea0-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c789e5b4-cd86-11e4-bedc-8c736eb636c2}" => key removed successfully
HKCR\CLSID\{c789e5b4-cd86-11e4-bedc-8c736eb636c2} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce3f442-c723-11e3-beb1-8c736eb636c2}" => key removed successfully
HKCR\CLSID\{dce3f442-c723-11e3-beb1-8c736eb636c2} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddafe344-2f0f-11e5-beec-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{ddafe344-2f0f-11e5-beec-3859f9f621ac} => key not found.
"HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4cb9a9b-3623-11e5-beed-3859f9f621ac}" => key removed successfully
HKCR\CLSID\{e4cb9a9b-3623-11e5-beed-3859f9f621ac} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2129919252-2856369786-1848260543-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Firefox Proxy settings were reset.
Chrome HomePage => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
PrivoxyService => Unable to stop service.
PrivoxyService => service removed successfully
C:\Users\Heidi\AppData\Local\Temp\hp_u_232312312.exe => moved successfully
C:\Users\Heidi\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01AE496A-4636-4BEA-898E-A5693C8E1D63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01AE496A-4636-4BEA-898E-A5693C8E1D63}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04332F3F-2C51-4F0B-B479-DD022DADFDC4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04332F3F-2C51-4F0B-B479-DD022DADFDC4}" => key removed successfully
C:\WINDOWS\System32\Tasks\Maintenance Service Viewer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Maintenance Service Viewer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{164B43A3-A7E5-4470-86CC-9F7F9E3849D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{164B43A3-A7E5-4470-86CC-9F7F9E3849D9}" => key removed successfully
C:\WINDOWS\System32\Tasks\id updater task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\id updater task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AD9BC01-C275-4D83-B044-54E6EA30F6AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AD9BC01-C275-4D83-B044-54E6EA30F6AA}" => key removed successfully
C:\WINDOWS\System32\Tasks\Internet Installer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Internet Installer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F7C65EA-72D7-4D06-9B89-B36389083C47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7C65EA-72D7-4D06-9B89-B36389083C47}" => key removed successfully
C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D1EBE85-107C-4277-B6FC-0981D9AA5C81}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D1EBE85-107C-4277-B6FC-0981D9AA5C81}" => key removed successfully
C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2129919252-2856369786-1848260543-1002UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B591C864-44D6-4E97-AE13-10772454B690}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B591C864-44D6-4E97-AE13-10772454B690}" => key removed successfully
C:\WINDOWS\System32\Tasks\Security Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA3BE627-51C5-4E4E-A938-7A466617170E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA3BE627-51C5-4E4E-A938-7A466617170E}" => key removed successfully
C:\WINDOWS\System32\Tasks\Softcomp Software Viewer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softcomp Software Viewer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0BEA6E9-E09A-4111-925A-AD2AA8FF62B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0BEA6E9-E09A-4111-925A-AD2AA8FF62B3}" => key removed successfully
C:\WINDOWS\System32\Tasks\Softcomp Software Viewer => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Softcomp Software Viewer => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DA8C6A1-6051-425A-8240-FA5A630EC981} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A3A2CC5A-F0D5-419A-8F65-F03819A01488} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8329DA47-0EE0-46CA-89FB-EF569CF751A2}C:\users\heidi\downloads\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CC11BF10-AD20-4985-A78A-3AC568F28E1F}C:\users\heidi\downloads\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A269488-B3F1-4E98-A72B-E46C882DD5C6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2146E69-5EBA-4C27-9521-40E5BC2FA65E} => value removed successfully
EmptyTemp: => 272.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:31:41 ====

Link to post
Share on other sites

  • Root Admin

How is the computer running now?

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

Hello! Sorry for the late answer, have been quite busy with work.

The computer is running quite fine, I see no signs of any redirections. However the proxy server data is filled at the windows settings screen, although the proxy settings are not activated.Perhaps just a leftover.

Here's the log.

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Adobe Flash Player 20.0.0.286  
 Mozilla Firefox (44.0) 
 Google Chrome (48.0.2564.103) 
 Google Chrome (48.0.2564.97) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MpCmdRun.exe   
 Tele2 Mobile Partner OnlineUpdate ouc.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • 4 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.