100ec Posted July 19, 2016 ID:1051865 Share Posted July 19, 2016 I'm not sure if this is malware, but here's the problem. I can use my computer's sound for about 1 minute before it mutes. Every time I change the speakers' loudness to fix it, the time between mutes get shorter and shorter until the range of seconds between mutes becomes 2 to 5 seconds. I'm very tired of pressing the arrow keys every two seconds to hear a Skype call. Can someone please identify this problem? If it's malware, how can I get rid of it? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 19, 2016 Root Admin ID:1051875 Share Posted July 19, 2016 Hello @100ec and I've not heard of any such malware but let's go ahead and scan your system for any possible malware and go on from there. Please read the following and post back the logs when ready and we'll see about getting you cleaned up. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. You can check here if you're not sure if your computer is 32-bit or 64-bit Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. When we are done, I'll give you instructions on how to cleanup all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days (If I have not responded within 24 hours, please send me a Private Message as a reminder) STEP 01RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1 | Link 2 On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again. STEP 02Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so. Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable. Make sure that at least the first two check boxes are selected. Click on OK Then click on YES to create the folder. Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe STEP 03 Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following:MBAM Clean Removal Process 2x When reinstalling the program please try the latest version. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Link to post Share on other sites More sharing options...
100ec Posted July 29, 2016 Author ID:1053553 Share Posted July 29, 2016 I'm sorry I have not responded for 10 days. I haven't checked this forum for a while. I think something went wrong with RKill or ERUNT. As soon as I opened the download page for ERUNT, my MalwareBytes page froze and I couldn't reply. This problem still continues to bother me, now on Skype. I'll try to follow these directions. Link to post Share on other sites More sharing options...
100ec Posted July 29, 2016 Author ID:1053554 Share Posted July 29, 2016 I'm sorry I have not responded for 10 days. I haven't checked this forum for a while. I think something went wrong with RKill or ERUNT. As soon as I opened the download page for ERUNT, my MalwareBytes page froze and I couldn't reply. This problem still continues to bother me, especially on Skype. I'll try to follow these directions. Link to post Share on other sites More sharing options...
100ec Posted July 29, 2016 Author ID:1053556 Share Posted July 29, 2016 I don't know this website too well. Just posted the same message twice. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 30, 2016 Root Admin ID:1053599 Share Posted July 30, 2016 The website can sometimes do the double post. Please ignore that for now. Please go through the steps as posted so far and post back the logs and we'll continue Thanks Link to post Share on other sites More sharing options...
100ec Posted July 31, 2016 Author ID:1053844 Share Posted July 31, 2016 Thanks for the help, I managed to use MalwareBytes to destroy ~700 StrongVault files and many cases of malware, but none of them seemed to fix my speaker problem. People have told me there can be viruses even MalwareBytes can't find. I've done about 5 1 hour long scans now... none of them found anything else. Is there anything else I can do to find a solution? Link to post Share on other sites More sharing options...
100ec Posted July 31, 2016 Author ID:1053845 Share Posted July 31, 2016 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/29/2016 Scan Time: 3:14 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.29.11 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kevin Scan Type: Threat Scan Result: Cancelled Objects Scanned: 70091 Time Elapsed: 30 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 22 PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, Quarantined, [10bf39f06535d5610e3ea5d829d9dd23], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [10bf39f06535d5610e3ea5d829d9dd23], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [10bf39f06535d5610e3ea5d829d9dd23], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [10bf39f06535d5610e3ea5d829d9dd23], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ASBarBroker.BDBroker, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ASBarBroker.BDBroker.1, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [6f6067c2e0ba48eef555582531d1cf31], PUP.Optional.WebWatcher, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCE1662E-06F1-413D-80CB-33D456D1CFCB}, Quarantined, [ece317124753df578ae2157fcc360bf5], PUP.Optional.WebWatcher, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FCE1662E-06F1-413D-80CB-33D456D1CFCB}, Quarantined, [ece317124753df578ae2157fcc360bf5], PUP.Optional.IQIYI, HKU\S-1-5-21-828631773-361076270-84588037-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}, Quarantined, [d6f9f23782184fe79f20d0c6aa58ba46], PUP.Optional.IQIYI, HKU\S-1-5-21-828631773-361076270-84588037-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}, Quarantined, [d6f9f23782184fe79f20d0c6aa58ba46], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
100ec Posted July 31, 2016 Author ID:1053846 Share Posted July 31, 2016 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/12/2014 Scan Time: 11:46 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.13.01 Rootkit Database: v2014.10.11.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kevin Scan Type: Threat Scan Result: Completed Objects Scanned: 335822 Time Elapsed: 37 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 RiskWare.Tool.CK, C:\Windows\KMService.exe, 1920, Delete-on-Reboot, [fd38eb2987f5f14558c0ee25ea1805fb] PUP.Optional.SweetPacks.A, C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe, 2276, Delete-on-Reboot, [74c10212d1abc76fbeba57c355ac649c] PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe, 3460, Delete-on-Reboot, [d95c3bd9c0bc1422d8c3b2b264a09e62] Modules: 1 PUP.Optional.Funshion, C:\Program Files (x86)\adress\{6A0C1C99-7599-FB58-43FD-BDCDB5571DB2}\AddressBar.dll, Delete-on-Reboot, [c570fd17582477bf5e8cffb415eda060], Registry Keys: 130 PUP.Optional.SweetPacks.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater By SweetPacks, Quarantined, [74c10212d1abc76fbeba57c355ac649c], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\APPID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4}, Quarantined, [191ce232403c191d6685f9ba0df518e8], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [191ce232403c191d6685f9ba0df518e8], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DD31B76-C57E-49BA-94BC-BF53F0C82CD4}, Quarantined, [191ce232403c191d6685f9ba0df518e8], PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [41f453c1fb811f1761197928847e6d93], PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [41f453c1fb811f1761197928847e6d93], PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [1a1b80943d3fdf57fc20f2e330d242be], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [1a1b80943d3fdf57fc20f2e330d242be], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Quarantined, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Delete-on-Reboot, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.SweetPacks, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Delete-on-Reboot, [42f3ed2725575cda6843dfc2e919da26], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [ca6b5aba7903ba7cbd301b8414ee0000], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [ca6b5aba7903ba7cbd301b8414ee0000], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6A0C1C99-7599-FB58-43FD-BDCDB5571DB2}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA677CC1-D6FA-4B55-825D-6C493F56ED84}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE575A61-09BD-4F3A-B8B5-B55B813B44EC}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\6A0C1C99-7599-FB58-43FD-BDCDB5571DB2.Addr.1, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\6A0C1C99-7599-FB58-43FD-BDCDB5571DB2.Addr, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\6A0C1C99-7599-FB58-43FD-BDCDB5571DB2.Addr, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6A0C1C99-7599-FB58-43FD-BDCDB5571DB2}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\6A0C1C99-7599-FB58-43FD-BDCDB5571DB2.Addr.1, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6A0C1C99-7599-FB58-43FD-BDCDB5571DB2}, Delete-on-Reboot, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6A0C1C99-7599-FB58-43FD-BDCDB5571DB2}, Delete-on-Reboot, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol.1, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.SnavHttpProtocol, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.SnavHttpProtocol, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.SnavHttpProtocol.1, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject.1, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\AddressSearch.JsObject, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.JsObject, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddressSearch.JsObject.1, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05}, Delete-on-Reboot, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05}, Quarantined, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027}, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCB380C4-D350-44BE-8791-50216F4747AC}, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75}, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\CLASSES\ASBarBroker.BDBroker, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.Funshion, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ASBarBroker.BDBroker.1, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Delete-on-Reboot, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Delete-on-Reboot, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [52e3df35413b3303741fcb0802007d83], PUP.Optional.Snapdo.T, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Delete-on-Reboot, [6dc83dd7dba14cea3c80d403837f14ec], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [6dc83dd7dba14cea3c80d403837f14ec], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Delete-on-Reboot, [c86deb29daa2f73f8c786b3053affe02], PUP.Optional.SweetPacks.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, Delete-on-Reboot, [30057c98512bab8bead3b2258a78728e], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, Quarantined, [30057c98512bab8bead3b2258a78728e], PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [bb7abc58225a9d996346d9c831d1e818], PUP.Optional.DefaultTab.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, Delete-on-Reboot, [49ec24f0cdaf57dfccaf673a9969c53b], PUP.Optional.SweetIM.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Delete-on-Reboot, [72c350c4fe7e46f017b8158cf30fe11f], PUP.Optional.FastFreeConverter.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}, Delete-on-Reboot, [ac89cf458af2c1751d544094e121c838], PUP.Optional.FastFreeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}, Quarantined, [ac89cf458af2c1751d544094e121c838], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [bf7632e2d3a9043257cc9e02d9290000], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [bf7632e2d3a9043257cc9e02d9290000], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64, Quarantined, [3ef74fc59ddf0c2af820e43e09fa26da], PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, Quarantined, [44f1f42095e79e98972b37ed13f022de], PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [67ce1ef6ed8f26100597ce80ee15a35d], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\Updater By SweetPacks, Quarantined, [86af31e3196306305822c89f40c40000], Trojan.Agent, HKLM\SOFTWARE\CLASSES\thunder, Quarantined, [082d7c98cdafc96db06242768f746c94], PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [ea4b46ce413b1026da0182c313f0fa06], PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha5056, Quarantined, [8baaf61eaad249edad1e2023897a3cc4], PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1home1112, Quarantined, [78bd9f753943a6906b9398e3e4200df3], PUP.Optional.MyWordTool.A, HKLM\SOFTWARE\WOW6432NODE\MyWordTool, Quarantined, [81b4ec28413b30063a8edd920cf8c33d], PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\PCFixSpeed, Quarantined, [49ec1df72854cf67356878ecce36ee12], Malware.Trace, HKLM\SOFTWARE\WOW6432NODE\Sohu R&D, Quarantined, [77be9084700cc5711194e3fbd82b2ed2], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\Updater By SweetPacks, Quarantined, [5cd9bb59463679bde694491e976d4ab6], Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\thunder, Quarantined, [c76e0311df9d66d01ff370485ba8c63a], PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, Quarantined, [aa8beb293a42c6709f97bc9706fd19e7], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [d65fb85cb7c5152154940b57a55f629e], PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Delete-on-Reboot, [999c2ee6ff7d072f485cf25c4cb78f71], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-6.0, Delete-on-Reboot, [152033e1a2dafa3ced3345fa06fd936d], PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Delete-on-Reboot, [84b19b792d4fd066e8159bcd7d87857b], PUP.Optional.MyWordTool.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MyWordTool, Delete-on-Reboot, [14210b09f28afc3a07c21c53887c956b], PUP.Optional.PCFixSpeed, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PCFixSpeed, Delete-on-Reboot, [3302a76d69136accdbbf372d5fa5758b], Adware.Sogou, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SogouExplorer, Delete-on-Reboot, [aa8be430720a67cfe5afa81d32d1c040], PUP.Optional.WeCare, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Delete-on-Reboot, [41f4fa1a225a290d2ba5f1309c679070], PUP.Optional.CrossRider.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Delete-on-Reboot, [92a3c450b0cc3ff7d9628aecc73dad53], PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Delete-on-Reboot, [ba7bd044bdbf5bdbcf35b490bb485ba5], PUP.Optional.Conduit.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, Delete-on-Reboot, [181d49cb0379f640f67a511607fd35cb], PUP.Optional.ValueApps.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Delete-on-Reboot, [30051ef6aad242f47da9b498c93af10f], PUP.Optional.SuperFish.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Delete-on-Reboot, [63d247cd13695bdb9e93899fef146d93], PUP.Optional.Conduit.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\conduit.com, Delete-on-Reboot, [40f5fc1882fa73c39d9fb2d5ef15f10f], PUP.Optional.SnapDo.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Delete-on-Reboot, [4aeb0a0a13690f27b1ec54f722e144bc], PUP.Optional.SweetIM.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Delete-on-Reboot, [85b03ada0d6fbe78b7305a087d8743bd], Registry Values: 15 PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, C:\Program Files\Updater By SweetPacks\Firefox, Quarantined, [42f3ed2725575cda6843dfc2e919da26] PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [1124769ef18bc0767e34399e6d9535cb], PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [d0650e065c20c2749a189f38c33f46ba], PUP.Optional.SweetPacks, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}, Quarantined, [24111ff5760671c5aefd2c752dd5dc24], PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://search.findwide.com/?guid={C7639D49-84B7-453A-9A88-C67F521E251B}&serpv=22, Quarantined, [2a0b6ca8e49862d4c6426c07f014e020] PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [b77e1ff5c3b934026b45ed2d6d962bd5] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [d95c090b3547ec4a04acf723dc27718f] PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCFixSpeed, "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup, Quarantined, [d95c3bd9c0bc1422d8c3b2b264a09e62] PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{8E9E3331-D360-4f87-8803-52DE43566502}, C:\Program Files\Updater By SweetPacks\Firefox, Quarantined, [003547cd5d1fa78f0b86d94e81829070] PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha5056.net, C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5056\ff, Quarantined, [66cfa470fa82b77f6c60261da65d6d93] PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaWatchV1home1112.net, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home1112\ff, Quarantined, [260f3bd9e49866d05ea17605659f659b] PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {73FEE4E7-8876-11E2-8ED8-00266CC4F5BB}, Quarantined, [d65fb85cb7c5152154940b57a55f629e] PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Delete-on-Reboot, [84b19b792d4fd066e8159bcd7d87857b] PUP.Optional.SnapDo.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoW3i, Delete-on-Reboot, [4aeb0a0a13690f27b1ec54f722e144bc] PUP.Optional.SweetIM.A, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {73FEE4E7-8876-11E2-8ED8-00266CC4F5BB}, Delete-on-Reboot, [85b03ada0d6fbe78b7305a087d8743bd] Registry Data: 5 PUP.Optional.Snapdo, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}),Delete-on-Reboot,[062f090b295373c37dc4f3298481a858] PUP.Optional.FindWide, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://search.findwide.com/?guid={C7639D49-84B7-453A-9A88-C67F521E251B}&serpv=22, Good: (www.google.com), Bad: (http://search.findwide.com/?guid={C7639D49-84B7-453A-9A88-C67F521E251B}&serpv=22),Delete-on-Reboot,[8aab4ec6b4c874c26e98ec31ba4b4db3] PUP.Optional.Snapdo, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}),Delete-on-Reboot,[6ec75aba81fb0432c27e9d7f9372ef11] PUP.Optional.Snapdo, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}),Delete-on-Reboot,[78bd27ed522a9c9ae85bc656d134e11f] PUP.Optional.Snapdo, HKU\S-1-5-21-828631773-361076270-84588037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=597e6e09-6145-47dd-a5bf-d759e596caed&searchtype=ds&q={searchTerms}),Delete-on-Reboot,[b77edd377efe8ea870d468b4de2750b0] Folders: 48 PUP.Optional.SoftwareUpdater.A, C:\Users\Kevin\AppData\Local\SwvUpdater, Quarantined, [1223c94b5626d0665bb2df451de6b947], PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, Quarantined, [44f1f42095e79e98972b37ed13f022de], PUP.Optional.NewPlayer.A, C:\Users\Kevin\AppData\Local\newplayer, Quarantined, [fe371afa68143600cebf6ec3758e4bb5], PUP.Optional.NewPlayer.A, C:\Users\Kevin\AppData\Local\newplayer\config, Quarantined, [fe371afa68143600cebf6ec3758e4bb5], PUP.Optional.NewPlayer.A, C:\Users\Kevin\AppData\Local\newplayer\Playlists, Quarantined, [fe371afa68143600cebf6ec3758e4bb5], PUP.Optional.NewPlayer.A, C:\Users\Kevin\AppData\Local\newplayer\Snap, Quarantined, [fe371afa68143600cebf6ec3758e4bb5], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed\News, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed\Startup, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.NewPlayer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer, Quarantined, [68cd3bd9d5a794a253893e4628dc8b75], PUP.Optional.Funshion, C:\Program Files (x86)\Funshion Online, Quarantined, [ea4b70a4adcf00367803776fc042946c], PUP.Optional.Funshion, C:\Program Files (x86)\Funshion Online\Funshion, Quarantined, [ea4b70a4adcf00367803776fc042946c], PUP.Optional.Funshion, C:\Program Files (x86)\Funshion Online\Funshion\icon, Quarantined, [ea4b70a4adcf00367803776fc042946c], PUP.Optional.Funshion, C:\Program Files (x86)\Funshion Online\Funshion\Media, Quarantined, [ea4b70a4adcf00367803776fc042946c], PUP.Optional.Funshion, C:\Users\Kevin\funshion, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\Baiduflash, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\Baiduflash\subflash, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\Cacheflash, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flash, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashStamp, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\control, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\historyTorrent, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\ini, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\Seed, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.ChinAd, C:\ProgramData\UUSee, Quarantined, [6fc660b4abd11620e5c4f4f23dc52dd3], PUP.Optional.ChinAd, C:\ProgramData\UUSee\Pic, Quarantined, [6fc660b4abd11620e5c4f4f23dc52dd3], PUP.Optional.ChinAd, C:\ProgramData\UUSee\update, Quarantined, [6fc660b4abd11620e5c4f4f23dc52dd3], PUP.Optional.SweetPacks.A, C:\Program Files\Updater By SweetPacks, Delete-on-Reboot, [55e051c3dd9f87af5b2df6f136cc5ba5], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\ct3311333, Quarantined, [47ee3bd92458e353cd5fd8105fa3bd43], PUP.Optional.BundleInstaller.A, C:\Users\Kevin\AppData\Local\Temp\DM\bin, Quarantined, [ab8aa76d9be185b10c3f7277936f7d83], PUP.Optional.NextLive.A, C:\Users\Kevin\AppData\Roaming\newnext.me, Quarantined, [b77ec94b087481b5ff5a90594bb7ce32], PUP.Optional.NextLive.A, C:\Users\Kevin\AppData\Roaming\newnext.me\cache, Quarantined, [b77ec94b087481b5ff5a90594bb7ce32], PUP.Optional.ValueAppsplugin.A, C:\Program Files\Conduit\ValueApps, Quarantined, [03329b7998e43cfa5c3a17d254ae629e], PUP.Optional.ValueAppsplugin.A, C:\Program