Jump to content

runtime error (at 97:137) Could not call proc.


Recommended Posts

I thikn I have been infected with ransomware. I tried to install malewarebytes after the fact and am having trouble. When I get to the point of installing the software, it says "runtime error (at 97:137) Could not call proc."

 

Here are the FRST and Addition files pasted.

Thanks in advance for your help,

Matt

 

 

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Matty (administrator) on MATTYS-PC (30-01-2016 14:30:36)
Running from C:\Users\Matty\Downloads
Loaded Profiles: Matty (Available Profiles: Matty & Mcx1-MATTYS-PC & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Safari\Safari.exe" -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Dropbox, Inc.) C:\Users\Matty\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Matty\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\Temp\9A2B102D-E4D5-43E0-A07C-6B086481A4F9\DismHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\Matty\Downloads\RogueKiller.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [sRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-28] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119360 2015-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Run: [EPSON9743B8 (Artisan 720)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGYA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Run: [Dropbox Update] => C:\Users\Matty\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-274505112-3618192152-856981704-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\P250EV~1.SCR [229376 2013-02-02] ( )
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Matty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Matty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Matty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2016-01-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-04-03] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-04-03] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-04-03] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2013-04-03] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Matty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Matty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Matty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2016-01-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Matty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2016-01-30]
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Matty\AppData\Local\Apps\2.0\3YQDCCLN.1X8\6ZM5CCKR.9HO\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\Matty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk [2014-03-07]
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Matty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2014-08-31]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Matty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-07-29] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-07-29] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-07-29] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-07-29] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-07-29] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-07-29] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-07-29] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-07-29] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-07-29] ()
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-07-29] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1bd97387-ad74-423d-971a-e1eadea2700a}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7000f43d-5479-4d56-9f91-455ac581fbc7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-274505112-3618192152-856981704-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130850679070299416&GUID=8172E51F-8AF0-4AF8-AC9E-26E03B3759CB
SearchScopes: HKU\S-1-5-21-274505112-3618192152-856981704-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=MB63BF783-7E74-44C5-BDB7-C40E51406C99&SearchSource=58&CUI=&UM=8&UP=SP5D3C0F66-0109-4564-B876-645A9538CD76&D=081515&q={searchTerms}&SSPV=SP301081TA_sp_ie
SearchScopes: HKU\S-1-5-21-274505112-3618192152-856981704-1000 -> {E3D7AF91-C5E5-4312-8C2E-371AFBE18D76} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} hxxps://www.icloud.com/system/iCloud.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Matty\AppData\Roaming\Mozilla\Firefox\Profiles\nsoujkeo.default
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=MB63BF783-7E74-44C5-BDB7-C40E51406C99&SearchSource=55&CUI=&UM=8&UP=SP5D3C0F66-0109-4564-B876-645A9538CD76&D=081515&SSPV=SP301081TA_sp_ff
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll [2012-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll [2012-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Matty\AppData\Roaming\Mozilla\Firefox\Profiles\nsoujkeo.default\user.js [2015-08-15]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-14] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-18] (Apple Inc.)
FF SearchPlugin: C:\Users\Matty\AppData\Roaming\Mozilla\Firefox\Profiles\nsoujkeo.default\searchplugins\trovi.xml [2015-08-15]
FF HKLM\...\Firefox\Extensions: [{95908f40-bf10-44e2-92d7-4b053ae06408}] - C:\Program Files\shopperz29072015\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{95908f40-bf10-44e2-92d7-4b053ae06408}] - C:\Program Files\shopperz29072015\Firefox => not found
 
