TechSpot

Assistance for PC Cleanup please

By cederhigh
Sep 7, 2016
  1. Hello, I have been using your help before and am very grateful for your time. My Laptop is running a bit slow and I assume there might be some dirty things responsible for it.

    greetings,
    Tom

    Here are the logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
    Ran by pantahsharam (administrator) on PANTAHSHARAM-HP (07-09-2016 14:21:50)
    Running from C:\Users\pantahsharam\Desktop
    Loaded Profiles: pantahsharam (Available Profiles: pantahsharam & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
    () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\Scan64.Exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-03] (Intel(R) Corporation)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-19] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-28] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-14] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-06] (McAfee, Inc.)
    HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2012-12-04] (McAfee, Inc.)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-01] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-05]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-01] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{1925E23C-52D8-473A-98A4-A71281337318}: [NameServer] 213.162.69.2 213.162.69.170
    Tcpip\..\Interfaces\{3C5C4C8E-0540-468D-85BD-E8E54443EB64}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{7670DE11-D589-4090-8321-62C6C7B141BC}: [NameServer] 213.162.69.2 213.162.69.170
    Tcpip\..\Interfaces\{E206ABF8-83E3-4929-97F3-74FD5A27A50A}: [NameServer] 213.162.69.2 213.162.69.170
    Tcpip\..\Interfaces\{EB428A1F-D96E-4117-BACA-BF354E5871E4}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: [NameServer] 208.67.222.222,208.67.220.220
    Tcpip\..\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: [DhcpNameServer] 10.0.0.138

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140130001518.dll [2014-01-30] (McAfee, Inc.)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-06] (HP)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140130001519.dll [2014-01-30] (McAfee, Inc.)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-06] (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)

    FireFox:
    ========
    FF ProfilePath: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default
    FF SelectedSearchEngine:
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-images.xml [2014-09-14]
    FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-maps.xml [2014-09-14]
    FF Extension: (WOT) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
    FF Extension: (selectivecookiedelete) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\selectivecookiedelete@siju.mathew [2016-05-18]
    FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-18]
    FF Extension: (anonymoX) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\client@anonymox.net.xpi [2015-09-30]
    FF Extension: (Firefox Hotfix) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-05]
    FF Extension: (IPFlood) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\ip****@p4ul.info.xpi [2016-05-17]
    FF Extension: (Adblock Plus) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-17]
    FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-09-07] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-14] [not signed]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
    S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
    R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
    S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2014-02-07] () [File not signed]
    R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-06] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2014-01-30] (McAfee, Inc.)
    R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2012-12-04] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2014-01-30] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-03] ()
    S4 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.) [File not signed]
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
    R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-12] (Mobile Stream)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.)
    R3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.)
    R3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [178840 2014-01-30] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [309400 2014-01-30] (McAfee, Inc.)
    U3 mfeavfk01; no ImagePath
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2014-01-30] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\system32\drivers\mferkdet.sys [106112 2014-01-30] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2014-01-30] (McAfee, Inc.)
    S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-07] ()
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-29] () [File not signed]
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    U3 adf77b4n; C:\Windows\System32\Drivers\adf77b4n.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
    U4 bdselfpr; no ImagePath
    S4 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
    S4 iwdbus; system32\DRIVERS\iwdbus.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-07 14:21 - 2016-09-07 14:21 - 00000000 ____D C:\QUARANTINE
    2016-09-07 14:16 - 2016-09-07 14:21 - 00000000 ____D C:\FRST
    2016-09-07 14:15 - 2016-09-07 14:15 - 02397696 _____ (Farbar) C:\Users\pantahsharam\Desktop\FRST64.exe
    2016-09-06 22:49 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-09-06 22:49 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-09-06 22:49 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-09-06 22:49 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-09-06 22:49 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-09-06 22:49 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-09-06 22:49 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-09-06 22:49 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-09-06 22:49 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-09-06 22:49 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-09-06 22:49 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-09-06 22:49 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-09-06 22:49 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-09-06 22:49 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-09-06 22:49 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-09-06 22:49 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-09-06 22:49 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-09-06 22:49 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-09-06 22:49 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-09-06 22:49 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-09-06 22:49 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-09-06 22:49 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-09-06 22:49 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-09-06 22:49 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-09-06 22:49 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-09-06 22:49 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-09-06 22:49 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-09-06 22:49 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-09-06 22:49 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-09-06 22:49 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-09-06 22:49 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-09-06 22:49 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-09-06 22:49 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-09-06 22:49 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-09-06 22:49 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-09-06 22:49 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-09-06 22:49 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-09-06 22:49 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-09-06 22:49 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-09-06 22:49 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-09-06 22:49 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-09-06 22:49 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-09-06 22:49 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-09-06 22:49 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-09-06 22:49 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-09-06 22:49 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-09-06 22:49 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-09-06 22:49 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-09-06 22:49 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-09-06 22:49 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-09-06 22:49 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-09-06 22:49 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-09-06 22:49 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-09-06 22:49 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-09-06 22:49 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-09-06 22:49 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-09-06 22:49 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-09-06 22:49 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-09-06 22:49 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-09-06 22:49 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-09-06 22:49 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-09-06 22:49 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-09-06 21:49 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-09-06 21:49 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-09-06 21:49 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-09-06 21:49 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-09-06 21:49 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-09-06 21:49 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-09-06 21:49 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-09-06 21:49 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-09-06 21:49 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-09-06 21:49 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-09-06 21:49 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-09-06 21:49 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-09-06 21:44 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-09-05 22:15 - 2016-09-06 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-09-05 21:58 - 2016-09-05 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-07 14:14 - 2013-05-29 02:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-09-07 13:37 - 2013-05-29 02:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-07 12:43 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-07 12:43 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-07 12:39 - 2011-12-28 18:27 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C744B26-60FB-48D2-87E2-AE69436145DA}
    2016-09-07 12:16 - 2013-05-29 02:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-07 12:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-09-07 12:14 - 2009-07-14 06:45 - 05114856 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-09-06 23:01 - 2013-08-05 09:02 - 00000000 ____D C:\Windows\system32\MRT
    2016-09-06 22:55 - 2012-01-21 07:37 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-09-06 22:51 - 2012-12-03 18:12 - 00000000 ____D C:\Users\pantahsharam\AppData\Roaming\vlc
    2016-09-06 21:28 - 2011-12-28 18:26 - 00000000 ____D C:\Users\pantahsharam\AppData\LocalLow\AuthenTec
    2016-09-06 16:36 - 2012-01-23 23:44 - 00000000 ____D C:\Users\pantahsharam\AppData\Local\CrashDumps
    2016-09-06 12:42 - 2012-05-05 07:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-09-05 21:58 - 2016-06-09 19:19 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-09-05 21:58 - 2015-09-04 11:37 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-09-05 21:55 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-09-05 21:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
    2016-08-21 18:28 - 2015-12-05 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2014-02-28 02:48 - 2015-12-19 02:03 - 0099384 _____ () C:\Users\pantahsharam\AppData\Roaming\inst.exe
    2014-02-28 02:48 - 2015-12-19 02:03 - 0007859 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat
    2014-02-28 02:48 - 2015-12-19 02:03 - 0001167 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf
    2014-02-28 02:48 - 2015-12-19 02:03 - 0000055 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.log
    2014-02-28 02:48 - 2015-12-19 02:03 - 0082816 _____ (VSO Software) C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys
    2014-02-25 06:23 - 2014-02-25 06:23 - 0000246 _____ () C:\Users\pantahsharam\AppData\Roaming\Recent.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0002242 _____ () C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt
    2011-12-28 07:34 - 2011-12-28 07:34 - 0001547 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0000663 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0001247 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt
    2013-03-05 07:13 - 2013-03-05 07:13 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\pantahsharam\AppData\Local\Temp\Uninst.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-06 17:06