Files (x86)\Conduit\ValueApps, Quarantined, [38fd7b99b9c3d264177ff7f23dc5f808], PUP.Optional.ValueAppsplugin.A, C:\Users\Kevin\AppData\Local\Conduit\ValueApps, Quarantined, [42f356be85f7fb3befa9c425aa5847b9], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Common, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\mam-ct3319214, Quarantined, [7bbab46004785adc974cc02d45bdfd03], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.SupremeSavings.A, C:\Users\Kevin\AppData\Local\Supreme Savings, Quarantined, [6dc81afacfad290d310228cf996941bf], PUP.Optional.Extutil.A, C:\Users\Kevin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [ea4b060ee29ab086119aeb140ff3e51b], PUP.Optional.Managera.A, C:\Users\Kevin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [ba7baf6587f5c076f6b6d42b6b9738c8], Files: 212 RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [fd38eb2987f5f14558c0ee25ea1805fb], PUP.Optional.SweetPacks.A, C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe, Delete-on-Reboot, [74c10212d1abc76fbeba57c355ac649c], PUP.Optional.Funshion, C:\Program Files (x86)\adress\{6A0C1C99-7599-FB58-43FD-BDCDB5571DB2}\AddressBar.dll, Delete-on-Reboot, [c570fd17582477bf5e8cffb415eda060], PUP.Optional.SoftwareUpdater, C:\Users\Kevin\AppData\Local\SwvUpdater\Updater.exe, Quarantined, [d164110399e34de916e4fda9867c5ea2], PUP.Optional.Funshion, C:\Program Files (x86)\adress\{6A0C1C99-7599-FB58-43FD-BDCDB5571DB2}\ASBarBroker.exe, Quarantined, [a68f84907705989e4d9caf04887ae020], PUP.Optional.FrostwireTB.A, C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll, Quarantined, [1124769ef18bc0767e34399e6d9535cb], Adware.Sogou, C:\Users\Kevin\AppData\Roaming\SogouExplorer\SogouExplorerSetup.exe, Quarantined, [4ee73bd9186445f1328325ff3bca748c], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Roaming\ValueApps\CH\TBVerifier.dll, Quarantined, [61d40e06ea92f73f35aec47ef20e0ff1], PUP.Optional.DomaIQ, C:\Program Files\Uninstaller\Uninstall.exe, Quarantined, [0e2751c3ff7db581d374efef947048b8], PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-828631773-361076270-84588037-1000\$RFIWVVR.exe, Quarantined, [3203e52ff88413233755bea3a859dd23], PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-828631773-361076270-84588037-1000\$R5WF7LP.exe, Quarantined, [79bc64b0d3a92c0ae0ac62ff5ea34bb5], PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-828631773-361076270-84588037-1000\$R98O6RF.exe, Quarantined, [3203b4608fed7cba79136df4986902fe], PUP.Optional.BundleInstaller.A, C:\$Recycle.Bin\S-1-5-21-828631773-361076270-84588037-1000\$REVDP8M.exe, Quarantined, [71c48292710ba2947a138ecb2ed34db3], PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfnapi.dll, Quarantined, [d85d928228545ed86630823c46bb0af6], PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfpapi.dll, Quarantined, [0530a96bd0ac03338c0befcf07fa48b8], PUP.Optional.Amonetize, C:\Windows\SysWOW64\nethtsrv.exe, Quarantined, [78bdd53f5f1dd56133c6ffa150b18080], PUP.Optional.Amonetize, C:\Windows\SysWOW64\netupdsrv.exe, Quarantined, [24113cd8c7b5fb3bf2082c74b849bf41], PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, Quarantined, [053069ab512bf541ff28d6cb728ffc04], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\8oJZMFF3.exe.part, Quarantined, [8fa6be5684f87eb867e4c11329db0ff1], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\gPLjCTmL.exe.part, Quarantined, [c96ce92bcfad7fb74605676d07fd2fd1], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\sp-downloader.exe, Quarantined, [f63f967e6f0de94d9fd065cbdd2407f9], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\IbGXElky.exe.part, Quarantined, [b1848292bfbdf83e05464f858e76f907], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\moiqsdwU.exe.part, Quarantined, [ff36809487f5dc5a98b3b222ca3a37c9], PUP.Optional.BundleInstaller.A, C:\Users\Kevin\AppData\Local\Temp\parent.txt, Quarantined, [7cb95eb6d8a4f93d107d0b4e51b033cd], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\03NNua64.exe.part, Quarantined, [53e241d3d1abd462212a15bfd0341fe1], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\mWJF642c.exe.part, Quarantined, [ab8a1400324a9b9b8bc000d44aba39c7], PUP.Optional.SupremeSavings.A, C:\Users\Kevin\AppData\Local\Temp\19962_updater.exe, Quarantined, [3bfaa074205c06309bf4e980f011b34d], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\I2OftrMN.exe.part, Quarantined, [9c99cf455d1fc6709bb0567ecd379868], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\n2FK4d4a.exe.part, Quarantined, [2b0a56be98e44beb81ca0ec62bd949b7], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsfA902.exe, Quarantined, [161f769ebfbdcd6954ed45f82bd640c0], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\nsgED89.exe, Quarantined, [52e3dd377507cf67e25e9cfa4db458a8], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsk4B48.exe, Quarantined, [cc69050fa4d8be785ee32617c53c7f81], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nskC1D1.exe, Quarantined, [2510c054b2ca52e4cc758db06d94718f], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsp47BE.exe, Quarantined, [83b246cee99356e096ab99a435cca957], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\XLdo7bev.exe.part, Quarantined, [2213aa6aeb919e981d2e6173966e2bd5], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\Zo_lUEod.exe.part, Quarantined, [78bd8b895428fa3c27247e56867e619f], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsq1CF8.exe, Quarantined, [6fc67d97ff7d90a686bb91ac29d8c53b], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\nsqA1E5.exe, Quarantined, [87ae977de498c96d78c85b3bd031bb45], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\nsqE628.exe, Quarantined, [ce671400aad2043210303f5717ead62a], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsr8618.exe, Quarantined, [a194ae66ccb0c96d65dc56e7b44dd42c], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsv42FD.exe, Quarantined, [d461eb2983f9d264f54ce5580af7847c], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsw8EC1.exe, Quarantined, [77be44d00e6e0531c37e8ab352afeb15], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsx3E4D.exe, Quarantined, [5fd6d83c23591c1ace73300d32cf2dd3], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\nsy8956.exe, Quarantined, [c372e1332656af872c140591a55caf51], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsyB06E.exe, Quarantined, [dc5923f1720ac1753110d76607fa1ce4], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\Ir5SIp9K.exe.part, Quarantined, [fb3a0b09e79560d66ddec014020253ad], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\fxhj2tt7.exe.part, Quarantined, [ba7bbf5596e6a4924cffd10353b110f0], PUP.Optional.BundleInstaller.A, C:\Users\Kevin\AppData\Local\Temp\bhsCFAD.tmp, Quarantined, [c3720311dd9f4aec93473afa2dd310f0], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\dlLogic.exe, Quarantined, [de57fb1905773303688df2287f825ea2], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\a_76gDa3.exe.part, Quarantined, [0b2a18fcf08c2313bb90f7dd64a08779], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsaB69A.exe, Quarantined, [ba7b9e76423af244cd74e855669b2ad6], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsb128B.exe, Quarantined, [e2531df725570531eb56ca73c33e0000], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsb1808.exe, Quarantined, [dc5929eb8def989e0938a8957a8719e7], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsb8A4D.exe, Quarantined, [bb7a38dcfa82a29452ef043955ac33cd], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\nsb9CA7.exe, Quarantined, [4aebb85ca8d450e6ec549bfb728fb24e], PUP.Optional.SizlSearch.A, C:\Users\Kevin\AppData\Local\Temp\sizlsearch_ad.exe, Quarantined, [e451819388f4e74f2ec4caccbb49d62a], PUP.Optional.OffersWizard.A, C:\Users\Kevin\AppData\Local\Temp\drvinst01.exe, Quarantined, [ea4b2fe52b51fe38dae181ca2dd802fe], PUP.Optional.FullSpectrumAdmin, C:\Users\Kevin\AppData\Local\Temp\lJHrdpue.exe.part, Quarantined, [6acbb75d88f42511e962a52f08fc11ef], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\SPSetup.exe, Quarantined, [40f540d4c6b6043283b08ba79b667888], PUP.Optional.Conduit, C:\Users\Kevin\AppData\Local\Temp\mam-ct3319214\ctbe.exe, Quarantined, [7fb60c08b4c856e023f1f431a85812ee], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\mam-ct3319214\mamstub.exe, Quarantined, [9e97d73df28a2214fff696847988f50b], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\mam-ct3319214\mam_ch.exe, Quarantined, [e055080cdca01620d21179c9d030926e], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\mam-ct3319214\mam_ff.exe, Quarantined, [e64f74a0f28a37ffa6938ba600003fc1], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\mam-ct3319214\mam_ie.exe, Quarantined, [64d11cf83646ab8b003d8bf2bd4456aa], PUP.Optional.BundleInstaller.A, C:\Users\Kevin\AppData\Local\Temp\6d3728c1-b2f2-4b8f-b93a-c8e7c8fb940e0\parent.txt, Quarantined, [e94c0d07d6a6f0462c61a2b72ad7b34d], Backdoor.Bot, C:\Users\Kevin\AppData\Local\Temp\android\android.exe, Quarantined, [1520d34139432f07bb3b126eba477e82], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\nspF52A\SpSetup.exe, Quarantined, [e74e70a492eaf04657dc80b21fe254ac], Backdoor.Bot, C:\Users\Kevin\AppData\Local\Temp\fe789497-0fa7-4073-b12b-ca750b47cbcc\android.exe, Quarantined, [a68f91838eee71c5b83e285820e1bd43], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\fe789497-0fa7-4073-b12b-ca750b47cbcc\spidentifierimpl.exe, Quarantined, [cd68e82c17651c1a5754e9ae56abb54b], PUP.Optional.NewPlayer, C:\Users\Kevin\AppData\Local\Temp\fe789497-0fa7-4073-b12b-ca750b47cbcc\software\New_Player.exe, Quarantined, [1a1bea2ab9c3201680c74673ea1750b0], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\fe789497-0fa7-4073-b12b-ca750b47cbcc\software\sp-downloader.exe, Quarantined, [9a9b64b0d7a5b383f27de24e5fa23bc5], PUP.Optional.SevereWeatherAlerts, C:\Users\Kevin\AppData\Local\Temp\fe789497-0fa7-4073-b12b-ca750b47cbcc\software\swa1_23.exe, Quarantined, [a2930311ec908caad2c780a314ecfa06], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\fe789497-0fa7-4073-b12b-ca750b47cbcc\software\ValueApps.exe, Quarantined, [161f8d8778043cfab5599a963cc4d62a], PUP.Optional.Wajam.A, C:\Users\Kevin\AppData\Local\Temp\fe789497-0fa7-4073-b12b-ca750b47cbcc\software\wajam_download.exe, Quarantined, [082dc94b116b66d026036ed92fd1e31d], PUP.Optional.Domalq, C:\Users\Kevin\AppData\Local\Temp\DM\parent.txt, Quarantined, [5cd9f1235527dd59d397f536ff010cf4], PUP.Optional.BundleInstaller.A, C:\Users\Kevin\AppData\Local\Temp\DM\setup.exe, Quarantined, [5cd99183b1cba78fb15fbf6950b09c64], PUP.Optional.BundleInstaller.A, C:\Users\Kevin\AppData\Local\Temp\288de2a9-99b1-44fd-8334-3f92f6ae46c10\parent.txt, Quarantined, [6cc901135f1da78f2d603e1b26db4db3], PUP.Optional.SearchProtect.A, C:\Users\Kevin\AppData\Local\Temp\nsb6F8E\SpSetup.exe, Quarantined, [7fb6b65ec3b96fc764fcced26f92d62a], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscA20C.exe, Quarantined, [969f090b54285bdb51f052ebb05146ba], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nse831F.exe, Quarantined, [ee47da3aeb91e056bf82360713ee768a], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh77D1.exe, Quarantined, [f342de3615672c0a48f90e2f867bc43c], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh77D2.exe, Quarantined, [40f52ee67804d165320f063759a82cd4], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn16FE.exe, Quarantined, [072ef222d1ab85b1fb46bc81a25f18e8], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn6339.exe, Quarantined, [969f46ce5725a98d3e03ec510df448b8], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnA0C5.exe, Quarantined, [ad880212e399e84e1130ba8357aaa25e], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnD7EC.exe, Quarantined, [7bbaea2a007cf73f8eb3b78618e9ee12], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso21EC.exe, Quarantined, [1223ca4a5725aa8c80c174c9fb0608f8], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso222A.exe, Quarantined, [9e9764b08af292a4192874c9c9389070], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso8495.exe, Quarantined, [4fe635df75071e18063b2f0ed62b10f0], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssBF5D.exe, Quarantined, [b382ef255626c076cc7574c9a35ed828], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssC3A1.exe, Quarantined, [0530cb49f587003677ca94a955aceb15], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssD2DD.exe, Quarantined, [70c5c351423ae4528bb66cd1d1307789], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx1C6A.exe, Quarantined, [01343cd8572557dfa1a0251845bc8878], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx565D.exe, Quarantined, [969f5cb8bfbdc4728bb66fcece33ca36], PUP.Optional.NextLive.A, C:\Users\Kevin\AppData\Local\genienext\nengine.dll, Quarantined, [300548cc09730d291a486efa867b8779], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys, Quarantined, [3ef74fc59ddf0c2af820e43e09fa26da], PUP.Optional.SoftwareUpdater.A, C:\Users\Kevin\AppData\Local\SwvUpdater\Updater.xml, Quarantined, [1223c94b5626d0665bb2df451de6b947], PUP.Optional.SoftwareUpdater.A, C:\Users\Kevin\AppData\Local\SwvUpdater\status.cfg, Quarantined, [1223c94b5626d0665bb2df451de6b947], PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, Quarantined, [44f1f42095e79e98972b37ed13f022de], PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, Quarantined, [44f1f42095e79e98972b37ed13f022de], PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, Quarantined, [44f1f42095e79e98972b37ed13f022de], PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, Quarantined, [161fd83cd3a95dd934d830f97d863fc1], PUP.Optional.NewPlayer.A, C:\Users\Kevin\AppData\Local\newplayer\log.txt, Quarantined, [fe371afa68143600cebf6ec3758e4bb5], PUP.Optional.NewPlayer.A, C:\Users\Kevin\AppData\Local\newplayer\config\config.ini, Quarantined, [fe371afa68143600cebf6ec3758e4bb5], PUP.Optional.LiveLyrics.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [1b1a70a4235957df12c7d859877c40c0], PUP.Optional.LiveLyrics.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [ca6b070d4d2f5adcd40576bbc93a59a7], PUP.Optional.LiveLyrics.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, Quarantined, [95a0b2628cf063d3d406d95a8a7903fd], PUP.Optional.LiveLyrics.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, Quarantined, [1421ff15522a0630cf0bc56e748f38c8], PUP.Optional.Incredibar.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, Quarantined, [3401f81c64189b9b89e60e2b17ec43bd], PUP.Optional.Incredibar.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal, Quarantined, [79bcd63edaa243f3aac5bf7ac142e818], PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, Quarantined, [f14470a4f18b55e1f3425ff4ac5735cb], PUP.Funshion, C:\Windows\SysWOW64\funshion.ini, Quarantined, [d65f12025e1e43f37f7d50064ab9fe02], PUP.Funshion, C:\Users\Kevin\funshion.ini, Quarantined, [c86def25cdaf6ec8d9271c3b31d25ba5], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed\faq.htm, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_MLM_horizontal.png, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_SO_horizontal.png, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_trialpay_tray_ads.png, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.PCFixSpeed, C:\Users\Kevin\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_uninstall_discount_offer.png, Quarantined, [81b4e4307b0183b3fc79a0d3659f857b], PUP.Optional.NewPlayer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer\NewPlayer.lnk, Quarantined, [68cd3bd9d5a794a253893e4628dc8b75], PUP.Optional.NewPlayer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer\Uninstall.lnk, Quarantined, [68cd3bd9d5a794a253893e4628dc8b75], PUP.Optional.PCFixSpeed, C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe, Delete-on-Reboot, [d95c3bd9c0bc1422d8c3b2b264a09e62], PUP.Optional.Funshion, C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini, Quarantined, [ea4b70a4adcf00367803776fc042946c], PUP.Optional.Funshion, C:\Program Files (x86)\Funshion Online\Funshion\Media\Install Latest Funshion HD Movie.lnk, Quarantined, [ea4b70a4adcf00367803776fc042946c], PUP.Optional.Funshion, C:\Program Files (x86)\Funshion Online\Funshion\Media\Start Funshion HD Movie.lnk, Quarantined, [ea4b70a4adcf00367803776fc042946c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\Cacheflash\blankFs.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\Cacheflash\donghuanew_18.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flash\980EF71B_C41B_511C_2591_1C44D72C2CEC.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\89634A54_922E_5E30_8633_E89A4CE8B964.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\18680DB1_D7A3_8B90_AD69_CD4115C515C6.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\228B58CE_9CC0_3B99_2647_09BC77674226.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\3567D1A2_F901_BF5D_9D97_72243B217C9B.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\3C7B1257_3160_714C_4E00_01379716C6E7.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\4C67ADCE_2662_DA71_0086_1070141D8AFB.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\5A6EBF8C_5C0F_8D70_6029_68BBB414DF95.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\679C241D_19EC_ED1B_5E54_DAC4427886A4.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\7254A885_97CA_A475_7373_36DC13D93788.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\9958486E_2104_F6B2_569F_ACB77DD632A3.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\9CE2CEC8_0C03_81A1_14FC_0C168DA6ABE7.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\A552C355_136A_6CDD_7CB5_4FEBB191DA36.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\A9D17EA9_4B99_5016_5882_D21E06DCEBA3.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\AA50ECC6_F907_B1B2_D98F_7112AAD7FA2F.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\E1E11714_F4BF_7642_CB06_6EFB34609194.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\F0D60BDB_E7F6_FB3B_3286_27DA096DAB3C.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\F19E354E_023A_1660_9AC6_EDB84AE93498.flv, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\cache\flashNew\FC0AAD00_9584_ADDC_330D_6F6D9486A175.swf, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\ini\httpfile.ini, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\ini\temp_config.ini, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\AdLinkParamFile.fax, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\ad_define.fai, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\ad_define.fai.bak, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\ad_material.fax, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\flashParam.txt, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\flashParam.txt.bak, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\Pop Game.lnk, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\popwind.json, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\Shopping Sites.lnk, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Funshion, C:\Users\Kevin\funshion\update\updatexmlfile.txt, Quarantined, [ea4b4dc7a7d525111a6453938181748c], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\ct3311333\chromeid.txt, Quarantined, [47ee3bd92458e353cd5fd8105fa3bd43], PUP.Optional.Conduit.A, C:\Users\Kevin\AppData\Local\Temp\ct3311333\setup.ini.txt, Quarantined, [47ee3bd92458e353cd5fd8105fa3bd43], PUP.Optional.NextLive.A, C:\Users\Kevin\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [b77ec94b087481b5ff5a90594bb7ce32], PUP.Optional.NextLive.A, C:\Users\Kevin\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [b77ec94b087481b5ff5a90594bb7ce32], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\passport.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\TNT2UserPS.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\log.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\MinecraftShims64.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\npTNT2.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\npTNT2Ghost.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\PARTNER.TNT, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\passport64.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\pinnedSearch.htm, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\progress.1.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\regsvr.1.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\RemoteSkin.wms, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\sqlite.1.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\tnt2chrome.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\TNT2User.exe, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\TNT2UserPS64.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\TntMagicDel.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\UnInjLib.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\UnInjLib64.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\UNINSTALL.TNT, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\UninstallDlg.1.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\untar.1.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\UPDATE.TNT, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\xpi.tar, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\2.0.0.1663\zipunzip.1.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Common\GameConsole.exe, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Common\pinnedSearch.htm, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\icon.ico, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\inst.ini, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\LastSession.log, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\os10749.xml, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\PARTNER.1.TNT, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\partner.dat, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\passport.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\passport64.dll, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\runt.ini, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\tnt_32x32.png, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.TidyNetwork.A, C:\Users\Kevin\AppData\Local\TNT2\Profiles\10749\yah10749.xml, Quarantined, [4aeb67ad6b11a69054492bbed42eea16], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\000122.sst, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\000127.ldb, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\000128.log, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\CURRENT, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\LOCK, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\LOG, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\LOG.old, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.CrossRider.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihkeoookbpemkdccdccdmacnidhooohk\MANIFEST-000126, Quarantined, [8ea7b361b7c572c44b54906349b94bb5], PUP.Optional.Extutil.A, C:\Users\Kevin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [ea4b060ee29ab086119aeb140ff3e51b], PUP.Optional.Extutil.A, C:\Users\Kevin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [ea4b060ee29ab086119aeb140ff3e51b], PUP.Optional.Extutil.A, C:\Users\Kevin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [ea4b060ee29ab086119aeb140ff3e51b], PUP.Optional.Managera.A, C:\Users\Kevin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [ba7baf6587f5c076f6b6d42b6b9738c8], PUP.Optional.Managera.A, C:\Users\Kevin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [ba7baf6587f5c076f6b6d42b6b9738c8], Physical Sectors: 0 (No malicious items detected) (end) Those are two of my most important scans. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2016 Root Admin ID:1053872 Share Posted August 1, 2016 Please restart the computer first and then run the following steps and post back the logs when ready.STEP 04 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 05 Let's clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool.Vista / Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed. Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look at the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up, click the Clean button. After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore. STEP 06 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 07 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