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mylu.liberty.edu/user/tmsteenburg/home","hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=MB63BF783-7E74-44C5-BDB7-C40E51406C99&SearchSource=55&CUI=&UM=8&UP=SP5D3C0F66-0109-4564-B876-645A9538CD76&D=081515&SSPV=SP301081TA_sp_ch"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Users\Matty\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-10] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (ShopAtHome.com) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-11-22] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Pandora) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-08-31]
CHR Extension: (iCloud Bookmarks) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-02] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2015-03-19] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (IE Tab) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-04-28] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Kindle Cloud Reader) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-31] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2014-08-31] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Send to Kindle (by Klip.me)) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan [2014-08-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (Google Maps) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-04-28]
CHR Extension: (FB PurityClean Up ) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-08-15] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (RedBull Stratos) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkdcillehlgfleogocdlkbidmhmdcond [2014-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02] [updateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (iCloud) - C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfjiepcafjlmaopmmdfcmdjldjfhlki [2014-08-31]
CHR Extension: (CCuTThePriccee) - C:\ProgramData\clbibloopmlhcdphbeibjlnnllkjopii\ []
CHR HKU\S-1-5-21-274505112-3618192152-856981704-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matty\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 BcmSqlStartupSvc; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [34216 2010-03-25] (Microsoft Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
R2 TosCoSrv; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2015-08-15] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
S3 CSRBC; C:\Windows\System32\Drivers\martianwatch.sys [33280 2012-10-11] (SP)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows ® Codename Longhorn DDK provider)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew00.sys [3349984 2015-07-10] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
S3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-06-26] (Splashtop Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-09-05] (Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-01-30] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 14:31 - 2016-01-30 14:31 - 00036239 _____ C:\Users\Matty\Desktop\FRST.txt
2016-01-30 14:30 - 2016-01-30 14:30 - 00047192 _____ C:\Users\Matty\Desktop\Addition.txt
2016-01-30 14:26 - 2016-01-30 14:26 - 00016148 _____ C:\WINDOWS\system32\MATTYS-PC_Matty_HistoryPrediction.bin
2016-01-30 14:20 - 2016-01-30 14:27 - 00047192 _____ C:\Users\Matty\Downloads\Addition.txt
2016-01-30 14:14 - 2016-01-30 14:30 - 00032166 _____ C:\Users\Matty\Downloads\FRST.txt
2016-01-30 14:14 - 2016-01-30 14:30 - 00000000 ____D C:\FRST
2016-01-30 14:14 - 2016-01-30 14:14 - 02370560 _____ (Farbar) C:\Users\Matty\Downloads\FRST64.exe
2016-01-30 14:13 - 2016-01-30 14:13 - 01721856 _____ (Farbar) C:\Users\Matty\Downloads\FRST.exe
2016-01-30 14:13 - 2016-01-30 14:13 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-30 14:13 - 2016-01-30 14:13 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-30 13:59 - 2016-01-30 14:12 - 20940872 _____ C:\Users\Matty\Downloads\RogueKiller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 14:22 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-30 13:55 - 2014-11-22 23:14 - 00000000 ___RD C:\Users\Matty\iCloudDrive
2016-01-30 13:50 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-30 13:48 - 2015-08-15 18:34 - 01099046 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-30 13:48 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-30 13:44 - 2015-08-15 19:33 - 00000000 __SHD C:\Users\Matty\IntelGraphicsProfiles
2016-01-30 13:44 - 2015-06-18 09:34 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-274505112-3618192152-856981704-1000UA.job
2016-01-30 13:43 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-30 13:42 - 2015-07-10 04:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-01-30 13:41 - 2015-07-10 06:00 - 00680256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-01-30 13:34 - 2015-08-27 16:18 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5352454D-DF83-4563-B2FF-622E6FD2D548}
2016-01-22 20:23 - 2012-07-14 08:49 - 00000000 ____D C:\Users\Matty\AppData\Local\ElevatedDiagnostics
2016-01-01 06:32 - 2015-08-15 19:49 - 00002414 _____ C:\Users\Matty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-01 06:32 - 2012-12-29 10:30 - 00000000 __RDO C:\Users\Matty\SkyDrive
 