    ==================== End of FRST.txt ============================
     
  2. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by pantahsharam (07-09-2016 14:23:37)
    Running from C:\Users\pantahsharam\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-28 16:25:55)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3255573426-2543451188-2402224606-500 - Administrator - Disabled)
    Guest (S-1-5-21-3255573426-2543451188-2402224606-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-3255573426-2543451188-2402224606-1004 - Limited - Enabled)
    pantahsharam (S-1-5-21-3255573426-2543451188-2402224606-1000 - Administrator - Enabled) => C:\Users\pantahsharam

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
    Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
    AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DidjImp (HKLM-x32\...\{BB80F384-B770-4D15-A420-DA1A6853A85B}) (Version: 0.5.0 - JesusFreke)
    doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
    EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
    EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
    EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
    Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{0D8B3696-E52D-4291-B833-9F6AEB1CC4AB}) (Version: 2.1.0 - Hewlett-Packard Company)
    HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}) (Version: 2.4.3 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
    HP SimplePass 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
    IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
    Intel PROSet Wireless (x32 Version: - ) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.06.123 - Huawei Technologies Co.,Ltd)
    Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Mega Codec Pack 3.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.9.0 - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
    McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.03000 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Music Creator LE 5.0.6 (HKLM-x32\...\Music Creator LE_is1) (Version: 17.0 - Cakewalk Music Software)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
    NowSmart Cut (HKLM-x32\...\NowSmart Cut) (Version: 1.2 - NowSmart)
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
    Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Search Protection (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\Search Protection) (Version: 8.5.0.1 - Spigot, Inc.) <==== ATTENTION
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
    SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
    SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
    Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.77 - NCH Software)
    Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
    VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
    Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.79.0 - Verizon)
    WinDirStat 1.1.2 (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\WinDirStat) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    Words of Dhamma (HKLM-x32\...\Words_of_Dhamma) (Version: - )
    Zoomquilt Screensaver (HKLM-x32\...\Zoomquilt Screensaver.scr) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {17EB695A-4DAC-41B5-99B4-2B7AC6990054} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {2914A811-3409-4660-A0ED-A63169E2436D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-22] (Hewlett-Packard Company)
    Task: {2B44E91C-B44A-4B5A-802B-D3A208DB7720} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
    Task: {4D7DD924-23DE-4B88-A807-FB0B3257CE4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
    Task: {6C96C7AD-41E2-42E6-8D43-B1474446A4F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {71E4D199-61A8-4A08-8872-C9EC4012149C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)
    Task: {7A58F646-E121-433B-951A-952ECCDE8805} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {8AF82163-C34D-4C69-A0EE-BF4EA497EAA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
    Task: {8C76AEB1-6694-494D-8C1A-EF039AE99464} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
    Task: {9174BB03-1929-405D-8466-C72F5F6C357C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)
    Task: {9B5F4A6D-7591-4DB5-95E5-B5155A5E5642} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
    Task: {9D33B6D0-AEFE-4FF8-ACEF-01AAC3F4BE6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {C02241B9-B7E9-48CB-900B-607B6866A7D4} - System32\Tasks\{534BBE50-E4CD-4D06-B33A-278EFEE2EECB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
    Task: {E5C3DB6E-494C-4AFD-ACE5-7BC55CFA5FE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {E6ED4F78-0B44-49D3-9ABC-BF8C1EA58529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2013-10-28 04:02 - 2013-10-28 04:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
    2015-12-14 19:47 - 2014-02-07 05:59 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    2012-03-18 01:18 - 2011-03-02 21:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2011-04-15 20:16 - 2011-04-15 20:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2015-12-14 19:40 - 2014-03-04 10:14 - 00088144 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    2015-12-14 20:11 - 2014-02-07 05:59 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
    2015-12-14 19:47 - 2014-02-07 05:59 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
    2015-12-14 19:47 - 2014-02-07 05:59 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
    2015-12-14 19:47 - 2014-03-04 07:54 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
    2015-12-14 19:47 - 2014-03-04 07:54 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
    2007-04-19 05:30 - 2007-04-19 05:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
    2007-04-19 05:30 - 2007-04-19 05:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
    2016-05-24 12:20 - 2016-05-24 12:20 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f91bd970f20123a46b575cf6e92bc441\IsdiInterop.ni.dll
    2011-11-17 00:37 - 2011-04-30 10:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-12-14 19:40 - 2014-03-05 16:47 - 00425984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\core.dll
    2015-12-14 19:40 - 2014-03-05 16:47 - 00275968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\sdk.dll
    2015-12-14 19:41 - 2014-02-07 05:59 - 00011362 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\mingwm10.dll
    2015-12-14 19:41 - 2014-02-07 05:59 - 00043008 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 02416640 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 09559040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtGui4.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00390656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Proxy.DLL
    2015-12-14 19:40 - 2014-03-05 16:44 - 00243712 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Common.dll
    2015-12-14 19:40 - 2014-03-05 16:44 - 00157696 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Trace.dll
    2015-12-14 19:40 - 2014-03-05 16:44 - 00546304 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\PluginContainer.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00260608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AtCodec.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00322560 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00237056 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00156160 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSDialup.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00190464 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XCodec.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00154624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DataServicePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00284672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00219136 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00142336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00339968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceAppPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00065536 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSPowerMgr.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00120192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Win7Support.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00167936 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ATR2SMgr.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 01088512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00708608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsAppPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00158720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00233984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialUpPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00102400 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSAdapt.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00200192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00131584 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSNDIS.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 01146880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISAPI.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00317952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:50 - 00560128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00304128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XFramePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:52 - 00831488 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MiniFramePlugin.dll
    2015-12-14 19:41 - 2014-02-10 08:37 - 15675904 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtWebKit4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 01148416 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtNetwork4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 03962368 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXmlPatterns4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 00306176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\phonon4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 00398336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXml4.dll
    2015-12-14 19:40 - 2014-03-05 16:49 - 00097280 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NotifyServicePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:52 - 00331776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:47 - 00419328 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialupUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00318976 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:52 - 00274944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MenuMgrPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:53 - 00412672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DiagnosisPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00117248 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LayoutPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00309760 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SettingUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:50 - 00502784 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSettingPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:53 - 00308736 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00100352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\CompressRatePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:53 - 00518656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:49 - 00841216 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SMSUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00110080 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ServiceUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00139776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\HelpUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00434688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:49 - 00808448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00082944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00081920 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00192000 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qjpeg4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00350720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qmng4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00370176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qtiff4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00712192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LiveUpdateInterface.dll
    2015-12-14 19:47 - 2014-03-04 07:54 - 09559040 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
    2015-12-14 20:11 - 2014-02-07 05:59 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
    2015-12-14 20:11 - 2014-02-07 05:59 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
     