100ec Posted August 1, 2016 Author ID:1054008 Share Posted August 1, 2016 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 7 Home Premium x64 Ran by Kevin (Administrator) on 08/01/2016 Mon at 10:36:49.26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 75 Failed to delete: C:\Users\Kevin\AppData\Roaming\sogouexplorer (Folder) Failed to delete: C:\Users\Kevin\AppData\Roaming\tencent (Folder) Failed to delete: C:\Program Files (x86)\sogouinput (Folder) Failed to delete: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X80AU9G (Temporary Internet Files Folder) Failed to delete: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\413U73EM (Temporary Internet Files Folder) Failed to delete: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3YCW1BN (Temporary Internet Files Folder) Failed to delete: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\ai_recyclebin (Folder) Successfully deleted: C:\ProgramData\best buy pc app (Folder) Successfully deleted: C:\ProgramData\sogouinput (Folder) Successfully deleted: C:\ProgramData\strongvault online backup (Folder) Successfully deleted: C:\ProgramData\tencent (Folder) Successfully deleted: C:\ProgramData\thunder network (Folder) Successfully deleted: C:\ProgramData\txqmpc (Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{05FD6A85-CFCB-4533-8747-A4CBFD82DE20} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{134D775D-8F3A-405B-999A-6A1BC294E847} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{1C3FDCF7-C8DA-4AA7-B65C-ACD6CFAEEB5B} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{280233E5-65F7-49BD-8C8A-97E565A187C9} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{327D789A-F0BF-4674-90C7-51B26A4D1FC9} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{38D294BD-12D4-400D-A0D3-06DD36FB79F7} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{3991B8C1-0FB5-4E28-B0AF-5E1A79921255} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{4E9C3DCC-8331-4C8B-A1CB-B98B551C9E8B} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{51A7322D-FA16-4FF3-A0D8-8CC7369D4945} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{51AD5245-DFD5-431E-A95D-DA0E8B0BBF4C} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{653C1D15-8AA8-441C-9BD9-88EFC9D3F846} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{69E104F0-A321-415E-BB07-43F4DD31AA40} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{8004F155-A291-4349-A846-44F9BB601DFA} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{8D8C3A64-6371-4BA8-ACCB-9B96132F2146} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{932D2E3C-2DCD-4159-9D34-DC09E3AA34E5} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{B4984EC5-97D1-4F85-A19B-A23B477D6AE7} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{B9AC588D-1706-4E31-B40C-9A0B5A54A5F7} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{CB329C02-734B-495D-B02A-CBD26C752430} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{D9A31FE0-1C2C-47F9-9B55-F1720ABCF5D4} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\{ED73CAC5-7D6C-4090-ADF9-DB141EA4FFF1} (Empty Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\best buy pc app (Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\stronghold_llc (Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\wandoujia2 (Folder) Successfully deleted: C:\Users\Kevin\Appdata\LocalLow\tencent (Folder) Successfully deleted: C:\Users\Kevin\Appdata\LocalLow\thunder network (Folder) Successfully deleted: C:\Users\Kevin\AppData\Roaming\mywordtool (Folder) Successfully deleted: C:\Users\Kevin\AppData\Roaming\nico mak computing (Folder) Successfully deleted: C:\Users\Kevin\AppData\Roaming\pushapp (Folder) Successfully deleted: C:\Users\Kevin\AppData\Roaming\sogouinput (Folder) Successfully deleted: C:\Users\Public\thunder network (Folder) Successfully deleted: C:\windows\system32\drivers\tfsfltx64.sys (File) Successfully deleted: C:\windows\system32\Tasks\SogouImeMgr (Task) Successfully deleted: C:\Program Files (x86)\Common Files\tencent (Folder) Successfully deleted: C:\Program Files (x86)\GUT8C97.tmp (File) Successfully deleted: C:\Program Files (x86)\tencent (Folder) Successfully deleted: C:\Program Files (x86)\thunder network (Folder) Successfully deleted: C:\Program Files (x86)\wandoujia (Folder) Successfully deleted: C:\Program Files\Common Files\tencent (Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B8YSTMH (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQD1IQX (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZIHTJC0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K08XO11V (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5EPURB1 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8Y0QBV3 (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B8YSTMH (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X80AU9G (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\413U73EM (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQD1IQX (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZIHTJC0 (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K08XO11V (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5EPURB1 (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3YCW1BN (Temporary Internet Files Folder) Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8Y0QBV3 (Temporary Internet Files Folder) Registry: 13 Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\BDSafeBrowser (Registry Key) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\QMUdisk (Registry Key) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SogouUpdate (Registry Key) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TSSKX64 (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4A5E1F97-2F89-48A2-8659-02767040C15F} (Registry Value) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C3ED74B-8703-4003-A1F4-2B2A0C450DD2} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285B4703-3A39-BFE0-A138-A1B5B8029123} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C3ED74B-8703-4003-A1F4-2B2A0C450DD2} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{285B4703-3A39-BFE0-A138-A1B5B8029123} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08/01/2016 Mon at 10:55:01.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
100ec Posted August 1, 2016 Author ID:1054026 Share Posted August 1, 2016 # AdwCleaner v5.201 - Logfile created 01/08/2016 at 11:18:15 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-31.4 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Kevin - KEVIN-PC # Running from : C:\Users\Kevin\Downloads\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : bd0001 [-] Service Deleted : bd0004 [-] Service Deleted : BDSafeBrowser [-] Service Deleted : QMUdisk [-] Service Deleted : TSSKX64 [-] Service Deleted : softaal [-] Service Deleted : SRepairDrv [-] Service Deleted : tsnethlpx64 ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\pptassist [#] Folder Deleted : C:\ProgramData\Application Data\pptassist [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Helper [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 [-] Folder Deleted : C:\Users\Public\Documents\tencent [#] Folder Deleted : C:\Users\Public\Documents\Tencent [-] Folder Deleted : C:\Program Files (x86)\Rising [-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion [-] Folder Deleted : C:\Program Files (x86)\MTV20150510 [-] Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\tencent [#] Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\Tencent [-] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent [#] Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent [-] Folder Deleted : C:\Users\Kevin\AppData\Local\Rising [-] Folder Deleted : C:\Users\Kevin\AppData\Local\pptassist [-] Folder Deleted : C:\Users\Kevin\AppData\LocalLow\Yahoo!\Companion [-] Folder Deleted : C:\Users\Kevin\AppData\Roaming\SogouExplorer [-] Folder Deleted : C:\Users\Kevin\AppData\Roaming\tencent [#] Folder Deleted : C:\Users\Kevin\AppData\Roaming\Tencent [-] Folder Deleted : C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 [-] Folder Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [-] Folder Deleted : C:\Users\Kevin\AppData\Local\VirtualStore\Program Files (x86)\Funshion Online [-] Folder Deleted : C:\Users\Kevin\AppData\Local\VirtualStore\Program Files (x86)\tencent [#] Folder Deleted : C:\Users\Kevin\AppData\Local\VirtualStore\Program Files (x86)\Tencent ***** [ Files ] ***** [-] File Deleted : C:\windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg [-] File Deleted : C:\windows\SysWOW64\drivers\BDArKit.SYS [-] File Deleted : C:\windows\SysWOW64\drivers\TS888x64.sys [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhkfhegcenpfoanmgfpfhnmdmflkbgk_0.localstorage [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhkfhegcenpfoanmgfpfhnmdmflkbgk_0.localstorage-journal [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehhkfhegcenpfoanmgfpfhnmdmflkbgk_0 [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hamachi.en.softonic.com_0.localstorage [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_hamachi.en.softonic.com_0.localstorage-journal [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_th.hao123.com_0.localstorage [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_th.hao123.com_0.localstorage-journal [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage [-] File Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal [-] File Deleted : C:\windows\SysNative\drivers\TSSKX64.sys ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/npandroidassistant [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe] [-] Key Deleted : HKEY_CLASSES_ROOT\.qmgc [-] Key Deleted : HKCU\Software\Classes\softonic [-] Key Deleted : HKCU\Software\Classes\Tencent [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.3gp [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.asf [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.ass [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.avi [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.bdtp [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.bpc [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.bsed [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.bv [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.dat [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.divx [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.f4v [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.flv [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.ifo [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.m2p [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.m2ts [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.m4v [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mkv [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mod [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mov [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mp2v [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mp3 [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mp4 [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mpeg [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mpeg4 [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mpg [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.mts [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.pva [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.rm [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.rmvb [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.srt [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.ssa [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.swf [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.tp [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.tps [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.ts [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.vob [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.webm [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.wma [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduPlayer.wmv [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduSetupAx.SetupCtrl [-] Key Deleted : HKLM\SOFTWARE\Classes\BaiduSetupAx.SetupCtrl.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader [-] Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelper.IEButton [-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelper.IEButton.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.bmp [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.dib [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.emf [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.exif [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.gif [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.ico [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jfif [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jpe [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jpeg [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.jpg [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.png [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.tif [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.tiff [-] Key Deleted : HKLM\SOFTWARE\Classes\MTview.wmf [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles [-] Key Deleted : HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid [-] Key Deleted : HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper [-] Key Deleted : HKLM\SOFTWARE\Classes\QQLiveInstaller.InstallHelper.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50F4150A-48B2-417A-BE4C-C83F580FB904} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{754DF2CE-51E8-4895-B53C-6381418B84AE}] [-] Key Deleted : HKCU\Software\APN PIP [-] Key Deleted : HKCU\Software\Softonic [-] Key Deleted : HKCU\Software\Yahoo\Companion [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar [-] Key Deleted : HKCU\Software\STA [-] Key Deleted : HKCU\Software\PPTAssist [-] Key Deleted : HKCU\Software\TaoTaoSou [-] Key Deleted : HKCU\Software\UCBrowserPID [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\TaoTaoSou [-] Key Deleted : HKLM\SOFTWARE\UCBrowserPID [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\E5C2FB287A9731A45B805D6EA4B541E1 [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\E5C2FB287A9731A45B805D6EA4B541E1 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E5C2FB287A9731A45B805D6EA4B541E1 [-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [TCP Query User{4C095484-3003-454F-AABA-6F4490EA134B}C:\program files (x86)\tencent\qqintl\bin\qq.exe] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [UDP Query User{50E704C6-402C-459C-8DFE-986BAE387A8A}C:\program files (x86)\tencent\qqintl\bin\qq.exe] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6FF7AAE5-C03C-4291-82F9-AE7A06075B51}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2A88D1E5-6C76-4692-98A6-6933F1BA4CF2}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4030A779-BE0C-4856-A635-E04AFC6EC752}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C77F17AB-93F4-407B-BCA0-BCBEFC5D9CD4}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BB4E46CA-3FCF-4A42-B8E2-EBF81AA7D1A9}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D43835C9-1F31-47EE-A6DC-F9A7EAD6B3AF}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{77AA57B2-C0D2-48EB-82FB-1DE9B1A48AF3}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{39F49A29-0AD0-4E5D-A302-22CB7C700B92}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BC9233CD-F508-46B0-83A3-AD493D263FC4}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F5A21F88-CB63-4FE3-B5CF-273920FE71DB}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D50176FA-8E10-4930-9CFA-EB663D1313FB}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{00005762-FEC0-4F39-BD8D-FD0CA46BEE09}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{76834B6A-7E09-485E-BE9C-67540CC007BB}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{DA3DF013-0D09-4DCC-BEA9-9C25D52B8D2E}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BC7B9606-B272-4293-A54C-666A4F007CC8}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A6294A11-1667-4EA3-9A4A-7DD03C897DC0}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{46D5D9C6-C953-422F-B905-374356F57198}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A78D1E7F-2D20-4850-BF4B-46787F9A51CA}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EA72DA0D-B5DC-4DFA-A740-2B3A1310EB31}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E42F4D12-DC26-4788-A899-AC69E77B7AED}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FF37DAF9-C820-4B9D-BEA3-4EE0E4D33CF1}] [-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{12267D4A-3A5A-492C-B1CC-F85A0F1C1B3D}] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\123.sogou.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\2345.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cn.hao123.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\guanjia.qq.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao.360.cn [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mini2015.qq.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\os.qzs.qq.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qzs.qq.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tv.2345.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\user.qzone.qq.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\v.hao123.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\v.qq.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\x.l.qq.com ***** [ Web browsers ] ***** [-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl [-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ehhkfhegcenpfoanmgfpfhnmdmflkbgk [-] [C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [19068 bytes] - [01/08/2016 11:18:15] C:\AdwCleaner\AdwCleaner[R0].txt - [26126 bytes] - [25/10/2014 21:53:32] C:\AdwCleaner\AdwCleaner[R1].txt - [26187 bytes] - [25/10/2014 22:46:35] C:\AdwCleaner\AdwCleaner[S0].txt - [25610 bytes] - [25/10/2014 23:03:31] C:\AdwCleaner\AdwCleaner[S1].txt - [19096 bytes] - [01/08/2016 11:05:14] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19438 bytes] ########## Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 1, 2016 Root Admin ID:1054029 Share Posted August 1, 2016 Please post the Sophos results and a new set of FRST logs when ready. Link to post Share on other sites More sharing options...