Some files in TEMP:
====================
C:\Users\Matty\AppData\Local\Temp\bitool.dll
C:\Users\Matty\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Matty\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvoc82q.dll
C:\Users\Matty\AppData\Local\Temp\oprun30233.exe
C:\Users\Matty\AppData\Local\Temp\SpOrder.dll
C:\Users\Matty\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Matty\AppData\Local\Temp\{81837236-E72A-4DCA-903A-C72F35CD7E33}-DropboxClient_3.8.8.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-01-30 08:57
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Addition
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Matty (2016-01-30 14:31:40)
Running from C:\Users\Matty\Downloads
Windows 10 Pro (X64) (2015-08-16 00:30:58)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-274505112-3618192152-856981704-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-274505112-3618192152-856981704-503 - Limited - Disabled)
Guest (S-1-5-21-274505112-3618192152-856981704-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-274505112-3618192152-856981704-1009 - Limited - Enabled)
Matty (S-1-5-21-274505112-3618192152-856981704-1000 - Administrator - Enabled) => C:\Users\Matty
Mcx1-MATTYS-PC (S-1-5-21-274505112-3618192152-856981704-1007 - Limited - Enabled) => C:\Users\Mcx1-MATTYS-PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.5.502.110 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\23ab716f18849b6f) (Version: 2.0.2013.841 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Liberation HD (HKLM-x32\...\Uplay Install 625) (Version:  - Ubisoft)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
Beats Updater (HKLM-x32\...\{90B2844D-97AE-436C-B552-2AD8A7F10279}) (Version: 2.0.54.0 - Beats Electronics, LLC)
Beats Updater (HKLM-x32\...\{DB050B26-820C-485F-94EA-536B47C2530B}) (Version: 1.1.93.0 - Beats Electronics, LLC)
BibleReader (HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\fc6d9d64ce333d98) (Version: 5.0.4.916 - Olive Tree Bible Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.1.6599 - Thomson Reuters)
EPSON Artisan 720 Series Printer Uninstall (HKLM\...\EPSON Artisan 720 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Flixster (HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\cde6baecc037497b) (Version: 2.5.0.352 - Flixster)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GenoPro 2.5.4.1 (HKLM-x32\...\GenoPro) (Version:  - GenoPro Inc.)
GoldWave v5.67 (HKLM-x32\...\GoldWave v5.67) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.71.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.753 - Paramount Software (UK) Ltd.) Hidden
Martian VC Firmware Updater version 2.18 (HKLM\...\Martian VC Firmware Updater_is1) (Version: 2.18 - )
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-0081-0409-1000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 18.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 18.0.2 (x86 en-US)) (Version: 18.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.3 - Mozilla)
Mozilla Thunderbird 17.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 en-US)) (Version: 17.0.3 - Mozilla)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
Opera 12.02 (HKLM-x32\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
P250 Everything Changes Screen Saver (HKLM-x32\...\P250 Everything Changes) (Version:  - Made with Flat Rock's Screen Saver Studio)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SRS Premium Sound Control Panel (HKLM\...\{75A43A49-A6A1-4FCB-A41E-02D76E166691}) (Version: 1.12.0800 - SRS Labs, Inc.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.96.111090 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
SystemDevelop (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ef82b935}) (Version:  - SystemDevelop) <==== ATTENTION
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.1.2.4 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM\...\SVPW_is1) (Version: 1.0.64.7 - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0023.640204 - TOSHIBA Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Windows Driver Package - Beats Electronics, LLC (KernelModeUSB) USBDevice  (02/11/2015 14.33.52.923) (HKLM\...\9406E469423777D54A77273EF19C483BF7EB8377) (Version: 02/11/2015 14.33.52.923 - Beats Electronics, LLC)
Windows Driver Package - Silverplus (CSRBC) USB  (10/11/2012 15.20.34.165) (HKLM\...\55B7F0876418060903E93B2ABFADE4C1D1789ED3) (Version: 10/11/2012 15.20.34.165 - Silverplus)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinX DVD Ripper Platinum 7.5.7 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WinX HD Video Converter Deluxe 5.0.10 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matty\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Matty\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Matty\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Matty\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Matty\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Matty\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-274505112-3618192152-856981704-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Matty\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {028D3094-6CEB-429A-A473-B526B6626D53} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {082DE4DE-838F-446B-866C-3931B766D2A9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0B61E463-FD21-4A2C-A49A-5080C339BC35} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {10558129-DAF1-4363-BA2F-EAE0BD3A21C2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {118C1006-1D1C-4563-96EC-532BD6682361} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {19A7C369-23BD-42B8-839B-506AB1C65DCC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1E27E7D9-4A19-423E-94C3-B48369C82767} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {1E6346F1-403D-4465-B937-9B1D6BE9A587} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2101FE5B-EEA4-4505-BFF1-71CA3B09C1B5} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-MATTYS-PC => C:\Windows\ehome\McxTask.exe