  3. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2016-09-05 21:58 - 00000068 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 213.162.69.2 - 213.162.69.170
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: IHA_MessageCenter => 2
    MSCONFIG\Services: NAUpdate => 2
    MSCONFIG\Services: QBCFMonitorService => 2
    MSCONFIG\Services: QBFCService => 3
    MSCONFIG\Services: QBVSS => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: Facebook Update => "C:\Users\pantahsharam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: uTorrent => "C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: Viber => "C:\Users\pantahsharam\AppData\Local\Viber\Viber.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{535DEF20-967B-4CBC-BABB-A2D5B36F7659}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{11954BBB-9A3A-4691-BE4C-D945442D0F3E}] => (Allow) LPort=2869
    FirewallRules: [{7F4C500E-050C-4827-87F4-1A3820AE5B9B}] => (Allow) LPort=1900
    FirewallRules: [{24BFCB71-A0D2-4745-A1F4-54A067990CCD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{3BAD2048-FA8F-47C9-9FC8-D6B6AE76B6EB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{73A1D281-F742-4E18-B135-48AB589E0C49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{28C1B73D-04CF-4576-A8BF-60A6003529A2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [TCP Query User{6C6DCD9D-00D7-426E-9BC6-D18AA2DBE924}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{68C4C460-542C-4785-ABF0-4A1BC72E04CC}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{99601ED0-07B8-4084-A8E5-C8508C99EF3A}G:\techwizard.exe] => (Allow) G:\techwizard.exe
    FirewallRules: [UDP Query User{EF85F817-C314-4E16-9EB0-9E64B786F4E5}G:\techwizard.exe] => (Allow) G:\techwizard.exe
    FirewallRules: [{0FA71815-F6E0-42EA-A876-F4F7D52EF595}] => (Allow) LPort=50000
    FirewallRules: [TCP Query User{916BABC6-8034-4878-B795-CD85F5665E94}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [UDP Query User{B658BC1B-AA90-4C6F-8D7E-DD08E6E3861D}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [TCP Query User{593A0817-3C58-4BBD-B361-4E046113DB09}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{4104E552-16A0-4C2F-9281-90BF9A0728DC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [TCP Query User{78574185-550B-4F9C-A860-732C799B2036}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{9D66C94F-DAB9-4AEB-B5B9-9ACCDD2F5579}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{83A79043-78A5-4E56-9F03-0D240D2C6EE6}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [UDP Query User{1CDEC6E3-72C8-49F6-A43C-20A8FFC33A45}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [{3924264D-AD69-4ADB-B243-3333C4FA357E}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{84CF44A7-1E40-4496-A0D1-0163B4AF9FF6}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{58445CF4-3C08-444F-88E1-5C2C405A0536}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{29610B48-BAD4-4617-8378-00E06C7CC2E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{E74920FF-B27E-4346-A994-DC653DD158E5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{9E07CA32-6550-4F8F-8259-1267522CA233}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{F0514ED8-BD2A-4818-A79E-E35DE7949D4E}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{6CA9A441-1FD9-4FA9-9939-EB246EAA3704}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{D9DD1928-A10E-47A1-9399-C9920ECCC805}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{C479B4E4-9BA6-463B-B67B-AF0B84A1C833}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{30DB3936-93C9-4BF0-83B3-DEC0B1BC697E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{9A02EEDF-E1D3-4D7F-8B51-681AB1075DA5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{FA8A9F26-A6F0-424C-9BAA-7DBD08D2DF12}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{039BFBD6-C911-4A59-9676-434D7F2F46AC}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{22AD8305-286E-4E68-A6C1-79FF9070FE8D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{0DA12083-73B1-490E-9B4A-9ABEF7A1DDC7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{3B94BECC-F0D8-429E-B038-C93C66567D3F}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DB88D875-CE11-4099-8442-F43D3633D157}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{7BFEA746-E17F-4668-ADB3-E3D4EF3A1109}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{1E30D33A-2675-4589-88CD-5CDE358154FE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [{70227428-859C-4844-819E-0CC521DCA13F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [TCP Query User{82825B69-BEA8-4106-8D0D-F04F57DBB3CA}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [UDP Query User{0016BA01-0B6D-4D17-865C-5043C8DF24B9}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [TCP Query User{9240AD9E-9E1E-45A0-BCA7-DD742D69D92C}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [UDP Query User{DB255704-E3E8-47A7-A14E-343570C8581F}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [TCP Query User{A2516549-1AE6-4D71-BA84-D40CABB3C327}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{7D365DD6-6951-4353-875C-E425CA3CF0B4}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [{B1D8E745-BF1A-443E-9BD1-BC1ABE3B3C11}] => (Allow) LPort=50001
    FirewallRules: [{6726D298-C5FE-44B0-8E42-00F2694AE42E}] => (Allow) LPort=50001
    FirewallRules: [{1332FD5B-DACC-42E1-B04F-439F9692926E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{01D516F0-58DD-4CAD-9E05-EE3DD68D17B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{8EF2F46F-4D1F-4C0E-92DC-EE0C919EDA31}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{54F68F5E-6F72-4802-ACA2-AA751451FB66}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{ECB69B30-6A9C-48B9-B5E4-2F782999329D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{81AAE72F-1E77-4655-9175-67AAED8F1131}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B4D49ED8-22CB-4809-B47E-4E8D04D0D8DD}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{D0A9D3FE-D619-4C35-847D-D2C086BF81F5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{AA4F7797-A07A-43DD-9043-4C653F9D8DF8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{06CE6878-FAB9-4739-83B7-092129856B68}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{89A586C3-E625-40DC-8BC1-05759382B83A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServices.exe