100ec Posted August 2, 2016 Author ID:1054048 Share Posted August 2, 2016 Is it normal for Sophos to appear to take about 24 hours? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 2, 2016 Root Admin ID:1054057 Share Posted August 2, 2016 It's very possible, but normally only if you have a very slow system or something is blocking it, or possibly a bad disk. Link to post Share on other sites More sharing options...
100ec Posted August 2, 2016 Author ID:1054099 Share Posted August 2, 2016 2016-08-01 21:37:44.160 Sophos Virus Removal Tool version 2.5.5 2016-08-01 21:37:44.160 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-08-01 21:37:44.160 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-08-01 21:37:44.160 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2016-08-01 21:37:44.164 Checking for updates... 2016-08-01 21:37:47.246 Update progress: proxy server not available 2016-08-01 21:38:23.856 Option all = no 2016-08-01 21:38:23.857 Option recurse = yes 2016-08-01 21:38:23.857 Option archive = no 2016-08-01 21:38:23.857 Option service = yes 2016-08-01 21:38:23.857 Option confirm = yes 2016-08-01 21:38:23.857 Option sxl = yes 2016-08-01 21:38:23.859 Option max-data-age = 35 2016-08-01 21:38:23.859 Option EnableSafeClean = yes 2016-08-01 21:38:25.386 Option vdl-logging = yes 2016-08-01 21:38:25.434 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-08-01 21:38:25.434 Machine ID: 6115321a8f11407782da5c41e348d92b 2016-08-01 21:38:25.436 Component SVRTcli.exe version 2.5.5 2016-08-01 21:38:25.436 Component control.dll version 2.5.5 2016-08-01 21:38:25.437 Component SVRTservice.exe version 2.5.5 2016-08-01 21:38:25.437 Component engine\osdp.dll version 1.44.1.2250 2016-08-01 21:38:25.437 Component engine\veex.dll version 3.65.0.2250 2016-08-01 21:38:25.438 Component engine\savi.dll version 9.0.1.2250 2016-08-01 21:38:25.439 Component rkdisk.dll version 1.5.30.0 2016-08-01 21:38:25.439 Version info: Product version 2.5.5 2016-08-01 21:38:25.441 Version info: Detection engine 3.65.0 2016-08-01 21:38:25.441 Version info: Detection data 5.26 2016-08-01 21:38:25.441 Version info: Build date 2016/4/5 2016-08-01 21:38:25.441 Version info: Data files added 721 2016-08-01 21:38:25.441 Version info: Last successful update (not yet updated) 2016-08-01 21:39:33.622 Downloading updates... 2016-08-01 21:39:33.630 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE527 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE528 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE529 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE530 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE531 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE532 LATEST 2016-08-01 21:39:33.630 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-08-01 21:39:33.631 Update progress: [I19463] Syncing product SAVIW32 70 2016-08-01 21:39:51.296 Update progress: [I19463] Syncing product IDE527 142 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE528 127 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE529 135 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE530 214 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE531 111 2016-08-01 21:40:01.908 Installing updates... 2016-08-01 21:40:02.741 Error level 1 2016-08-01 21:40:03.473 Update progress: [I19463] Syncing product IDE532 1 2016-08-01 21:40:45.311 Update successful 2016-08-01 21:41:05.876 Option all = no 2016-08-01 21:41:05.876 Option recurse = yes 2016-08-01 21:41:05.876 Option archive = no 2016-08-01 21:41:05.876 Option service = yes 2016-08-01 21:41:05.876 Option confirm = yes 2016-08-01 21:41:05.876 Option sxl = yes 2016-08-01 21:41:05.879 Option max-data-age = 35 2016-08-01 21:41:05.879 Option EnableSafeClean = yes 2016-08-01 21:41:06.024 Option vdl-logging = yes 2016-08-01 21:41:06.050 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-08-01 21:41:06.050 Machine ID: 6115321a8f11407782da5c41e348d92b 2016-08-01 21:41:06.053 Component SVRTcli.exe version 2.5.5 2016-08-01 21:41:06.053 Component control.dll version 2.5.5 2016-08-01 21:41:06.053 Component SVRTservice.exe version 2.5.5 2016-08-01 21:41:06.054 Component engine\osdp.dll version 1.44.1.2250 2016-08-01 21:41:06.054 Component engine\veex.dll version 3.65.0.2250 2016-08-01 21:41:06.054 Component engine\savi.dll version 9.0.1.2250 2016-08-01 21:41:06.056 Component rkdisk.dll version 1.5.30.0 2016-08-01 21:41:06.056 Version info: Product version 2.5.5 2016-08-01 21:41:06.058 Version info: Detection engine 3.65.0 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 2, 2016 Root Admin ID:1054108 Share Posted August 2, 2016 Was that the complete log? Please go ahead and run new FRST logs as requested and let me know what issue you're still having or seeing. Late here so I'll check back on you again sometime tomorrow. Thanks Ron Link to post Share on other sites More sharing options...
100ec Posted August 4, 2016 Author ID:1054443 Share Posted August 4, 2016 2016-08-01 21:37:44.160 Sophos Virus Removal Tool version 2.5.5 2016-08-01 21:37:44.160 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-08-01 21:37:44.160 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-08-01 21:37:44.160 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2016-08-01 21:37:44.164 Checking for updates... 2016-08-01 21:37:47.246 Update progress: proxy server not available 2016-08-01 21:38:23.856 Option all = no 2016-08-01 21:38:23.857 Option recurse = yes 2016-08-01 21:38:23.857 Option archive = no 2016-08-01 21:38:23.857 Option service = yes 2016-08-01 21:38:23.857 Option confirm = yes 2016-08-01 21:38:23.857 Option sxl = yes 2016-08-01 21:38:23.859 Option max-data-age = 35 2016-08-01 21:38:23.859 Option EnableSafeClean = yes 2016-08-01 21:38:25.386 Option vdl-logging = yes 2016-08-01 21:38:25.434 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-08-01 21:38:25.434 Machine ID: 6115321a8f11407782da5c41e348d92b 2016-08-01 21:38:25.436 Component SVRTcli.exe version 2.5.5 2016-08-01 21:38:25.436 Component control.dll version 2.5.5 2016-08-01 21:38:25.437 Component SVRTservice.exe version 2.5.5 2016-08-01 21:38:25.437 Component engine\osdp.dll version 1.44.1.2250 2016-08-01 21:38:25.437 Component engine\veex.dll version 3.65.0.2250 2016-08-01 21:38:25.438 Component engine\savi.dll version 9.0.1.2250 2016-08-01 21:38:25.439 Component rkdisk.dll version 1.5.30.0 2016-08-01 21:38:25.439 Version info: Product version 2.5.5 2016-08-01 21:38:25.441 Version info: Detection engine 3.65.0 2016-08-01 21:38:25.441 Version info: Detection data 5.26 2016-08-01 21:38:25.441 Version info: Build date 2016/4/5 2016-08-01 21:38:25.441 Version info: Data files added 721 2016-08-01 21:38:25.441 Version info: Last successful update (not yet updated) 2016-08-01 21:39:33.622 Downloading updates... 2016-08-01 21:39:33.630 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE527 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE528 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE529 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE530 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE531 LATEST 2016-08-01 21:39:33.630 Update progress: [I49502] Found supplement IDE532 LATEST 2016-08-01 21:39:33.630 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-08-01 21:39:33.631 Update progress: [I19463] Syncing product SAVIW32 70 2016-08-01 21:39:51.296 Update progress: [I19463] Syncing product IDE527 142 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE528 127 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE529 135 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE530 214 2016-08-01 21:40:00.220 Update progress: [I19463] Syncing product IDE531 111 2016-08-01 21:40:01.908 Installing updates... 2016-08-01 21:40:02.741 Error level 1 2016-08-01 21:40:03.473 Update progress: [I19463] Syncing product IDE532 1 2016-08-01 21:40:45.311 Update successful 2016-08-01 21:41:05.876 Option all = no 2016-08-01 21:41:05.876 Option recurse = yes 2016-08-01 21:41:05.876 Option archive = no 2016-08-01 21:41:05.876 Option service = yes 2016-08-01 21:41:05.876 Option confirm = yes 2016-08-01 21:41:05.876 Option sxl = yes 2016-08-01 21:41:05.879 Option max-data-age = 35 2016-08-01 21:41:05.879 Option EnableSafeClean = yes 2016-08-01 21:41:06.024 Option vdl-logging = yes 2016-08-01 21:41:06.050 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-08-01 21:41:06.050 Machine ID: 6115321a8f11407782da5c41e348d92b 2016-08-01 21:41:06.053 Component SVRTcli.exe version 2.5.5 2016-08-01 21:41:06.053 Component control.dll version 2.5.5 2016-08-01 21:41:06.053 Component SVRTservice.exe version 2.5.5 2016-08-01 21:41:06.054 Component engine\osdp.dll version 1.44.1.2250 2016-08-01 21:41:06.054 Component engine\veex.dll version 3.65.0.2250 2016-08-01 21:41:06.054 Component engine\savi.dll version 9.0.1.2250 2016-08-01 21:41:06.056 Component rkdisk.dll version 1.5.30.0 2016-08-01 21:41:06.056 Version info: Product version 2.5.5 2016-08-01 21:41:06.058 Version info: Detection engine 3.65.0 2016-08-01 21:41:06.058 Version info: Detection data 5.26 2016-08-01 21:41:06.058 Version info: Build date 2016/4/5 2016-08-01 21:41:06.058 Version info: Data files added 722 2016-08-01 21:41:06.058 Version info: Last successful update 2016/8/1 14:40:45 2016-08-02 04:07:14.574 Could not open C:\hiberfil.sys 2016-08-02 04:08:21.752 >>> Virus 'Mal/Generic-S' found in file C:\KwDownload\Temp\871740E998396EC8.exe 2016-08-02 04:08:21.753 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2016-08-02 04:08:21.753 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2016-08-02 04:08:21.788 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin 2016-08-02 04:08:21.788 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin 2016-08-02 05:16:49.116 Warning: failed to stop service (109: The pipe has been ended.) 2016-08-02 05:16:49.180 Error: scan service had to be terminated 2016-08-02 07:51:56.088 Scan completed. 2016-08-02 07:51:56.088 ------------------------------------------------------------ 2016-08-02 17:23:01.324 Sophos Virus Removal Tool version 2.5.5 2016-08-02 17:23:01.324 Copyright (c) 2009-2014 Sophos Limited. All rights reserved. 2016-08-02 17:23:01.324 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2016-08-02 17:23:01.324 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64 2016-08-02 17:23:01.324 Checking for updates... 2016-08-02 17:23:04.158 Update progress: proxy server not available 2016-08-02 17:26:20.345 Option all = no 2016-08-02 17:26:20.346 Option recurse = yes 2016-08-02 17:26:20.346 Option archive = no 2016-08-02 17:26:20.346 Option service = yes 2016-08-02 17:26:20.346 Option confirm = yes 2016-08-02 17:26:20.346 Option sxl = yes 2016-08-02 17:26:20.346 Option max-data-age = 35 2016-08-02 17:26:20.346 Option EnableSafeClean = yes 2016-08-02 17:26:20.989 Option vdl-logging = yes 2016-08-02 17:26:21.122 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-08-02 17:26:21.123 Machine ID: 6115321a8f11407782da5c41e348d92b 2016-08-02 17:26:22.061 Component SVRTcli.exe version 2.5.5 2016-08-02 17:26:22.062 Component control.dll version 2.5.5 2016-08-02 17:26:22.062 Component SVRTservice.exe version 2.5.5 2016-08-02 17:26:22.063 Component engine\osdp.dll version 1.44.1.2250 2016-08-02 17:26:22.063 Component engine\veex.dll version 3.65.0.2250 2016-08-02 17:26:22.066 Component engine\savi.dll version 9.0.1.2250 2016-08-02 17:26:23.179 Component rkdisk.dll version 1.5.30.0 2016-08-02 17:26:23.179 Version info: Product version 2.5.5 2016-08-02 17:26:23.181 Version info: Detection engine 3.65.0 2016-08-02 17:26:23.181 Version info: Detection data 5.26 2016-08-02 17:26:23.181 Version info: Build date 2016/4/5 2016-08-02 17:26:23.181 Version info: Data files added 722 2016-08-02 17:26:23.181 Version info: Last successful update 2016/8/1 14:40:45 2016-08-02 17:28:10.740 Downloading updates... 2016-08-02 17:28:10.764 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2016-08-02 17:28:10.764 Update progress: [I49502] Found supplement SAVIW32 LATEST 2016-08-02 17:28:10.764 Update progress: [I49502] Found supplement IDE527 LATEST 2016-08-02 17:28:10.764 Update progress: [I49502] Found supplement IDE528 LATEST 2016-08-02 17:28:10.764 Update progress: [I49502] Found supplement IDE529 LATEST 2016-08-02 17:28:10.764 Update progress: [I49502] Found supplement IDE530 LATEST 2016-08-02 17:28:10.764 Update progress: [I49502] Found supplement IDE531 LATEST 2016-08-02 17:28:10.764 Update progress: [I49502] Found supplement IDE532 LATEST 2016-08-02 17:28:10.764 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1 2016-08-02 17:28:10.764 Update progress: [I19463] Syncing product SAVIW32 70 2016-08-02 17:28:10.764 Update progress: [I19463] Syncing product IDE527 142 2016-08-02 17:28:37.920 Update progress: [I19463] Syncing product IDE528 127 2016-08-02 17:28:37.920 Update progress: [I19463] Syncing product IDE529 135 2016-08-02 17:28:37.920 Update progress: [I19463] Syncing product IDE530 214 2016-08-02 17:28:37.920 Update progress: [I19463] Syncing product IDE531 115 2016-08-02 17:28:38.937 Installing updates... 2016-08-02 17:28:39.826 Error level 1 2016-08-02 17:28:42.785 Update progress: [I19463] Syncing product IDE532 1 2016-08-02 17:28:43.090 Update successful 2016-08-02 17:29:21.163 Option all = no 2016-08-02 17:29:21.163 Option recurse = yes 2016-08-02 17:29:21.163 Option archive = no 2016-08-02 17:29:21.163 Option service = yes 2016-08-02 17:29:21.163 Option confirm = yes 2016-08-02 17:29:21.163 Option sxl = yes 2016-08-02 17:29:21.166 Option max-data-age = 35 2016-08-02 17:29:21.166 Option EnableSafeClean = yes 2016-08-02 17:29:21.309 Option vdl-logging = yes 2016-08-02 17:29:21.360 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2016-08-02 17:29:21.360 Machine ID: 6115321a8f11407782da5c41e348d92b 2016-08-02 17:29:21.363 Component SVRTcli.exe version 2.5.5 2016-08-02 17:29:21.363 Component control.dll version 2.5.5 2016-08-02 17:29:21.363 Component SVRTservice.exe version 2.5.5 2016-08-02 17:29:21.364 Component engine\osdp.dll version 1.44.1.2250 2016-08-02 17:29:21.364 Component engine\veex.dll version 3.65.0.2250 2016-08-02 17:29:21.364 Component engine\savi.dll version 9.0.1.2250 2016-08-02 17:29:21.365 Component rkdisk.dll version 1.5.30.0 2016-08-02 17:29:21.366 Version info: Product version 2.5.5 2016-08-02 17:29:21.367 Version info: Detection engine 3.65.0 2016-08-02 17:29:21.367 Version info: Detection data 5.26 2016-08-02 17:29:21.367 Version info: Build date 2016/4/5 2016-08-02 17:29:21.368 Version info: Data files added 726 2016-08-02 17:29:21.368 Version info: Last successful update 2016/8/2 10:28:43 2016-08-03 00:58:27.525 Could not open C:\hiberfil.sys 2016-08-03 00:59:17.989 >>> Virus 'Mal/Generic-S' found in file C:\KwDownload\Temp\871740E998396EC8.exe 2016-08-03 00:59:17.989 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2016-08-03 00:59:17.989 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 2016-08-03 00:59:18.019 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin 2016-08-03 00:59:18.019 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin 2016-08-03 00:59:31.321 Could not open C:\pagefile.sys 2016-08-03 01:40:05.975 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\CmnClnt\_lck\_AVPAPP_{BB639333-810A-4bf8-85F5-C537857F55FC}1 2016-08-03 01:40:05.975 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\CmnClnt\_lck\_ISDATAPR_{E8EFD4CD-DE52-4444-9511-EFF3B158724B}1 2016-08-03 01:40:05.985 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\CmnClnt\_lck\_ISDATAPR_{FF9AC67A-E394-46ae-B150-B3365343F166}G 2016-08-03 01:40:05.985 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\CmnClnt\_lck\_RDRPluginG 2016-08-03 01:40:05.985 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\CmnClnt\_lck\_SNDPluginG 2016-08-03 01:40:05.985 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\CmnClnt\_lck\_SvcMgr-A2B50D70-5EA1-45a0-A983-0DB9E7101676G 2016-08-03 01:40:06.015 Could not open C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\CmnClnt\_lck\_{4E9CB39A-5F78-4887-A3D6-2790DE9DDE11}1 2016-08-03 01:42:03.078 Could not open C:\System Volume Information\{12a7e672-4a05-11e6-a05b-00266cc4f5bb}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-08-03 01:42:03.088 Could not open C:\System Volume Information\{3646fe86-55b3-11e6-924a-00266cc4f5bb}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-08-03 01:42:03.088 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-08-03 01:42:03.088 Could not open C:\System Volume Information\{9b1c63bf-4c59-11e6-908a-00266cc4f5bb}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-08-03 01:42:03.088 Could not open C:\System Volume Information\{ac3ee907-503a-11e6-907d-00266cc4f5bb}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-08-03 01:42:03.088 Could not open C:\System Volume Information\{d3e07a21-5804-11e6-8afc-00266cc4f5bb}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-08-03 01:42:03.088 Could not open C:\System Volume Information\{deaa2f3c-5814-11e6-bb47-00266cc4f5bb}{3808876b-c176-4e48-b7ae-04046e6cc752} 2016-08-03 01:48:35.110 Could not open C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Current Session 2016-08-03 01:48:35.110 Could not open C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2016-08-03 02:28:35.338 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2016-08-03 02:28:35.340 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2016-08-03 02:28:43.775 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2016-08-03 02:28:43.793 Could not open C:\Windows\System32\config\RegBack\SAM 2016-08-03 02:28:43.796 Could not open C:\Windows\System32\config\RegBack\SECURITY 2016-08-03 02:28:43.799 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2016-08-03 02:28:43.802 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2016-08-03 03:10:57.556 Could not open C:\Windows\Temp\TMP000006BAA05FBD2B9ABAE15E 2016-08-03 03:10:57.557 Could not open C:\Windows\Temp\TMP000006BCB849BDAD20892115 2016-08-03 03:10:57.558 Could not open C:\Windows\Temp\TMP000006EBC24CA50BB5027FCF 2016-08-03 03:10:57.559 Could not open C:\Windows\Temp\TMP000006EF063684EDA455C128 2016-08-03 04:54:42.492 Warning: failed to stop service (109: The pipe has been ended.) 2016-08-03 04:54:42.518 Error: scan service had to be terminated Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 4, 2016 Root Admin ID:1054491 Share Posted August 4, 2016 The log says it had trouble stopping a service and stopped. Please post the new logs from FRST and attach them to your next reply. Thanks Link to post Share on other sites More sharing options...