Task: {2352883E-AD13-44AE-B9A6-E9758955E6EE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {37B31DEA-621F-45D7-AA9A-2E115B884A98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3EDEB4A0-FAD7-46FD-8606-9664F5E064BF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4708A36C-5458-4B87-9B7B-46EF6B5F1A2D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {48CD46B2-8E9C-4275-99DB-674A17BEB680} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {49D991B9-5B0A-4D6B-B531-B5A4A23EC1CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {53B9DA4E-3B49-471D-832F-124DC1D7619C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {578A426E-D91F-4E00-8385-7D96D8E7E74A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5B5ECBA4-4F72-43B6-B182-B100ACCE2DC6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6170D286-5D92-4339-976F-CBB07315D762} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {7177D2E4-9369-4B33-BCBC-14FA9C06976B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {75002807-4421-434A-A261-757EF35A616F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {7D7AFCE9-48A9-46DB-A6BB-4445318959A5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {7E193A28-FB11-432B-B601-EBFAAE996263} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {87D97EC9-AA69-4C58-9205-9ED5D01430CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {89AF4940-5FC2-4643-A22C-1331532526C5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8C318954-5B94-46E5-96B9-8C5C4B2EFC63} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8D11FE7D-3889-4962-8247-ACF54204889A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8EC35412-381D-4562-810A-D4F6491BEEA4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {93E3DCD0-5C4A-407B-80CF-88BA6E21BBCB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-274505112-3618192152-856981704-1000UA => C:\Users\Matty\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {9C385A23-C2DA-467F-B593-2187E33F5AD5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9D49B8CB-FD83-4A7D-9DCA-52221000E0B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F5E1624-6531-42F7-ABDE-19B0F8BDFBA5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A00589FD-0C3C-432A-ABA5-A2F62FC05217} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {AEC53ED4-189B-4E81-B55A-B23D6E67720C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {AFA607F5-04BD-46F3-85F3-1E5C43658294} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B2C9BD5D-F3E4-40C1-B04D-F648549CA27D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B75CEA10-A869-4031-821F-2AE641C3A8C1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {CD5054FC-0108-4277-AC2E-61564A02BA11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D395BCF6-14A1-4538-8A6C-C574B866B484} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-274505112-3618192152-856981704-1000Core => C:\Users\Matty\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {E10E38CC-ED37-4746-A11B-5BA6AFD13BD1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E4FF9BC2-65D6-475E-954D-6332A4144E9B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E97C7BCA-750C-4A69-8BA9-6B72BDFE39EF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F056B206-1E25-4BDF-B364-15EE57FFB29B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {F603A0B3-E8ED-42E8-9A89-B084CBCC6B42} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-274505112-3618192152-856981704-1000Core.job => C:\Users\Matty\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-274505112-3618192152-856981704-1000UA.job => C:\Users\Matty\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-15 22:16 - 2015-08-15 22:16 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-15 20:47 - 2015-07-29 07:21 - 00353608 _____ () C:\WINDOWS\system32\Shjencueit64.dll
2015-08-18 19:12 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-10 08:12 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-10 08:12 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-06-16 15:31 - 2015-06-16 15:31 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-22 14:19 - 2011-08-22 14:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2015-10-10 08:11 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-10 08:12 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-10 08:11 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-10 08:11 - 2015-09-17 00:49 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-10 08:11 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-10 08:12 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-10 08:11 - 2015-09-17 00:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-10 08:12 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-10 08:11 - 2015-09-17 00:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2016-01-30 13:59 - 2016-01-30 14:12 - 20940872 _____ () C:\Users\Matty\Downloads\RogueKiller.exe
2015-10-10 10:43 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-10 10:43 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-10 10:43 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-10 10:43 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-10 10:43 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-30 13:46 - 2016-01-30 13:46 - 00071168 _____ () c:\users\matty\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvoc82q.dll
2012-04-24 20:18 - 2012-04-24 20:18 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
2012-04-24 20:18 - 2012-04-24 20:18 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Matty\Desktop\2012-10-12 17.09.35.mov:com.dropbox.attributes
AlternateDataStreams: C:\Users\Matty\Desktop\2012-10-12 18.42.59.mov:com.dropbox.attributes
AlternateDataStreams: C:\Users\Matty\Desktop\email.jpeg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Matty\Desktop\Phone.jpeg:com.dropbox.attributes
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\sharepoint.com -> hxxps://libertyuniv.sharepoint.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-274505112-3618192152-856981704-1000\...\123simsen.com -> www.123simsen.com
 