    ==================== Restore Points =========================

    23-06-2016 09:14:41 Windows Update
    01-07-2016 23:10:21 Windows Update
    07-07-2016 19:30:12 Windows Update
    12-07-2016 00:50:45 Windows Update
    15-07-2016 01:21:18 Windows Update
    23-07-2016 20:00:25 Scheduled Checkpoint
    24-07-2016 19:03:28 Windows Update
    01-08-2016 10:11:52 Windows Update
    06-09-2016 17:13:23 Scheduled Checkpoint
    06-09-2016 21:34:31 Windows Update
    06-09-2016 22:52:30 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/07/2016 02:21:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 31.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1480

    Start Time: 01d20901add387a6

    Termination Time: 20

    Application Path: C:\Users\pantahsharam\Desktop\FRST64.exe

    Report Id: 596351f9-74f5-11e6-bbe2-101f74fef953

    Error: (09/07/2016 12:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x34c
    Faulting application start time: 0x01d208f08e0932a7
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: d9eea56a-74e3-11e6-bbe2-101f74fef953

    Error: (09/06/2016 04:36:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0xca8
    Faulting application start time: 0x01d2082af7336d56
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 533b5b62-743f-11e6-9a46-101f74fef953

    Error: (08/01/2016 10:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x1c28
    Faulting application start time: 0x01d1ebe8d3fbf62d
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: a3f2e763-5822-11e6-b5be-101f74fef953

    Error: (08/01/2016 11:42:26 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0xc8c
    Faulting application start time: 0x01d1ebca9f5fee81
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 40f9db8c-57cc-11e6-b5be-101f74fef953

    Error: (07/31/2016 05:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x1500
    Faulting application start time: 0x01d1eb3f9fcc7b3b
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: f3520c9c-5732-11e6-b5be-101f74fef953

    Error: (07/31/2016 03:34:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x17e4
    Faulting application start time: 0x01d1eb2e8ba97f5a
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 8525e054-5723-11e6-b5be-101f74fef953

    Error: (07/31/2016 11:08:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.1.7601.23418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 868

    Start Time: 01d1eb0aa1f3a68d

    Termination Time: 78

    Application Path: C:\Windows\Explorer.EXE

    Report Id: 3e5b74f7-56fe-11e6-b5be-101f74fef953

    Error: (07/30/2016 11:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x3b0
    Faulting application start time: 0x01d1ea5bc95c5061
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 6337f155-569e-11e6-bbc9-101f74fef953

    Error: (07/25/2016 10:20:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0xc04
    Faulting application start time: 0x01d1e64c9a00da3e
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: b5ed7691-5240-11e6-814a-101f74fef953


    System errors:
    =============
    Error: (09/07/2016 02:26:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 02:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:35:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:31:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:18:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:15:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Internet Manager. OUC service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Internet Manager. OUC service to connect.

    Error: (09/07/2016 12:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (09/06/2016 09:40:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2014-01-29 08:57:45.903
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-29 08:57:45.823
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
    Percentage of memory in use: 50%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 3007.3 MB
    Total Virtual: 12181.9 MB
    Available Virtual: 9227.27 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:571.05 GB) (Free:220.47 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (Recovery) (Fixed) (Total:20.96 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
    Drive I: (Internet Manager) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
    Drive l: () (Removable) (Total:1.89 GB) (Free:0.97 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 72185642)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=571.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

    ========================================================
    Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Uninstall following unwanted program:

    Search Protection

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ROGUE KILLER Report

    RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : pantahsharam [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 09/08/2016 12:40:19 (Duration : 00:42:02)

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} (C:\Program Files (x86)\Coupon Alerts\FrameworkBHO64.dll) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Iminent -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Bench -> Deleted
    [PUP] (X64) HKEY_USERS\.DEFAULT\Software\AskPartnerNetwork -> Deleted
    [PUP] (X86) HKEY_USERS\.DEFAULT\Software\AskPartnerNetwork -> Deleted
    [PUP] (X64) HKEY_USERS\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\OCS -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\OCS -> Deleted
    [PUP] (X64) HKEY_USERS\S-1-5-18\Software\AskPartnerNetwork -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-18\Software\AskPartnerNetwork -> Deleted
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E} | DhcpNameServer : 10.0.0.138 ([]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E} | DhcpNameServer : 10.0.0.138 ([]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E} | DhcpNameServer : 10.0.0.138 ([]) -> Replaced ()