100ec Posted August 4, 2016 Author ID:1054610 Share Posted August 4, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016 Ran by Kevin (administrator) on KEVIN-PC (04-08-2016 14:20:38) Running from C:\Users\Kevin\Downloads Loaded Profiles: Kevin (Available Profiles: Kevin) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Sogou.com Inc) C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Dropbox, Inc.) C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (Dropbox, Inc.) C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Users\Kevin\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMECMNT.EXE (Hengbao) C:\Program Files (x86)\HBBOC\BOCu.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Feitian Technologies Co., Ltd.) C:\Program Files (x86)\FTSafe\BOCNET USBKey Management Suite\BOCUsertool.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (The CefSharp Authors) C:\Users\Kevin\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (The CefSharp Authors) C:\Users\Kevin\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SndVol.exe (WinRAR 压缩管理软件中文版) C:\Program Files\WinRAR\WinRAR.exe () C:\Users\Kevin\AppData\Local\Temp\Rar$EXa0.588\UNITALE_Alpha_0.2.0a.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [IME14 CHS Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110776 2015-10-13] (Microsoft Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [831064 2016-07-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [HengBao UranuSafe CSP V5.0 For BOC] => C:\Program Files (x86)\HBBOC\BOCu.exe [447232 2013-10-31] (Hengbao) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software) HKLM-x32\...\Run: [InterPass3000_BOC] => C:\Program Files (x86)\FTSafe\BOCNET USBKey Management Suite\BOCUsertool.exe [371136 2015-08-03] (Feitian Technologies Co., Ltd.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [IME14 CHS Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81080 2015-10-13] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Run: [QQIntl] => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Run: [ctfmon] => C:\windows\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Run: [sgbzpcwd] => "C:\Users\Kevin\AppData\Roaming\SogouWP\Boot\sgbzpcwd.exe" HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Run: [Dropbox Update] => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-828631773-361076270-84588037-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-828631773-361076270-84588037-1000\...\MountPoints2: {0275a394-09ea-11e3-9796-00266cc4f5bb} - E:\Setup.exe HKU\S-1-5-21-828631773-361076270-84588037-1000\...\MountPoints2: {3fea1b84-135f-11e2-b6d7-00266cc4f5bb} - E:\Setup.exe HKU\S-1-5-21-828631773-361076270-84588037-1000\...\MountPoints2: {4964ab18-f77b-11e5-9616-00266cc4f5bb} - E:\Setup.exe HKU\S-1-5-21-828631773-361076270-84588037-1000\...\MountPoints2: {5c424ac9-3fdf-11e3-9368-00266cc4f5bb} - E:\Setup.exe HKU\S-1-5-21-828631773-361076270-84588037-1000\...\MountPoints2: {6bcea9d0-eba3-11e1-b2a5-00266cc4f5bb} - E:\Setup.exe HKU\S-1-5-21-828631773-361076270-84588037-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-26] (AVAST Software) ShellIconOverlayIdentifiers: [__deskiconu] -> {6856654D-F2F6-4190-B0D9-735EA83DFB86} => C:\Program Files (x86)\Common Files\desktop\desktopiconX64.dll [2014-03-27] () ShellIconOverlayIdentifiers: [__desktopicon] -> {6856654D-F2F6-4190-B0D9-735EA83DFB86} => C:\Program Files (x86)\Common Files\desktop\desktopiconX64.dll [2014-03-27] () ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [__desktopicon] -> {6856654D-F2F6-4190-B0D9-735EA83DFB86} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-28] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-09-11] ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-09-11] ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-11] ShortcutTarget: Dropbox.lnk -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-06-05] ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\Kevin\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe () GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{2ECAB2C5-F663-4A27-B13C-3AFCBA7217B8}: [NameServer] 114.114.114.114,8.8.8.8 Tcpip\..\Interfaces\{8E930CF6-51F0-4E56-A663-A481C21FF0A9}: [NameServer] 114.114.114.114,8.8.8.8 Tcpip\..\Interfaces\{8E930CF6-51F0-4E56-A663-A481C21FF0A9}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer: ================== HKU\S-1-5-21-828631773-361076270-84588037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-828631773-361076270-84588037-1000 -> DefaultScope {3D8B4390-0AF1-440A-9B59-8F69A66B8CCB} URL = hxxp://www.google.com.hk/search?hl=zh-CN&q={searchTerms} SearchScopes: HKU\S-1-5-21-828631773-361076270-84588037-1000 -> {3D8B4390-0AF1-440A-9B59-8F69A66B8CCB} URL = hxxp://www.google.com.hk/search?hl=zh-CN&q={searchTerms} SearchScopes: HKU\S-1-5-21-828631773-361076270-84588037-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=86000085_oem_dg&ch=33 SearchScopes: HKU\S-1-5-21-828631773-361076270-84588037-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-26] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-26] (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-828631773-361076270-84588037-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-828631773-361076270-84588037-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab DPF: HKLM-x32 {1DABF8D5-8430-4985-9B7F-A30E53D709B3} hxxp://dl_dir.qq.com/qqtv/MMInstaller.cab DPF: HKLM-x32 {1E525898-EE12-4002-9374-82D15147F762} hxxp://player.cntv.cn/flashplayer/config/plugins/wCNTVLive202.dll DPF: HKLM-x32 {48FE89A0-486C-48DF-9DEC-BED22BDC6057} hxxp://duiyi.sina.com.cn/download/OroCheck.cab DPF: HKLM-x32 {5A530099-D040-4362-ABDF-B7A71BFDCAEC} hxxp://duiyi.sina.com.cn/download/LiveLauncher.cab DPF: HKLM-x32 {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} hxxp://t.live.cntv.cn/ieocx/CCTVUpdateInstall.dll DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E758BC30-C8C3-4379-B27B-B50E146460A9} hxxp://update.tv.sina.com.cn/live/p2p/install_service_v4.cab.cab DPF: HKLM-x32 {F553452A-E0A8-489F-9E82-4A6360136F8A} hxxp://weiqi.sports.sohu.com/qipu/QfGoLivingBroadcastCtrl.cab Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\KUGOO3~1.OCX No File Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou\KGMusic\KUGOO3~1.OCX No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] () FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @baidu.com/npBdyyPlugin -> C:\Program Files (x86)\baidu\BaiduPlayer\4.0.1.85\npbdyy.dll [No File] FF Plugin-x32: @baidu.com/npxbdsetup -> C:\windows\Downloaded Program Files\37080844\npxbdsetup.dll [No File] FF Plugin-x32: @baidu.com/npxbdyy -> C:\Program Files (x86)\baidu\BaiduPlayer\4.0.1.85\npxbdyy.dll [No File] FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File] FF Plugin-x32: @cfca.com/npCryptoKit.BOC.x86,version=3.4.0.5 -> C:\windows\system32\npCryptoKit.BOC.x86.dll [No File] FF Plugin-x32: @cfca.com/npCryptoKit.BOC.x86,version=3.4.0.7 -> C:\windows\system32\npCryptoKit.BOC.x86.dll [No File] FF Plugin-x32: @cfca.com/SecEditCtl.BOC,version=1.0.0.9 -> C:\windows\system32\npSecEditCtl.BOC.x86.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File] FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation) FF Plugin-x32: @kingsfot.com/npkws -> c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll [No File] FF Plugin-x32: @microdone.cn/UPEditor -> C:\windows\system32\UPEdit\npUPEditor2.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [No File] FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.6.7.0045\nppluginEx.dll [No File] FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File] FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File] FF Plugin-x32: @qq.com/npqscall,version=1.0.0 -> %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll [No File] FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2014-10-19] (Thunder Networking Technologies,LTD) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-828631773-361076270-84588037-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-fcb87185003640ba\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-828631773-361076270-84588037-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-fcb87185003640ba\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-828631773-361076270-84588037-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2014-10-19] (Thunder Networking Technologies,LTD) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-20] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npstartservicep.dll [2012-06-07] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npuuseep.dll [2010-09-09] ( ) FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6192\ff [not found] FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release511\ff [not found] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-16] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-27] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2012-02-10] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2016-08-04] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-27] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\npCryptoKit.BOC.x86.js [2014-01-29] FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-17] <==== ATTENTION Chrome: ======= CHR StartupUrls: Default -> "" CHR DefaultSearchURL: Default -> hxxps://www.chess.com/tactics/ CHR Profile: C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2016-04-27] CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (ImprovedTube - YouTube Extension) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2016-07-29] CHR Extension: (Tampermonkey) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-25] CHR Extension: (Home - New Tab Page) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2016-08-01] CHR Extension: (Avast SafePrice) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29] CHR Extension: (DO IT!) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppncnmppghbndacgkideegigaminkfg [2016-07-28] CHR Extension: (Home - Accurate Weather) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\foomlpdinaehlbhlncohiekomfdnicbj [2016-07-28] CHR Extension: (Google Docs Offline) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Click&Clean) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2016-07-18] CHR Extension: (Avast Online Security) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-29] CHR Extension: (agar.io server browser) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2015-12-21] CHR Extension: (Coupons at Checkout) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-03-28] CHR Extension: (StayFocusd) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-05-10] CHR Extension: (Iomods) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjgdbihpkphlammdaeicdemggagfbdo [2016-04-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Downworthy) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkaoiecplgdldkfihclpndbakokopjde [2016-05-09] CHR Extension: (Chrome Media Router) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-26] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-26] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-07-26] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [472112 2016-07-26] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1453696 2016-07-26] (Avira Operations GmbH & Co. KG) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-26] (AVAST Software) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG) R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 OmniAddrService; C:\Program Files (x86)\SogouInput\Components\AddressSearch\OmniAddr\OmniAddrService.exe [154352 2014-07-10] (Sogou.com Inc) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-30] (Electronic Arts) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 TQCal1422855048546Service; C:\Users\Kevin\AppData\Roaming\tqrili\layday.exe [X] S2 TQCal1423098806729Service; C:\Users\Kevin\AppData\Roaming\tqrili\layday.exe [X] S2 TQCal1423269752733Service; C:\Users\Kevin\AppData\Roaming\tqrili\layday.exe [X] S2 TQCal1423342443653Service; C:\Users\Kevin\AppData\Roaming\tqrili\layday.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-26] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-26] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-26] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-26] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-02] (AVAST Software) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-10] (Avira Operations GmbH & Co. KG) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111014.001\BHDrvx64.sys [1155704 2011-10-14] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-09-11] (Symantec Corporation) S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-10-25] () R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111018.030\IDSvia64.sys [488568 2011-09-09] (Symantec Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-04] (Malwarebytes) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111018.022\ENG64.SYS [117880 2011-09-11] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111018.022\EX64.SYS [2048632 2011-09-11] (Symantec Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R2 PassGuard; C:\windows\system32\drivers\PassGuard_x64.sys [111416 2014-09-19] () S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-11] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation) S3 ksapi64; \??\C:\windows\system32\drivers\ksapi64.sys [X] S1 LongRADrv; \??\C:\Program Files (x86)\cloud\LongRADrv.sys [X] S2 ProtectorA; \??\C:\windows\system32\drivers\ProtectorA.