There are 7760 more sites.
 

==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2012-11-19 11:51 - 00443522 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 15225 more lines.
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-274505112-3618192152-856981704-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matty\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\thab1600x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 

==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
14-12-2015 09:46:05 Scheduled Checkpoint
22-01-2016 21:37:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/30/2016 02:15:44 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1732) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/30/2016 02:15:44 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1732) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/30/2016 02:15:33 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1732) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/30/2016 02:15:33 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1732) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/30/2016 02:15:23 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1732) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/30/2016 02:15:23 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1732) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/30/2016 02:15:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1732) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/30/2016 02:15:12 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1732) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/30/2016 02:15:02 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1732) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (01/30/2016 02:15:02 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1732) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 

System errors:
=============
Error: (01/30/2016 02:32:16 PM) (Source: DCOM) (EventID: 10010) (User: MATTYS-PC)
Description: {E844CD23-864D-4921-B18B-ED60A150E112}
 
Error: (01/30/2016 02:31:45 PM) (Source: DCOM) (EventID: 10010) (User: MATTYS-PC)
Description: {E844CD23-864D-4921-B18B-ED60A150E112}
 
Error: (01/30/2016 02:31:14 PM) (Source: DCOM) (EventID: 10010) (User: MATTYS-PC)
Description: {E844CD23-864D-4921-B18B-ED60A150E112}
 
Error: (01/30/2016 01:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/30/2016 01:49:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/30/2016 01:49:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/30/2016 01:49:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/30/2016 01:49:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/30/2016 01:49:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/30/2016 01:49:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 

CodeIntegrity:
===================================
  Date: 2015-12-14 08:08:00.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:26.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:26.419
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:26.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:26.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:26.013
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:26.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:25.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:57:25.964
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-14 07:56:38.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Core i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 54%
Total physical RAM: 6039.31 MB
Available physical RAM: 2734.87 MB
Total Virtual: 6999.31 MB
Available Virtual: 3237.81 MB
 
==================== Drives ================================
 
Drive c: (TI106399W0G) (Fixed) (Total:682.78 GB) (Free:174.94 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5F2052F4)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=809 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.6 GB) - (Type=17)
 
==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...
 

Next,Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe   <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefinddnsapi.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.



Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Let me see those results...

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

Hey Kevin,
Here it is
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 10:02 on 31/01/2016 by Matty
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "dnsapi.dll"
C:\Windows\System32\dnsapi.dll --a---- 680256 bytes [11:00 10/07/2015] [18:41 30/01/2016] C287D0E32771E3222A444DC527A29477
 
-= EOF =-

Link to post
Share on other sites

Please do not use Chrome until later when I ask...... thank you.

 

Next,

 

Thanks for the SystemLook log, unfortunately there are no backup copies of dnsapi.dll for the SysWOW folder... lets continue:

 

I`ve attached dnsapi.zip to this reply, download and unzip the folder to your desktop so you have dnsapi.dll on the Desktop. Copy or move that file to the following folder...