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \SomotoUpdateCheckerAutoStart -- C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe (/auto) -> ERROR [1]

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK6476GSX +++++
    --- User ---
    [MBR] 0e6a7130843af732cbf514f7289610a5
    [BSP] 2e30d28c3e9506cef08621c24776334f : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 584757 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1197991936 | Size: 21459 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SDHC Card +++++
    --- User ---
    [MBR] 9316104665a782f81734208e2c0e3e52
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: HUAWEI TF CARD Storage USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  6. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ROGUE KILLER ChangeLog (from C:/Program Files/RogueKiller)

    =========================================================
    === ===
    === RogueKiller Changelog ===
    === ===
    =========================================================
    -------------------
    - Adlice Software -
    -------------------

    V12.6.1 09/06/2016
    =================
    - Fixed missing resources (leading to a crash)

    V12.6.0 09/05/2016
    =================
    - Added detections
    - Updated translations
    - Fixed a bug where patched files were not fixed on removal
    - Added warning when license is expired or about to expire
    - NEW! WMI Scanner

    V12.5.2 08/29/2016
    =================
    - Added detections
    - Updated translations

    V12.5.1 08/22/2016
    =================
    - Fixed a bug in Yara module

    V12.5.0 08/22/2016
    =================
    - Added detections
    - Added file exclusion for forged files
    - Fixed a bug where big files were detected as VT.Unknown
    - Updated scanner to use Yara 3.5: https://github.com/VirusTotal/yara/releases/tag/v3.5.0
    - Fixed (Yara 3.5): Processes scan doesn't use all memory/cpu
    - Improvements (Yara 3.5): Scan is faster

    V12.4.4 08/16/2016
    =================
    - Added detections
    - Updated translations

    V12.4.3 08/08/2016
    =================
    - Added detections

    V12.4.2 08/01/2016
    =================
    - Added detections

    V12.4.1 07/28/2016
    =================
    - Added detections
    - Shortcuts scanner now cleans them instead of removing

    V12.4.0 07/18/2016
    =================
    - Added detections
    - Added Feed fallback (no more blank thing when website is slow)
    - Added Shortcuts scanner
    - Added Tasks scanner (by name/path)
    - Updated translations
    - Moved IRP scan to expert mode
    - Fixed a bug where LNK pointed by tasks where not resolved
    - Added registry Classes scanner
    - (Premium) Added -noremove switch, to ignore detections

    V12.3.8 07/11/2016
    =================
    - Added detections
    - New feed version, with licensing filtering
    - Registry scanner enhancement: Now stops the service before removing a service key
    - Fixed a bug where Processes files were marked as missing
    - Fixed VT score display

    V12.3.7 07/04/2016
    =================
    - Added detections
    - Updated internal links
    - Updated translations

    V12.3.6 06/27/2016
    =================
    - Fixed a bug leading to app being quit when a message is closed while in tray.
    - Now displaying warnings on "Expert settings" turned on.

    V12.3.5 06/22/2016
    =================
    - Fixed all links, now using a file provider API.

    V12.3.4 06/20/2016
    =================
    - Added detections
    - Added folder children exclusion scanner rule
    - Signatures normlization
    - Fixed a bug leading to hosts file not being scanned

    V12.3.3 06/13/2016
    =================
    - Added detections
    - Updated translations
    - Fixed a bug where HTML reports were'nt readable on Chrome

    V12.3.2 06/06/2016
    =================
    - Added detections
    - Fixed possible crash on Intel files scan
    - Refactor of marketing page
    - Fixed a bug in VirusTotal upload leading to files not being sent for analysis
    - Minor UI improvments

    V12.3.1 05/30/2016
    =================
    - Added detections
    - Updated translations

    V12.3.0 05/22/2016
    =================
    - Added detections
    - NEW! (Premium) Themes
    - NEW! Clear theme
    - NEW! Naked theme
    - NEW! Dark theme
    - Modified stats payload
    - Update form: Now displays a warning when Updater is not present
    - Update form: Now opens direct link to setup for Premium user in case Updater not present

    V12.2.1 05/16/2016
    =================
    - Added detections
    - Fixed transfer progress reset
    - Updated translations
    - Fixed UI hangs bug in old GUI

    V12.2.0 05/10/2016
    =================
    - Added detections
    - Updated translations
    - Fixed a bug preventing from starting the scan on machines with 1 CPU
    - Added a Quit button (useful when you want to skip close to tray)
    - Fixed links in About tab
    - Fixed check for updates (was not showing outdated when update arrives after the program is started)

    V12.1.6 05/09/2016
    =================
    - Added detections
    - Updated translations
    - Improvement of path parsing module, added "cmd start x" method.

    V12.1.5 05/02/2016
    =================
    - Added detections
    - Update form now shows changelog
    - Fixed RKAdmin link in updater

    V12.1.4 04/25/2016
    =================
    - Added detections
    - Fixed forged files dump to VT
    - Now displays a warning when using wrong bits version
    - Now shows GeoIP results
    - Fixed an issue in updater where RogueKillerCMD wasn't recognized

    V12.1.3 04/18/2016
    =================
    - Added detections
    - Updated translations
    - Fixed default check state in installer
    - Fixed a bug that allowed check state modification of non-removable items
    - Updater now uses cloud link
    - Feed now uses cloud link
    - Fixed a bug in GeoIP module
    - Fixed a potential crash in MBR reading

    V12.1.2 04/11/2016
    =================
    - Added detections
    - Updated translations

    V12.1.1 04/04/2016
    =================
    - Added detections
    - Updated translations
    - Now file replacements are made with sfc.exe on Vista+
    - Added button to remove trial
    - Fixed a bug in Chrome scanner preventing the scan from starting

    V12.1.0 03/29/2016
    =================
    - Added detections
    - NEW! Tools menu
    - NEW! Hosts File Tools menu (Premium)
    - Updated translations
    - Fixed a bug in context menu actions