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-04 14:20 - 2016-08-04 14:23 - 00044738 _____ C:\Users\Kevin\Downloads\FRST.txt 2016-08-04 14:17 - 2016-08-04 14:20 - 00000000 ____D C:\FRST 2016-08-02 10:57 - 2016-08-02 15:43 - 00000000 ____D C:\Users\Kevin\AppData\LocalLow\RbxLogs 2016-08-02 10:54 - 2016-08-02 10:54 - 00000000 ____D C:\Users\Kevin\Documents\ROBLOX 2016-08-01 14:37 - 2016-08-01 14:38 - 00000000 ____D C:\ProgramData\Sophos 2016-08-01 14:30 - 2016-08-01 14:30 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-08-01 14:30 - 2016-08-01 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-08-01 14:29 - 2016-08-01 14:29 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-08-01 13:55 - 2016-08-02 10:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\Roblox 2016-08-01 13:37 - 2016-08-02 11:09 - 00000244 _____ C:\Users\Kevin\AppData\LocalLow\rbxcsettings.rbx 2016-08-01 13:37 - 2016-08-01 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox 2016-08-01 13:37 - 2016-08-01 13:37 - 00000000 ____D C:\ProgramData\Roblox 2016-08-01 13:37 - 2016-08-01 13:37 - 00000000 ____D C:\Program Files (x86)\Roblox 2016-08-01 13:36 - 2016-08-01 13:37 - 01059832 _____ (ROBLOX Corporation) C:\Users\Kevin\Downloads\RobloxPlayerLauncher.exe 2016-08-01 11:52 - 2016-08-01 11:55 - 155926160 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool.exe 2016-08-01 11:01 - 2016-08-01 11:02 - 02394112 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe 2016-08-01 10:55 - 2016-08-01 10:55 - 00010683 _____ C:\Users\Kevin\Desktop\JRT.txt 2016-08-01 10:37 - 2016-08-01 10:37 - 03712064 _____ C:\Users\Kevin\Downloads\AdwCleaner.exe 2016-08-01 10:34 - 2016-08-01 10:35 - 01610560 _____ (Malwarebytes) C:\Users\Kevin\Downloads\JRT.exe 2016-07-29 15:10 - 2016-07-29 15:10 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-29 15:07 - 2016-07-29 15:07 - 22851472 _____ (Malwarebytes ) C:\Users\Kevin\Downloads\mbam-setup-2.2.1.1043.exe 2016-07-29 14:56 - 2016-07-29 14:56 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\iExplore64.exe 2016-07-29 14:19 - 2016-07-29 14:57 - 00001800 _____ C:\Users\Kevin\Desktop\Rkill.txt 2016-07-29 14:19 - 2016-07-29 14:19 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\rkill64.exe 2016-07-29 14:18 - 2016-07-29 14:18 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\iExplore.exe 2016-07-29 13:53 - 2016-07-29 13:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\rkill.exe 2016-07-25 17:23 - 2016-07-25 17:23 - 03282975 _____ C:\Users\Kevin\Downloads\Unitale Mod - Frisk - By Pably13.rar 2016-07-25 16:59 - 2016-08-04 14:01 - 16984236 _____ C:\Users\Kevin\Downloads\UNITALE Alpha 0.2.0a for Windows.zip 2016-07-25 16:48 - 2016-07-25 16:49 - 12322398 _____ C:\Users\Kevin\Downloads\UNITALE Alpha 0.1.2c for Windows.zip 2016-07-25 16:41 - 2016-07-25 16:41 - 00000000 ____D C:\Users\Kevin\AppData\Local\Clickertale 2016-07-25 16:37 - 2016-07-25 16:41 - 00000000 ____D C:\windows\SysWOW64\directx 2016-07-25 16:30 - 2016-07-25 16:31 - 102440296 _____ C:\Users\Kevin\Downloads\For-Windows-64-bit.rar 2016-07-19 11:12 - 2016-07-19 11:12 - 00000000 ____D C:\Users\Kevin\Tracing 2016-07-19 11:11 - 2016-07-19 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-07-19 11:10 - 2016-07-19 11:10 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2016-07-19 11:05 - 2016-07-19 11:06 - 01463416 _____ (Skype Technologies S.A.) C:\Users\Kevin\Downloads\SkypeSetup.exe 2016-07-18 14:00 - 2016-07-18 14:00 - 00001080 _____ C:\Users\Kevin\Downloads\DeezNutsJrBakery (1).txt 2016-07-18 13:56 - 2016-07-18 13:56 - 00001072 _____ C:\Users\Kevin\Downloads\DeezNutsJrBakery.txt 2016-07-17 16:51 - 2016-07-17 16:52 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\npm-cache 2016-07-17 16:35 - 2016-07-17 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js 2016-07-17 16:35 - 2016-07-17 16:36 - 00000000 ____D C:\Program Files\nodejs 2016-07-17 16:19 - 2016-07-17 16:20 - 12308480 _____ C:\Users\Kevin\Downloads\node-v6.3.0-x64.msi 2016-07-11 14:50 - 2016-07-11 14:50 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-04 14:21 - 2011-06-17 23:54 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-04 14:17 - 2011-09-11 23:23 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype 2016-08-04 14:00 - 2015-02-24 20:08 - 00000000 ____D C:\Users\Kevin\Desktop\Eric 2016-08-04 13:32 - 2012-07-17 16:05 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-08-04 13:02 - 2014-10-12 23:45 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-04 11:49 - 2015-12-21 10:42 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2016-08-04 11:47 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-04 11:47 - 2009-07-13 21:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-04 11:39 - 2011-09-11 23:20 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-08-04 11:39 - 2011-09-11 23:20 - 00000000 ____D C:\ProgramData\Skype 2016-08-04 11:38 - 2015-05-18 15:55 - 00000000 ___RD C:\Users\Kevin\Dropbox 2016-08-04 11:35 - 2015-08-19 11:23 - 00000000 ____D C:\windows\System32\Tasks\Remediation 2016-08-04 11:33 - 2011-06-17 23:54 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-04 11:32 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-08-03 18:24 - 2015-12-20 17:25 - 00000000 ____D C:\ProgramData\Origin 2016-08-03 15:55 - 2015-06-18 10:44 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-828631773-361076270-84588037-1000Core.job 2016-08-02 15:43 - 2009-07-13 19:34 - 00000632 _____ C:\windows\win.ini 2016-08-02 10:20 - 2015-12-21 10:34 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys 2016-08-01 11:18 - 2014-10-25 21:51 - 00000000 ____D C:\AdwCleaner 2016-08-01 11:18 - 2012-12-18 20:58 - 00000000 ____D C:\Users\Kevin\AppData\LocalLow\Yahoo! 2016-08-01 11:18 - 2012-12-18 20:58 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2016-08-01 10:41 - 2012-11-23 23:34 - 00000000 ____D C:\Program Files (x86)\SogouInput 2016-07-29 20:14 - 2014-06-17 15:24 - 00000000 ____D C:\Users\Kevin\AppData\Local\ElevatedDiagnostics 2016-07-29 18:11 - 2009-07-13 22:32 - 00000000 ____D C:\windows\addins 2016-07-29 15:10 - 2014-10-12 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-29 15:10 - 2014-10-12 23:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-28 15:16 - 2011-06-17 23:54 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-28 15:16 - 2011-06-17 23:54 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2016-07-27 11:00 - 2015-11-12 12:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-07-26 14:32 - 2012-10-10 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-07-26 14:23 - 2013-03-27 16:44 - 00171752 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2016-07-26 14:23 - 2013-03-27 16:44 - 00145984 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2016-07-25 16:39 - 2011-06-17 23:51 - 00000000 ___HD C:\windows\msdownld.tmp 2016-07-25 11:04 - 2014-08-12 09:13 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-21 15:15 - 2011-09-16 22:22 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps 2016-07-19 11:12 - 2011-09-11 14:50 - 00000000 ____D C:\Users\Kevin 2016-07-19 11:10 - 2014-02-28 07:59 - 00000000 ____D C:\Users\Kevin\AppData\Local\Skype 2016-07-17 16:40 - 2016-02-28 13:50 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Notepad++ 2016-07-17 16:15 - 2015-12-21 15:36 - 00000063 _____ C:\Users\Kevin\.node_repl_history 2016-07-17 13:30 - 2012-10-15 23:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-07-14 14:33 - 2012-07-17 16:05 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2016-07-14 14:33 - 2012-04-05 06:30 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2016-07-14 14:33 - 2011-09-18 21:45 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-14 14:11 - 2014-12-25 15:45 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-13 14:15 - 2015-12-21 15:22 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\npm 2016-07-13 12:30 - 2015-02-24 20:03 - 00000000 ____D C:\Users\Kevin\AppData\Local\Growtopia 2016-07-13 01:05 - 2011-11-14 08:40 - 00000000 ____D C:\windows\system32\Macromed 2016-07-13 01:04 - 2011-03-23 18:11 - 00000000 ____D C:\windows\SysWOW64\Macromed 2016-07-11 14:50 - 2015-05-18 15:50 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Dropbox 2016-07-10 19:16 - 2009-07-13 22:32 - 00000000 ____D C:\windows\system32\FxsTmp ==================== Files in the root of some directories ======= 2012-05-08 01:44 - 2012-05-08 01:44 - 0009662 _____ () C:\Program Files (x86)\shop.ico 2013-08-01 00:03 - 2013-08-01 00:03 - 0016958 _____ () C:\Program Files (x86)\zhibo.ico 2015-11-30 12:47 - 2015-11-30 12:47 - 0005120 _____ () C:\Users\Kevin\AppData\Roaming\GiftBag.db 2015-12-02 10:44 - 2015-12-02 10:44 - 0005068 _____ () C:\Users\Kevin\AppData\Roaming\SLUnVfs3Sw.4YL 2014-08-24 16:16 - 2014-08-24 16:07 - 0035894 __RSH () C:\ProgramData\366.ico 2014-05-14 18:03 - 2014-05-14 18:03 - 0049334 _____ () C:\ProgramData\ie110.ico 2015-12-03 12:16 - 2015-12-03 12:16 - 0005068 _____ () C:\ProgramData\qPsW5bb6bD9v9M.dat Files to move or delete: ==================== C:\ProgramData\qPsW5bb6bD9v9M.dat C:\Users\Kevin\mediaenchx32.dll C:\Users\Kevin\mediaenchx321.dll C:\Users\Kevin\mediaenchx3210.dll C:\Users\Kevin\mediaenchx322.dll C:\Users\Kevin\mediaenchx323.dll C:\Users\Kevin\mediaenchx324.dll C:\Users\Kevin\mediaenchx325.dll C:\Users\Kevin\mediaenchx326.dll C:\Users\Kevin\mediaenchx327.dll C:\Users\Kevin\mediaenchx328.dll C:\Users\Kevin\mediaenchx329.dll C:\Users\Kevin\webphonecfg.dat C:\Users\Kevin\webphonecfgb.dat Some files in TEMP: ==================== C:\Users\Kevin\AppData\Local\Temp\avgnt.exe C:\Users\Kevin\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Kevin\AppData\Local\Temp\FileAssociationsTool.exe C:\Users\Kevin\AppData\Local\Temp\libeay32.dll C:\Users\Kevin\AppData\Local\Temp\msvcr120.dll C:\Users\Kevin\AppData\Local\Temp\SHUninstall.exe C:\Users\Kevin\AppData\Local\Temp\SHVersion.dll C:\Users\Kevin\AppData\Local\Temp\SohuTool.dll C:\Users\Kevin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-08 11:28 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
100ec Posted August 4, 2016 Author ID:1054612 Share Posted August 4, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by Kevin (2016-08-04 14:27:22) Running from C:\Users\Kevin\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-09-11 21:50:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-828631773-361076270-84588037-500 - Administrator - Disabled) Guest (S-1-5-21-828631773-361076270-84588037-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-828631773-361076270-84588037-1002 - Limited - Enabled) Kevin (S-1-5-21-828631773-361076270-84588037-1000 - Administrator - Enabled) => C:\Users\Kevin ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.17) - Chinese Simplified (HKLM-x32\...\{AC76BA86-7AD7-2052-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) adress (HKLM-x32\...\adress) (Version: 1.2.0.5 - adress) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6.13.1462 - Avira Operations GmbH & Co. KG) BaiduPlayer4.0.1.85 (HKLM-x32\...\BaiduPlayer) (Version: 4.0.1 - Baidu Online Network Technology (Beijing) Co., Ltd.) Best Buy pc app (Version: 3.2.2.1 - Best Buy) Hidden Best Buy pc app (x32 Version: 3.2.2.1 - Best Buy) Hidden BOCNET USBKey Management Suite (HKLM-x32\...\BOCNET USBKey Management Suite) (Version: 5.1.0.18 - HengBao, Inc.) BOCNET USBKey Management(FTSafe) (HKLM-x32\...\InterPass3000-4b91-90CB-F11ED46DE178_BOC1.0.15.0804) (Version: 1.0.15.0804 - Feitian Technologies Co., Ltd.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCB USB LOW Key Tool (HKLM-x32\...\{38A3DA17-C44A-4DCA-B2B6-485F7B730B0F}) (Version: 3.4.0 - Beijing WatchData System Co. Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) ChessBase Reader (HKLM-x32\...\{03B89E4C-FB48-4CC2-92BF-54F601CEF8B9}) (Version: 12.37.0.0 - ChessBase) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.128.0.66 - Conexant) CRT_Setup (HKLM-x32\...\{6D721B12-C3D8-4316-A8D6-37D2F0397ABE}) (Version: 1.0.0 - Baidu) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dasher (HKLM-x32\...\Dasher) (Version: - Internet Chess Club) Dropbox (HKU\S-1-5-21-828631773-361076270-84588037-1000\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Facebook Games Arcade 0.6.0.1 (HKLM-x32\...\{F31484D6-A5E7-401E-B571-8B035E27AB56}) (Version: 0.6.0.1 - Facebook) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Growtopia (remove only) (HKLM-x32\...\Growtopia) (Version: - ) HD Writer AE 3.0 (HKLM-x32\...\{5678B15A-504C-4A79-8554-05488A206E41}) (Version: 3.00.019.1033 - Panasonic Corporation) Infix PDF Editor version 6.2.0.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.2.0.0 - Iceni Technology) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Jade Empire (HKLM-x32\...\{EEAA7AC3-F651-4842-86E0-4C755181388B}) (Version: 1.0.1.1 - Electronic Arts) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel) Majestic Chess (HKLM-x32\...\{A25DAEDA-5558-4E1D-931A-5D57053FDFED}) (Version: 1.00.0000 - ValuSoft) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.) Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts) Media View (HKLM-x32\...\MediaViewV1alpha5056) (Version: 1.1 - Media View) <==== ATTENTION Media Watch (HKLM-x32\...\MediaWatchV1home1112) (Version: 1.1 - Media Watch) <==== ATTENTION Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts) Neevia PDFmerge/split v3.4 (HKLM-x32\...\Neevia PDFmerge/split suite_is1) (Version: - neeviaPDF.com) Node.js (HKLM\...\{D976034B-3213-4136-A5EA-785C6675593B}) (Version: 6.3.0 - Node.js Foundation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) npCryptoKit.BOC.x86 (only remove) (HKLM-x32\...\npCryptoKit.BOC.x863004005) (Version: - CFCA) npCryptoKit.BOC.x86 (only remove) (HKLM-x32\...\npCryptoKit.BOC.x863004007) (Version: - CFCA) Origin (HKLM-x32\...\Origin) (Version: 9.10.1.1501 - Electronic Arts, Inc.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden SecEditCtl.BOC (only remove) (HKLM-x32\...\SecEditCtl.BOC01000009) (Version: - CFCA) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version: - Microsoft) SinaWeiqi (HKLM-x32\...\{A1D87855-03A5-41EE-9FF2-2469A2313BDE}) (Version: - ) Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) SPORE? Galactic Adventures (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts) Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated) Tarrasch Chess GUI V2.02br (HKLM-x32\...\Tarrasch Chess GUI_is1) (Version: - Triple Happy Ltd.) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION) Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.10 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba) Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - W3i, LLC) Uninstall Helper (x32 Version: 2.0.1.0 - W3i, LLC) Hidden UnionPay Security Control for non-IE 3.0.0.2 (HKLM-x32\...\UnionPay Security Control for non-IE) (Version: 1.0.0.7 - China UnionPay) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinRAR 5.21 (64-位) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) 搜狗拼音输入法 7.7正式版 (HKLM-x32\...\Sogou Input) (Version: 7.7.0.7006 - Sogou.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Users\Kevin\AppData\Local\SogouExplorer\SogouExplorer.exe => No File CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{6C4CC00E-8905-40FF-AC0E-1E5FDC08F7CE}\InprocServer32 -> C:\windows\system32\PPTVCloudDriver.dll => No File CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{C943B184-9DC9-44DE-82B3-1C68024DA39B}\InprocServer32 -> C:\windows\system32\PPTVCloudDriver.dll => No File CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-828631773-361076270-84588037-1000_Classes\CLSID\{FBEF9AF3-3978-49E3-9DD4-F5361E84ED14}\InprocServer32 -> C:\windows\system32\PPTVCloudDriver.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01ABB012-CC48-46EE-9183-E7118D25F5F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {0E7A6C19-B205-41B4-9406-1C31EA873660} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software) Task: {132F848D-36AD-44D4-AA7E-9B21A9257D01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {20D015A9-0060-4C50-9484-303E0DCCAC19} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {3A62FD44-447C-4353-9462-23E8FEE4975E} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation) Task: {44F7C46A-0666-4230-8E63-67E0B164FED4} - System32\Tasks\{31A76FCB-FC28-43B2-9A4F-9F28E4310CF2} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-07-13] (Skype Technologies S.A.) Task: {52807F21-90D5-4BA5-BDFF-BF0A89DBD290} - System32\Tasks\SafeZone scheduled Autoupdate 1458685122 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software) Task: {5C71F440-F8DC-49A9-8E60-813DCFBC70F1} - System32\Tasks\{57C8DB54-7BDF-4410-B89F-FD395D9A7BA4} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Compaq S200 Scanner\S200Scan.exe" Task: {64B30927-95EE-4B49-A46A-CD7ACB155EF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7020880B-E8E9-4752-AC89-13428DEA84DA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-26] (AVAST Software) Task: {891CC530-3CFA-419E-894D-088337EF77A4} - System32\Tasks\{DDF73BAC-F0C1-430A-946F-DABFEE9EECB9} => C:\Program Files (x86)\Compaq S200 Scanner\S200Scan.exe Task: {929ECD86-FF04-471F-AC11-8A4C1F8E8CC5} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation) Task: {9C88D715-AC05-4358-AEFB-57E958962B1D} - System32\Tasks\{D2D9AEAA-8F0E-4B35-AA64-E2B5B92E522E} => pcalua.exe -a D:\SETUP.EXE -d D:\ Task: {A51BFDDC-ADA5-4FD6-A491-D8ED71A031AD} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation) Task: {A734DAAE-9182-4F30-A7B7-A786D4D7A3E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {B1609576-D898-4E6B-AC4A-DA8AE477A2C3} - System32\Tasks\{4E7CF90B-BCC7-4346-8C01-0AD54A0E7B9C} => pcalua.exe -a C:\Users\Kevin\Downloads\epson14070.