 

C:\Windows\SysWow

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Please download MBAM-clean and save it to your desktop.
 

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


Download & install the newset MBAM version.

Please download 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
 

  •    Install the progam and select update.
  •    Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  •    In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  •    Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  •    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  •    Upon completion of the scan (or after the reboot), click the History tab.
  •    Click Application Logs and double-click the Scan Log.
  •    At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

 

 

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin
 

 

 

dnsapi.zip

Fixlist.txt

Link to post
Share on other sites

Thanks for those logs, continue please:

 

Uninstall Spybot S&D, re-boot when complete..

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


 

Next,

 

Make a clean install of Chrome, If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local  from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Next,

 

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning


    drwebselect.JPG

  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats


    drwebfolders.JPG

  • Press start scan
  • The scan will now commence


    drwebscan.JPG

  • Once the scan has finished click open report <<<--- Do not miss this step


    drwebscancomplete.JPG

  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop



This log will be excessive,  Please attach it to your next reply…

Next,

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

Here is the log from ADW cleaner. I had some trouble getting Spybot to uninstall. The old version was never completely uninstalled before the new one was installed so I had to install the old version and then uninstall it.

 

# AdwCleaner v5.032 - Logfile created 01/02/2016 at 20:24:44
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [server]
# Operating system : Windows 10 Pro  (x64)
# Username : Matty - MATTYS-PC
# Running from : C:\Users\Matty\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\DriverTuner
[-] Folder Deleted : C:\Program Files (x86)\CCuTThePriccee
[-] Folder Deleted : C:\Users\Matty\AppData\LocalLow\Yahoo!\Companion
 
***** [ Files ] *****
 

***** [ DLLs ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\32afd15d-9a1a-4bc6-d7e8-9fc2c113879f
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{25A571B5-31FD-45E0-9151-E9E7C93730E7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{395A21F4-8C0F-402D-8CBE-575C2EAE84D0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{25A571B5-31FD-45E0-9151-E9E7C93730E7}
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\DriverTuner
[-] Key Deleted : HKLM\SOFTWARE\DriverTuner_Init
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2C98B47-B5F4-94AA-281D-4135416774CF}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-21-274505112-3618192152-856981704-1000\Software\WEBAPP
[!] Key Not Deleted : HKU\S-1-5-21-274505112-3618192152-856981704-1000\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-21-274505112-3618192152-856981704-1000\Software\Yahoo\YFriendsBar
[!] Key Not Deleted : HKU\S-1-5-21-274505112-3618192152-856981704-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[!] Key Not Deleted : HKU\S-1-5-21-274505112-3618192152-856981704-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E3D7AF91-C5E5-4312-8C2E-371AFBE18D76}
[!] Key Not Deleted : HKU\S-1-5-21-274505112-3618192152-856981704-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E3D7AF91-C5E5-4312-8C2E-371AFBE18D76}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : search here
[-] [C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Users\Matty\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : trovi.search
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3945 bytes] ##########

 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Pro x64
Ran by Matty (Administrator) on Mon 02/01/2016 at 20:47:21.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

File System: 3
 
Successfully deleted: C:\Users\Matty\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Matty\AppData\Roaming\Mozilla\Firefox\Profiles\nsoujkeo.default\extensions\staged (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
 
 
 
Registry: 0
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/01/2016 at 20:51:53.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Thanks for those logs, when DrWeb completes let me see that log also, it will be excessive so please attach it. Dont forget to rerun FRST as follows:

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs....

 

Thank you,

 

Kevin...
 

Link to post
Share on other sites

Thanks for those logs, do not see anything wrong. What is the current status, are there any remaining issues or concerns?

 

One point, in the first fix we did with FRST on malicious file could not be moved "C:\Windows\System32\drivers\cherimoya.sys" => Could not move. i have not seen that file in the latest logs, i`d still like to check be fore we clean up and let you go... Run the following:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe   <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefindcherimoya.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.



Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Thank you,

 

Kevin...
 

Link to post
Share on other sites

How is your system responding now, any issues or concerns? if none run the following:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.