    V12.0.3 03/21/2016
    =================
    - Added detections
    - Added indonesian language
    - Added more translators names
    - Fixed a bug in AutoStart/AutoDelete
    - Fixed a bug preventing to quit on Update
    - Added a link to Lost license form

    V12.0.2 03/14/2016
    =================
    - Added detections
    - Added crash dump form
    - Fixed a bug that showed steps not supposed to run
    - Updated translations / Fixed typos
    - Added Data column in scan results
    - Fixed Autoscan
    - Fixed Autoremove
    - Now scan progress live detection shows in red when an item is detected
    - Fixed a bug that led to driver state being wrong in reports

    V12.0.1 03/07/2016
    =================
    - New user interface
    - Added detections

    V11.0.14 02/29/2016
    =================
    - moved driver loading at the beginning of the scan
    - introducing expert mode
    - processes no longer killed during scan (killed at removal, on demand)
    - moved IAT scanning into expert mode
    - core preparation for V12
    - Added detections

    V11.0.13 02/22/2016
    =================
    - moved signatures loading at the beginning of the scan
    - core preparation for V12
    - Added detections

    V11.0.12 02/15/2016
    =================
    - Added detections
    - Fixed a bug in Files module
    - Fixed a bug in Web module

    V11.0.11 02/08/2016
    =================
    - Added detections

    V11.0.10 02/01/2016
    =================
    - Added detections
    - Updated translations

    V11.0.9 01/25/2016
    =================
    - Added detections
    - Updater 2.1
    - Updater can now serves installable version
    - Updater can now skip licensing page if already registered

    V11.0.8 01/19/2016
    =================
    - Added detections
    - TrueSight v2.0.2 (fixed digital certificate for SHA1)
    - Added Turkish language
    - Updated translations

    V11.0.7 01/11/2016
    =================
    - Added detections
    - Added ADS whitelisting/blacklisting

    V11.0.6 01/04/2016
    =================
    - Added detections
    - Using new licensing API

    V11.0.5 12/28/2015
    =================
    - Added detections
    - Now setup will verify license key when entered

    V11.0.4 12/20/2015
    =================
    - Added detections

    V11.0.3 12/14/2015
    =================
    - Added detections
    - Added translations in setup
    - Updated translations

    V11.0.2 12/07/2015
    =================
    - Fixed a bug in Buffer search

    V11.0.1 12/07/2015
    =================
    - Added detections
    - Fixed a possible bug in scanner
    - Fixed a possible issue in COM module

    V11.0.0 11/30/2015
    =================
    - Added rating link in marketing window
    - Now detects ADS (Alternate Data Streams)
    - Qt 5.5
    - Moved Prescan into Scan
    - Now IAT scan is able to scan Microsoft Edge
    - Better hooks report for kernel hooks
    - Truesight v2
    - Now kernel hooks are scanned on userland
    - Fixed a bug in COM module
    - Added software keys detection
    - Added registry path signatures
    - Added detections

    V10.11.7 11/23/2015
    =================
    - Added detections
    - Fixed a possible hang issue on HTTP calls (timeout broken)
    - setup improvments, ability to deploy both version (32/64 bits)
    - setup improvments, banner and translations
    - fixed a possible crash in junctions data parsing

    V10.11.6 11/16/2015
    =================
    - Added detections
    - Fixed a bug that closed the app when closing child window when minimized in tray
    - added -reportpath command line parameter
    - UI tweaks

    V10.11.5 11/09/2015
    =================
    - Added detections

    V10.11.4 11/02/2015
    =================
    - Added detections
    - Fixed a bug in licensing engine, leading to a lost of configuration sometimes.
    - Fixed a bug in processes module where main module was not good
    - Fixed a bug in processes module where Updater was crashing if a very long command line was passed

    V10.11.3 10/26/2015
    =================
    - Added detections
    - Added warning when driver is not loaded
    - Fixed Microsoft Security Client as legit parent for svchost
    - (Premium) Added Premium label in reports
    - Updated translations
    - (Premium) Added information for external scanner (tab in settings)
    - (Premium) Now application closes in tray and persist
    - (Premium) Now able to start a scan from the tray icon
    - Fixed a bug where services/windows were not scanned
    - Fixed a bug where filesystem was not properly scanned

    V10.11.2 10/20/2015
    =================
    - Fixed a crash in Buffer module
    - Moved rebranding to Premium Technician

    V10.11.1 10/19/2015
    =================
    - Added detections
    - Moved rebranding to Premium documented features
    - Fixed an issue with IAT scan progress (progress reset after process scan)
    - Updated translations
    - NEW! (Premium Technician) Added an option to limit time validity of portable config files
    - Improved performance of filesystem scanner (scan is now much faster)
    - Whitelisted Chrome sandbox IAT hooks
    - Added timeout for file shortcut resolution (improves performance of filesystem scanner)

    V10.11.0 10/12/2015
    =================
    - Added detections
    - Added filter on VirusTotal internal submit (no user file)
    - Improved shellcode module detection in inline hooks module
    - Fixed memory growth while scanning filesystem
    - IAT scan is now much faster because only scanning windows DLLs table
    - Table-based hooks have cleaner display in logs (module!export)
    - Fixed a bug in modules enumeration on 64 bits
    - Excluded wow64cpu enter from inline hooks detection
    - Now inline hooks architecture detection relies on import module architecture instead of process
    - RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions)

    V10.10.9 10/05/2015
    =================
    - Fixed bug in Disk module
    - Fixed bug in IAT parser

    V10.10.8 10/05/2015
    =================
    - Added detections
    - Now Updater restarts application using same command line parameters

    V10.10.7 09/28/2015
    =================
    - Added detections

    V10.10.6 09/21/2015
    =================
    - Added detections
    - Fixed bug in Disk module
    - New social icons
    - RogueKillerCMD: Added build number, licensing state

    V10.10.5 09/14/2015
    =================
    - Added detections

    V10.10.4 09/04/2015
    =================
    - Added detections
    - Updated links
    - (Premium) Added notification when license is about to expire
    - Fixed bug in Disks module