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {E4FE32B9-352E-4AF9-8BA4-189348B37668} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {EC00D119-44BB-40C2-B355-052BF88D5D2A} - System32\Tasks\{63BDA9DA-418E-47B1-B9F5-F31DFB4EB4C8} => pcalua.exe -a C:\Users\Kevin\Downloads\SophosHomeUse04162014.exe -d C:\Users\Kevin\Downloads Task: {F69B5E02-652C-45CD-84C4-3359DE5F8743} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-828631773-361076270-84588037-1000Core => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-828631773-361076270-84588037-1000Core.job => C:\Users\Kevin\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com ShortcutWithArgument: C:\Users\Kevin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-05-31 18:10 - 2016-05-31 18:10 - 00024496 _____ () C:\Users\Kevin\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe 2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2016-08-04 14:02 - 2015-10-20 11:37 - 16165376 _____ () C:\Users\Kevin\AppData\Local\Temp\Rar$EXa0.588\UNITALE_Alpha_0.2.0a.exe 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-07-11 14:50 - 2016-06-06 18:58 - 00034768 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-07-11 14:49 - 2016-06-06 18:58 - 00134088 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-07-11 14:49 - 2016-06-06 18:59 - 00019408 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-07-11 14:49 - 2016-06-06 18:58 - 00116688 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2016-07-11 14:50 - 2016-06-06 18:58 - 00093640 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2016-07-11 14:50 - 2016-06-06 18:58 - 00018376 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\select.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00019760 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00105928 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-07-11 14:49 - 2016-06-06 18:58 - 00392144 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2016-07-11 14:50 - 2016-07-05 11:00 - 00381752 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2016-07-11 14:50 - 2016-06-06 18:58 - 00692688 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-07-11 14:49 - 2016-07-05 10:59 - 00020816 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2016-07-11 14:50 - 2016-06-06 18:59 - 00123856 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-07-11 14:49 - 2016-07-05 10:59 - 01682760 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-07-11 14:49 - 2016-07-05 10:59 - 00020808 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00021840 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00052024 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00038696 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-07-11 14:49 - 2016-06-06 19:00 - 00020936 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00024528 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32event.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00114640 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32security.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00124880 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00021832 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00024016 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00175560 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32gui.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00030160 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00043472 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32process.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00048592 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00023872 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00026456 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00057808 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00024016 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-07-11 14:49 - 2016-07-05 10:59 - 00246592 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00028616 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00020800 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00019776 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00020800 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-07-11 14:50 - 2016-06-06 18:58 - 00134608 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-07-11 14:49 - 2016-06-06 18:59 - 00240584 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-07-11 14:49 - 2016-07-05 10:59 - 00020280 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00023376 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00350152 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00022352 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00024392 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-07-11 14:49 - 2016-06-06 19:01 - 00036296 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\librsync.dll 2016-07-11 14:49 - 2016-07-05 11:00 - 00084280 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-07-11 14:49 - 2016-07-05 11:00 - 01826096 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2016-07-11 14:50 - 2016-06-06 18:59 - 00083912 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\sip.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 03928880 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 01971504 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00531248 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00132912 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00223544 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00207672 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-07-11 14:50 - 2016-06-06 19:00 - 00060880 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-07-11 14:50 - 2016-07-05 11:00 - 00024904 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00546096 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-07-11 14:49 - 2016-07-05 11:00 - 00357680 _____ () C:\Users\Kevin\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2016-04-29 08:55 - 2016-04-29 08:55 - 01028608 _____ () C:\Users\Kevin\AppData\Local\Facebook\Games\CefSharp.Core.dll 2016-04-29 08:55 - 2016-04-29 08:55 - 56718848 _____ () C:\Users\Kevin\AppData\Local\Facebook\Games\libcef.dll 2013-12-18 22:56 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2013-07-17 02:59 - 2013-07-17 02:59 - 00022016 _____ () C:\Program Files (x86)\HBBOC\BOC0409.hbl 2015-12-21 10:27 - 2015-12-21 10:29 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-02-26 17:48 - 2016-02-26 17:48 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-02-26 17:48 - 2016-02-26 17:48 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-04-14 15:38 - 2016-04-14 15:38 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-04-29 08:55 - 2016-04-29 08:55 - 00688640 _____ () C:\Users\Kevin\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll 2016-04-29 08:55 - 2016-04-29 08:55 - 02127872 _____ () C:\Users\Kevin\AppData\Local\Facebook\Games\libglesv2.dll 2016-04-29 08:55 - 2016-04-29 08:55 - 00075776 _____ () C:\Users\Kevin\AppData\Local\Facebook\Games\libegl.dll 2016-06-28 18:19 - 2016-06-15 02:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-28 18:19 - 2016-06-15 02:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-07-12 16:18 - 2016-07-06 18:01 - 17602240 _____ () C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [80] AlternateDataStreams: C:\ProgramData\TEMP:DCADFB80 [90] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\95516.com -> hxxps://95516.com IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\95516.net -> hxxps://95516.net IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\bankofchina.com -> hxxp://www.bankofchina.com IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\boc.cn -> hxxp://*.boc.cn IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\boc.cn -> hxxps://*.boc.cn IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\ccb.cn -> hxxps://b2b.ccb.cn IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\ccb.com -> hxxp://*.ccb.com IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\ccb.com.cn -> hxxps://ca2.ccb.com.cn IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\cfca.com.cn -> hxxp://www.cfca.com.cn IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\cfca.com.cn -> hxxps://www.cfca.com.cn IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\com -> hxxps://*.ccb.com IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\com.cn -> hxxps://*.ccb.com.cn IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\unionpay.com -> hxxps://unionpay.com IE trusted site: HKU\S-1-5-21-828631773-361076270-84588037-1000\...\unionpaysecure.com -> hxxps://unionpaysecure.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2016-05-16 15:43 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-828631773-361076270-84588037-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 114.114.114.114 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: EPLTarget => ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{889D5EBC-8D55-422C-876C-5704ECE727F8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C3DB3ED7-2738-4180-98F8-89E72099F45A}] => (Allow) LPort=2869 FirewallRules: [{6ACAD163-F837-4026-AD3A-0B7AD936D809}] => (Allow) LPort=1900 FirewallRules: [{10BC266B-CCEC-436D-A14D-E090B9A27D1F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{86ACFD25-9D0F-41A6-B652-4B5279150EB9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [TCP Query User{CA7F325C-CE3D-4998-87CE-8CCF705C5ADF}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{D68574B0-DBB2-4E80-9BB9-5A971668BFB9}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{6AFC0BC5-F8D2-49E8-8347-6DB2B6622C5A}C:\program files (x86)\搜狐影音\sohuva.exe] => (Allow) C:\program files (x86)\搜狐影音\sohuva.exe FirewallRules: [UDP Query User{1FF13EC7-7FEA-43C4-B09A-76D5953D5592}C:\program files (x86)\搜狐影音\sohuva.exe] => (Allow) C:\program files (x86)\搜狐影音\sohuva.exe FirewallRules: [TCP Query User{6009B47F-395B-41A5-A942-880370B89139}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{79009B01-A2E4-4B44-8266-4196DA5FDB31}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{CEA091C8-A850-42C5-B3A8-58E849CC9E73}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{71CE385C-401D-445E-B28D-3C75F2996507}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{5BB1ED69-7AB5-412A-804A-E5C6E673A7CC}] => (Allow) LPort=50000 FirewallRules: [{4250D858-3B26-4F29-95FF-C576AEF37CCB}] => (Allow) LPort=50001 FirewallRules: [{902E0F35-9E69-469F-811A-ABA610CC1F62}] => (Allow) LPort=6001 FirewallRules: [TCP Query User{7C45EC52-A908-44FD-BD93-11BED5131B49}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Allow) C:\program files (x86)\common files\pplivenetwork\ppap.exe FirewallRules: [TCP Query User{0BDCA43D-C3F7-4D52-B244-5D20E5540537}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe FirewallRules: [UDP Query User{6EAB1E47-5911-4094-A29F-3D03F29398CF}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe FirewallRules: [{E2ADAB5D-C039-47A0-A1FF-C03572DB2BE8}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe FirewallRules: [{6158DA79-05EC-434D-B5FE-190106CA3652}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe FirewallRules: [TCP Query User{0BC3E347-A95C-475D-834A-2590FAD3A1B9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{2DD6F4D7-32CC-494C-9218-8630E65751B9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{BC76B220-1652-4C8F-960C-E05C68F83B40}C:\program files (x86)\pplive\pptv\pplive.exe] => (Block) C:\program files (x86)\pplive\pptv\pplive.exe FirewallRules: [UDP Query User{60DCC62A-E286-44C3-9A1B-EE8ADC0A5562}C:\program files (x86)\pplive\pptv\pplive.exe] => (Block) C:\program files (x86)\pplive\pptv\pplive.exe FirewallRules: [TCP Query User{C30A54DF-8098-4872-8424-4D52F75D9536}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe FirewallRules: [UDP Query User{B7C77804-7A44-4227-8B86-5C22A67C8BFF}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Block) C:\program files (x86)\common files\pplivenetwork\ppap.exe FirewallRules: [TCP Query User{5078252F-44A3-4095-8E1B-C7290D05E1F1}C:\program files (x86)\sinaweiqi\sina.exe] => (Allow) C:\program files (x86)\sinaweiqi\sina.exe FirewallRules: [UDP Query User{B9DF8729-DCED-4BFA-9B96-7F37D591BA4D}C:\program files (x86)\sinaweiqi\sina.exe] => (Allow) C:\program files (x86)\sinaweiqi\sina.exe FirewallRules: [{791AEBD8-0ECC-4BEC-95BD-2924876874BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B421730D-E0C2-48EA-BD4C-555785068176}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2FD942C4-39CA-4D03-836B-34C3CB4E732F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{778C030C-84C3-4457-B74E-7848C5F0C930}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FCAEDB35-7C0C-467C-B71B-5D0677C39A0E}] => (Allow) C:\Program Files (x86)\SogouWallPaper\2.4.3.2313\SGUpdater.exe FirewallRules: [{903AFC99-CF7E-453D-BC5D-5CBDAF422EB8}] => (Allow) C:\Program Files (x86)\SogouWallPaper\2.4.3.2313\SGUpdater.exe FirewallRules: [{EDA46800-42BC-446F-9AE9-1610A07BC9CF}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGUpdater.exe FirewallRules: [{BAB1B87E-D797-45C3-9354-311EFFD5D298}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGUpdater.exe FirewallRules: [{EAEEB92E-F048-441A-853E-4BEF89FC31DF}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGWallPaper.exe FirewallRules: [{ED9EC94A-F6E3-4F9E-9AE9-961F3D1014DF}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGWallPaper.exe FirewallRules: [{AC03C650-B38A-4895-A890-53C9E9310DAB}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGWPThemeMall.exe FirewallRules: [{E3DAE006-A0E6-47D7-858A-33822047F4F7}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGWPThemeMall.exe FirewallRules: [{0EB98BAD-B539-4FF6-8E90-7AAA94B74E2A}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGWallPaperDT64.exe FirewallRules: [{A3EA3D11-96C8-4A9B-8830-12DD49F5107A}] => (Allow) C:\Users\Kevin\AppData\Roaming\SogouWallPaper\2.5.0.2336\SGWallPaperDT64.exe FirewallRules: [{A89093E0-F710-4436-A689-ABD12DB28057}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{2B2F2BDD-50A2-453A-87ED-31A31A6AF238}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.6.0120\PluginInstaller.exe FirewallRules: [{40CF7448-94D2-40C1-A73D-982EB41F60F7}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.6.0120\PluginInstaller.exe FirewallRules: [{87461081-7EA2-4A0E-9FFD-51C4C517A553}] => (Allow) C:\Windows\System32\PPTVLauncher.exe FirewallRules: [TCP Query User{69E52BF1-0582-499C-8AEE-63B4C8035989}C:\program files (x86)\搜狐影音\shplayer.exe] => (Allow) C:\program files (x86)\搜狐影音\shplayer.exe FirewallRules: [UDP Query User{1B703DA2-5C96-44CF-96D8-A4BC6D151162}C:\program files (x86)\搜狐影音\shplayer.exe] => (Allow) C:\program files (x86)\搜狐影音\shplayer.exe FirewallRules: [{4007AC9F-51D7-4430-8E73-17F9926E97B9}] => (Allow) C:\Users\Kevin\AppData\Local\SogouExplorer\SogouExplorer.exe FirewallRules: [{BFFF4BB8-DD5A-401A-B5A0-42E3089A0400}] => (Allow) C:\Users\Kevin\AppData\Local\SogouExplorer\SogouExplorer.exe FirewallRules: [{080A5CB8-2734-4F45-959A-909384EAEEDD}] => (Allow) C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{FAF7A8E4-C882-482F-AEFE-131D39DBF41E}] => (Allow) C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{E632DE78-0EC8-4D3F-913B-672F27C2FCF8}] => (Allow) C:\Users\Kevin\AppData\Local\SogouExplorer\5.2.5.17046\SGRepairTool.exe FirewallRules: [{8601083A-21AA-4698-A0D6-56995E74B82C}] => (Allow) C:\Users\Kevin\AppData\Local\SogouExplorer\5.2.5.17046\SGRepairTool.exe FirewallRules: [TCP Query User{12665823-8152-4664-93E0-3098DD2D424E}C:\users\kevin\downloads\ogar-windows-9bec584.exe] => (Block) C:\users\kevin\downloads\ogar-windows-9bec584.exe FirewallRules: [UDP Query User{16D2873A-10B8-4C19-9BD8-50169A48B08E}C:\users\kevin\downloads\ogar-windows-9bec584.exe] => (Block) C:\users\kevin\downloads\ogar-windows-9bec584.exe FirewallRules: [{2586E8B8-5330-420F-8FC3-F70F99C719D7}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.6.2.0073\PluginInstaller.exe FirewallRules: [{63557068-6203-4CF1-A96D-9D0FCEC33E68}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.6.2.0073\PluginInstaller.exe FirewallRules: [{CE6E4042-B63A-4109-BFB7-31D98CC87B6C}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGTool.exe FirewallRules: [{B1DDA27D-C042-4152-A8D1-79DF38A79917}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGTool.exe FirewallRules: [{1753F92C-01F9-485F-82F0-B0EFB4FB0CAE}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGTool.exe FirewallRules: [{801523DB-63E2-46B2-9B44-E1CE6A1F2EA8}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGTool.exe FirewallRules: [{291434C5-0FB3-4538-9D11-BD2599F7E3DB}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGTool.exe FirewallRules: [{B620291B-3511-463D-A91C-10AD0F405625}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGTool.exe FirewallRules: [{0FDE50F9-5F95-4854-8663-EDEAF00B6E15}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\PinyinUp.exe FirewallRules: [{211C5182-2761-4436-92C7-1F3B3ACEB707}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\PinyinUp.exe FirewallRules: [{AA634808-61E2-43D1-BC0E-06115ED4A510}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\PinyinUp.exe FirewallRules: [{79AA385D-1FB7-4FC8-B86D-788B53378DC7}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\PinyinUp.exe FirewallRules: [{D1D2A0F2-0D1A-4AB5-945C-3101921FF214}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\PinyinUp.exe FirewallRules: [{8812D8E1-4D9C-45B8-8399-75040025DBBD}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\PinyinUp.exe FirewallRules: [{FC769BBD-5092-4B75-9170-FE1577BC4192}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGDownload.exe FirewallRules: [{F19EC862-D235-4522-A234-3337D2E8FC95}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGDownload.exe FirewallRules: [{C2F1861A-2DE1-40F4-AEC0-4165330F39EE}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGDownload.exe FirewallRules: [{395EAF2F-167F-45C4-815A-60B7B81E37F2}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGDownload.exe FirewallRules: [{F05E34AA-B4B5-4375-923F-00A8C5A406E9}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGDownload.exe FirewallRules: [{4AB4E49D-0255-4A63-9189-CBE2C44559FA}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGDownload.exe FirewallRules: [{97C9DF71-38E1-412A-992F-D4EAB5C3A74E}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe FirewallRules: [{C9563173-918B-478F-AC97-17E331D7A496}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe FirewallRules: [{2EF525EF-7782-467C-89E9-2016F195B8A6}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe FirewallRules: [{357E9662-D794-4643-9FCA-FA88C54B7357}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe FirewallRules: [{D7498BA5-D275-4986-B0C1-A5DE9E0D5740}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe FirewallRules: [{CE9EE5EE-E802-470E-9CE0-F2DBDFF7D178}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SogouCloud.exe FirewallRules: [{81D80867-60EA-4EC0-B4B4-1EACEBC85253}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe FirewallRules: [{0955BD22-9FAA-47B1-B750-852AF76C2064}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe FirewallRules: [{27E4A712-E979-48AA-8FA9-62EEE58FCCB6}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe FirewallRules: [{C821E8D3-1D5B-4F28-B941-9AD724950DA8}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe FirewallRules: [{938CBDB9-BAFD-4FAD-93B6-0FDCD1A839CD}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe FirewallRules: [{F7B407E1-0572-4B76-80D1-5186E8846815}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe FirewallRules: [{FE075822-7129-4CD0-B5C4-D7ED1A80C662}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\userNetSchedule.exe FirewallRules: [{43E7F879-5E7D-44BF-9411-FD2A3B852A9B}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\userNetSchedule.exe FirewallRules: [{F8DF2843-FC0D-470B-95F4-9FAC0341DDF9}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\userNetSchedule.exe FirewallRules: [{3B4E8081-4F50-4FB8-AE4E-A8AA3F3375D1}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\userNetSchedule.exe FirewallRules: [{00B457CD-9931-4919-850E-E96B4CA3F6BD}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\userNetSchedule.exe FirewallRules: [{E66B4813-A979-408E-B540-7E0F0408EFF3}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\userNetSchedule.exe FirewallRules: [{340F9A60-7ADE-4269-9FAA-8684654947A7}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGMedalLoader.exe FirewallRules: [{3BAAC0B8-238E-4E00-81DA-0CD59FAB5080}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGMedalLoader.exe FirewallRules: [{7D5CE83F-3399-4E8E-9F51-F3D4613A4955}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGMedalLoader.exe FirewallRules: [{B69802EA-1FFD-4ECF-BB92-2F328EA59DE0}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGMedalLoader.exe FirewallRules: [{F0349568-2028-437A-8046-45787105E69B}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGMedalLoader.exe FirewallRules: [{203B04F1-5A7C-4D0C-B7A3-583B1E82076E}] => (Allow) C:\Program Files (x86)\SogouInput\7.7.0.7006\SGMedalLoader.exe FirewallRules: [{D9204469-D9D8-4C4D-93CF-C063FEDC3C8A}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe FirewallRules: [{F37ADAE1-B6FA-4C8B-B4AF-B04D3F2054A8}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe FirewallRules: [{0032D482-D3CC-4B19-A7DF-C55E1A1D4F6A}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe FirewallRules: [{3D136F69-6693-41A1-B41E-BC28148D4DCC}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe FirewallRules: [{02A32383-42D1-4B31-B35E-7A39F3AC8607}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe FirewallRules: [{66F07F40-0DCC-4D36-BBA8-C4BF650D6E79}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe FirewallRules: [{4C91C939-3E9A-4A37-9056-C9014E9056C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{537163C5-5BFD-4945-82BB-72707B5C10BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1340CFB7-8248-485A-987F-CA12794C4EF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{86AB26D1-1AED-4E4D-ADD0-D80A49B77D66}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{AAF711F6-E389-40B9-A650-712408511A71}C:\users\kevin\desktop\eric\pictures\ogar-windows-9bec584.exe] => (Allow) C:\users\kevin\desktop\eric\pictures\ogar-windows-9bec584.exe FirewallRules: [UDP Query User{09276D7E-3348-41F1-9D71-53351E53261C}C:\users\kevin\desktop\eric\pictures\ogar-windows-9bec584.exe] => (Allow) C:\users\kevin\desktop\eric\pictures\ogar-windows-9bec584.exe FirewallRules: [TCP Query User{A4796E1B-E2BA-416F-9CB8-719A5BB578C4}C:\users\kevin\appdata\local\temp\rar$exa0.380\agar.io private server\agar.io private server app (keep this).exe] => (Allow) C:\users\kevin\appdata\local\temp\rar$exa0.380\agar.io private server\agar.io private server app (keep this).exe FirewallRules: [UDP Query User{540077D9-5097-4BC5-B5CA-1E2BFDEE41D3}C:\users\kevin\appdata\local\temp\rar$exa0.380\agar.io private server\agar.io private server app (keep this).exe] => (Allow) C:\users\kevin\appdata\local\temp\rar$exa0.380\agar.io private server\agar.io private server app (keep this).exe FirewallRules: [TCP Query User{98C7D489-DCE4-4ECE-A896-E3E032D3F4DB}C:\users\kevin\appdata\local\temp\rar$exa0.675\agar.io private server\agar.io private server app (keep this).exe] => (Allow) C:\users\kevin\appdata\local\temp\rar$exa0.675\agar.io private server\agar.io private server app (keep this).exe FirewallRules: [UDP Query User{2EF8477E-301E-4F7B-9C18-929639608900}C:\users\kevin\appdata\local\temp\rar$exa0.675\agar.io private server\agar.io private server app (keep this).exe] => (Allow) C:\users\kevin\appdata\local\temp\rar$exa0.675\agar.io private server\agar.io private server app (keep this).exe FirewallRules: [TCP Query User{7D7AF008-7010-4CE2-9E8E-40118055E933}C:\users\kevin\appdata\local\temp\rar$exa0.094\agar.io private server\agar.io private server app (keep this).exe] => (Allow) C:\users\kevin\appdata\local\temp\rar$exa0.094\agar.io private server\agar.io private server app (keep this).exe FirewallRules: [UDP Query User{68FCD76B-CB03-4502-8CF7-E43F46267002}C:\users\kevin\appdata\local\temp\rar$exa0.094\agar.io private server\agar.io private server app (keep this).exe] => (Allow) C:\users\kevin\appdata\local\temp\rar$exa0.094\agar.io private server\agar.io private server app (keep this).exe FirewallRules: [{FD6D8595-7B37-43EF-9050-449A089006A7}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe FirewallRules: [{BC94785E-7D05-41ED-AAB3-51A4E36784B0}] => (Allow) C:\Program Files (x86)\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe FirewallRules: [TCP Query User{B88C8F89-AED4-477C-ADD9-AC1A6D1AB77C}C:\users\kevin\desktop\eric\games\ogar-windows-9bec584.exe] => (Block) C:\users\kevin\desktop\eric\games\ogar-windows-9bec584.exe FirewallRules: [UDP Query User{33927620-8A99-424A-B94D-225AC9FE0C0C}C:\users\kevin\desktop\eric\games\ogar-windows-9bec584.exe] => (Block) C:\users\kevin\desktop\eric\games\ogar-windows-9bec584.exe FirewallRules: [{2126E308-DF54-4EAD-BDFB-1E667D98A58C}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.6.7.0045\crashreporter.exe FirewallRules: [{6AA7A9B1-6290-4B0B-9C0A-CB4FEB7FFE14}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.6.7.0045\crashreporter.exe FirewallRules: [{4BFECD45-9028-4BA4-8D82-9B916D958CD4}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.6.7.0045\PluginInstaller.exe FirewallRules: [{D834FAC6-6367-4DFD-8CB2-9BD0DBADDB3B}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.6.7.0045\PluginInstaller.exe FirewallRules: [TCP Query User{B3F73AB9-5118-47C1-B232-7A40C1139A7E}C:\users\kevin\desktop\eric\ogar-windows-9bec584.exe] => (Allow) C:\users\kevin\desktop\eric\ogar-windows-9bec584.exe FirewallRules: [UDP Query User{1E36B447-B82C-4D1E-963C-D6FCD6D5B156}C:\users\kevin\desktop\eric\ogar-windows-9bec584.exe] => (Allow) C:\users\kevin\desktop\eric\ogar-windows-9bec584.exe FirewallRules: [{2AF241D8-D8E1-4A8B-9FBB-562D34F7CE4F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{84B42515-0E20-424A-B3B8-5AE79918F569}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{998F231A-56F4-4444-B207-20AE596A6BDC}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{CDC9AA83-9935-4624-A430-B2CF12F5475C}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{639CF4B7-3D80-4EC0-A5B6-FCBF3AC093EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{973BEFD4-F5F6-4830-95FE-A9253B0F00BE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe ==================== Restore Points ========================= 14-07-2016 13:57:02 Windows Update 17-07-2016 16:23:07 Installed Node.js 22-07-2016 11:35:55 Windows Update 29-07-2016 10:41:31 Windows Update 01-08-2016 10:37:01 JRT Pre-Junkware Removal 01-08-2016 14:28:31 Installed Sophos Virus Removal Tool. ==================== Faulty Device Manager Devices ============= Name: ProtectorA Description: ProtectorA Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ProtectorA Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2016 11:34:09 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/04/2016 12:56:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16177007 Error: (08/04/2016 12:56:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16177007 Error: (08/04/2016 12:56:00 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/04/2016 12:55:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16175946 Error: (08/04/2016 12:55:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16175946 Error: (08/04/2016 12:55:58 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/03/2016 08:26:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 18002 Error: (08/03/2016 08:26:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 18002 Error: (08/03/2016 08:26:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (08/04/2016 11:50:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avast Antivirus service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program. Error: (08/04/2016 11:47:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avast Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (08/04/2016 11:39:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (08/04/2016 11:35:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (08/04/2016 11:33:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: LongRADrv Error: (08/04/2016 11:33:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TQCal1423342443653Service service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (08/04/2016 11:33:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TQCal1423269752733Service service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (08/04/2016 11:33:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TQCal1423098806729Service service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (08/04/2016 11:33:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The TQCal1422855048546Service service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (08/04/2016 12:59:22 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz Percentage of memory in use: 77% Total physical RAM: 3963.97 MB Available physical RAM: 895.92 MB Total Virtual: 7926.14 MB Available Virtual: 3487.88 MB ==================== Drives ================================ Drive c: (TI106140W0C) (Fixed) (Total:285.45 GB) (Free:62.63 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5A9912A7) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=11.2 GB) - (Type=17) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2016 Root Admin ID:1054647 Share Posted August 5, 2016 Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Link to post Share on other sites More sharing options...
100ec Posted August 7, 2016 Author ID:1055009 Share Posted August 7, 2016 I think it failed... all it did was log me out of every website and clear the data on my Chrome extensions... Fix result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016 Ran by Kevin (2016-08-07 12:51:45) Run:1 Running from C:\Users\Kevin\Downloads Loaded Profiles: Kevin (Available Profiles: Kevin) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: RemoveProxy: AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [80] AlternateDataStreams: C:\ProgramData\TEMP:DCADFB80 [90] EmptyTemp: Reboot: ***************** Processes closed successfully. Restore point was successfully created. ========= RemoveProxy: ========= "HKU\S-1-5-21-828631773-361076270-84588037-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-828631773-361076270-84588037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-828631773-361076270-84588037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. C:\ProgramData\TEMP => ":DCADFB80" ADS removed successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26012260 B Java, Flash, Steam htmlcache => 5132 B Windows/system/drivers => 30704617 B Edge => 0 B Chrome => 487791452 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 1164625 B systemprofile32 => 16764386 B LocalService => 132244 B NetworkService => 2550860 B Kevin => 452510821 B RecycleBin => 0 B EmptyTemp: => 978.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:56:58 ==== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 7, 2016 Root Admin ID:1055014 Share Posted August 7, 2016 The logs show it did what I asked it to do. Please run the following. Please Run TFC by OldTimer to clear temporary files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Next, Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below, please see the following:MBAM Clean Removal Process 2x When reinstalling the program, please try the latest version. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Then run the following. Internet ExplorerHow to reset Internet Explorer settings Then restart the computer and let me know how it's running. Link to post Share on other sites More sharing options...
100ec Posted August 9, 2016 Author ID:1055464 Share Posted August 9, 2016 Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/9/2016 Scan Time: 2:28 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.09.12 Rootkit Database: v2016.08.09.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kevin Scan Type: Threat Scan Result: Completed Objects Scanned: 337220 Time Elapsed: 1 hr, 6 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Recommended Posts