    V10.10.3 08/31/2015
    =================
    - Added detections
    - Now all legit antirootkit entries are hidden
    - fixed a bug in Process module
    - internal reorganization

    V10.10.2 08/24/2015
    =================
    - Added Detections
    - NEW! Added Processes list to json report
    - NEW! (Premium) Added -vtupload yes/no command line parameter
    - Updated EULA to reflect licensing terms
    - Updated translations
    - Added help button in "?" menu
    - Fixed way of reading disk serial
    - Fixed a bug in VT scanner

    V10.10.1 08/17/2015
    =================
    - Added detections
    - (Premium) Added message when Updater is not present and program is outdated
    - Updated translations
    - Added link to public Trello board
    - Added version check in about form
    - NEW! VirusTotal choice for upload
    - NEW! (Premium) VirusTotal choice setting
    - Fixed automatic updates when Updater is not present
    - NEW! EULA will show up again if a new version is present
    - Extended injection signature search to 4 sections (instead of 1), to better identify injection code.
    - Now infection urls for antirootkit point to non technical posts
    - Resized main and about forms
    - (Premium) Added more information in licensing server check
    - (Premium) Prepared for annual subscription switch

    V10.10.0 08/11/2015
    =================
    - Added detections
    - Compatibility with Windows10
    - Added error message when key has wrong pattern
    - Updated translations
    - NEW! File Scanner is more aggressive, and will search in a lot more locations
    - Fixed a bug in honey module
    - Fixed a bug in logging module

    V10.9.4 07/30/2015
    =================
    - Added detections
    - Fixed file scan when path contains unicode characters
    - Fixed offline licensing issue (License was not recognized when no internet available). Now once registered (with internet on) it works offline.
    - NEW! (Premium) Tray icon phase 1.

    V10.9.3 07/21/2015
    =================
    - Fixed a crash when scanning Digital Certificate of some files
    - Fixed a FP when LNK files have unicode characters in path (OneNote 2010 - Capture d??cran et lancement.lnk)

    V10.9.2 07/20/2015
    =================
    - Added detections
    - NEW! HTML reports
    - NEW! HTML Open button
    - NEW! TXT Open button
    - NEW! HTML log setting + command line parameter
    - Fixed timeout for Curl operations (max 5 seconds)
    - NEW! signature database is now pre-compiled, will load much faster
    - Updated Yara engine to 3.4
    - Refactored Digisig engine, better performances
    - Added more information in Json log for killed processes
    - Fixed a bug where x64 processes names are not found when using x86 version
    - Fixed path whitelist priority on VT blacklist (processes scanner)
    - Updated translations
    - Fixed an issue where Floppy drives become very noisy during scan

    V10.9.1 07/09/2015
    =================
    - Added detections
    - NEW! Added Open Text button in Json log viewer.
    - NEW! Korean language
    - Updated translations
    - Fixed Scan randomly performed.
    - NEW! Command line parameter: -reportformat [txt|json]
    - NEW! Report format setting
    - Merged Txt report generation with Txt export

    V10.9.0 07/06/2015
    =================
    - Separate database for RogueKillerCMD / Updater
    - NEW! Updater is now generic (cannot be used by double click anymore, takes command line)
    - NEW! RogueKillerCMD can now use automatic updates
    - NEW! RogueKillerCMD has now a version check
    - NEW! RogueKiller has now accessibility (JAWS compatibility)
    - Added detections
    - -autodelete implicit has been removed from -hide
    - Fixed a bug in RogueKillerCMD where command line isn't handled correctly
    - NEW! RogueKiller now uses JSON as root format for reporting
    - NEW! RogueKiller can open JSON logs into a new window
    - NEW! JSON logs can be exported in RAW text format
    - Updated translations
    - NEW! setup now embeds RogueKillerCMD
    - Fixed a bug in tasks scanner
    - Fixed certificate timestamp

    V10.8.7 06/29/2015
    =================
    - Removed AV.Killer definition (too many FPs)
    - Fixed a bug in mstring module, leading to infinite loop in certain circumstances
    - Now tasks scanner scans arguments too
    - Added detections

    V10.8.6 06/22/2015
    =================
    - Adjusted AV.Killer definition

    V10.8.5 06/22/2015
    =================
    - Added detections
    - NEW! External Scanner
    - Fixed a bug in Process Scanner
    - Fixed a bug in File Search
    - Fixed a bug in Registry Scanner
    - Now process paths are expanded
    - Fixed a bug in VT module
    - Fixed a bug in -autoscan

    V10.8.4 06/16/2015
    =================
    - Added Skype to exclusions for RunPE detections

    V10.8.3 06/15/2015
    =================
    - Added detections
    - NEW! RunPE heuristic detection
    - (Premium) Removed Paypal/Premium images
    - Refactored settings form
    - NEW! (Premium) -autoupdate command line parameter + setting
    - Updated translations
    - Fixed a bug in VT module
    - Fixed a bug in WebServer (Not starting sometimes)

    V10.8.2 06/09/2015
    =================
    - Using Licensing 2.0
    - Added detections

    V10.8.1 06/03/2015
    =================
    - Fixed a bug in Licensing
    - Fixed a bug in VirusTotal module
    - Now portable license generated file is read-only
    - Added GUI indicators when using portable license
    - Added detections
    - Extension checker optimizations

    V10.8.0 06/01/2015
    =================
    - Updated database
    - Fixed a bug in reporting
    - Disabled PUM.DesktopIcons (too confusing, and not critical)
    - Disabled PUM.Orphan (too confusing, not critical)
    - Better unit testing
    - Initialization optimizations
    - Updated translations
    - NEW! (Premium) Web service
    - NEW! Web service /info url (get version info)
    - NEW! Web service /scan/new url (start new scan)
    - NEW! Web service /scan/status url (get scan status)
    - NEW! Web service /report/last url (get last report)
    - NEW! (Premium) -pupismalware command line parameter + setting
    - NEW! (Premium) -pumismalware command line parameter + setting
    - Reverted portable fixed location in rk_config.ini
    - Fixed error message when too many instances
    - Setup now adds RogueKiller bin folder to %PATH%
    - Updated userland certificate
    - NEW! Promotional nag.

    V10.7.0 05/25/2015
    =================
    - New configuration module, not compatible with old one. Able to use read-only medium for portable license.
    - NEW! no more rk_config.ini for technician license.
    - NEW! command line parameter: -portable-license
    - Updated languages

    V10.6.5 05/20/2015
    =================
    - Fixed a bug with KnownDLLs detection when value name starts with underscore (_)

    V10.6.4 05/18/2015
    =================
    - NEW! Preferred language is now saved
    - Added detections
    - Fixed processes scan aggressiveness
    - NEW! Logo can now be rebranded (Please contact us)
    - Fixed a bug in Extensions Checked
    - Fixed a bug in CLSID scanner
    - Fixed Orphan detection level + vendor name => PUM.Orphan
    - Fixed License fallback state
    - Added new autostart locations
    - Added Transfert progressbar

    V10.6.3 05/11/2015
    =================
    - Added detections
    - Fixed a bug in File Search module
    - Increased feed rotation time
    - Better UI information
    - Deactivated VT IP scan (too many FPs)

    V10.6.2 05/04/2015
    =================
    - NEW! Breaking news banner
    - External libs update + optimizations (Zlib, SQLite, udis86)
    - Fixed a bug in Tab navigation

    V10.6.1 04/27/2015
    =================
    - Now VT file scan has minimum/maximum size
    - Refactored PUP/PUM classification to be clearer and more consistent
    - Fixed VT file scanner scanning LNK files instead of target
    - Now VT unknown s classified as PUP
    - Now VT cache has outdated date (fixed to 5 days)
    - Now VT scanner rescans pending items at initialization
    - Added detections

    V10.6.0 04/20/2015
    =================
    - Added detections
    - Moved version check before Prescan
    - Fixed a bug in IAT scanner, where call stack was not recorded correctly
    - Fixed a bug in IAT scanner, where unknown module was not displayed
    - Fixed a bug in RogueKiller OLD GUI, where config file was not read properly
    - Fixed ShowLegitHooks command/setting
    - Fixed slow UI when a lot of entries are added to a table
    - Fixed a bad items insertion when sorting was enabled
    - Fixed a bug in MBR (GPT) module
    - Fixed missing Premium info when internet access is broken
    - Fixed a bug in libcurl library (X64)
    - Added new method to detect IAT inline hooks
    - NEW! VT Scan on registry, tasks, files, mbr, web browsers and antirootkit scans.
    - NEW! VT scan no more in beta
    - NEW! VT scan now scans all processes
    - NEW! VT scan has local caching

    V10.5.10 04/13/2015
    =================
    - Added detections
    - Now can register Premium with command line parameter: -register <email> <key>
    - Now displays remaining activations for Premium
    - All communications are now using SSL (HTTPS)
    - RogueKillerCMD: Added better colors
    - RogueKillerCMD: Now can recognize RogueKiller's command line parameters

    V10.5.9 04/07/2015
    =================
    - Added detections
    - Now logs are sorted by date
    - Now can attach last log even if a scan was not performed in the same session
    - Fixed a bug where registration form cannot upload last report
    - Removed Post Delete message asking for Premium buying when a user is already registered
    - Now file scanner shows unscanned files (for progression), so that software doesn't give an impress of being stuck

    V10.5.8 03/30/2015
    =================
    - Added detections
    - Fixed a bug where config isn't reset after removing the license.
    - Fixed NoPop configuration bug
    - Added all command line parameters in Settings
    - Updated translations
    - Now registration Id/Key are trimmed to avoid copying/writing spaces before/after them (and have wrong key error message)
    - Fixed updater now recognizing License on Windows 8 (now needs admin rights to be launched).
    - Updated EULA to reflect VirusTotal integration rules.

    V10.5.7 03/22/2015
    =================
    - Fixed a crash when starting the application

    V10.5.6 03/21/2015
    =================
    - Added detections
    - Fixed bug forbidding technician licenses to use command line
    - Added Persian translation
    - Fixed a possible hang on service termination
    - Added progress text on progressbar during the scan
    - NEW! VT scan on Processes (beta, only premium, disabled by default)
    - NEW! VT scan on Services (beta, only premium, disabled by default)
    - RogueKillerCMD : removed tutorial opening in case of an infection

    V10.5.5 03/16/2015
    =================
    - Added detections
    - PREMIUM: Added more settings options
    - Unhidden premium options, added Nag message
    - Updated translations
    - Moved Scan choices to settings

    V10.5.4 03/12/2015
    =================
    - Added detections
    - Added credits for translators (About)
    - Now service scanner is aware of ServiceDll path
    - Updated translations
    - Now Premium registration email is trimmed (remove spaces before and after the email)

    V10.5.3 03/10/2015
    =================
    - Fixed a bug in Path module where all shortened path were not properly expanded (Ex: LogMe~ => LogMeIn Rescue Applet)

    V10.5.2 03/09/2015
    =================
    - PREMIUM: Technician License can now use portable config file
    - Added Premium logo
    - Fixed a bug when opening website

    V10.5.1 03/05/2015
    =================
    - Using new licensing system
    - Added detections

    V10.5.0 03/01/2015
    =================
    - NEW! Now RogueKiller is available with an installer
    - PREMIUM: Separate updater
    - PREMIUM: Trial of 30 days per machine
    - Added detections
    - Fixed a crash in jansson library

    V10.4.3 02/23/2015
    =================
    - Added detections

    V10.4.2 02/23/2015
    =================
    - Added detections

    V10.4.1 02/19/2015
    =================
    - Added detections

    V10.4.0 02/18/2015
    =================
    - Uniformization of whitelists/blacklists (we dropped a lot of detections, this can lead to false positives...
    ...but they will be fixed as people report them)
    - Fixed a bug in LNK signature detection
    - Fixed a buf in Time module
    - NEW! Better CLSID scanner
    - NEW! Now MBR scanner is EFI compatible
    - Updated italian translation
    - Fixed a bug in Path module

    V10.3.0 02/16/2015
    =================
    - Added detections
    - New command line flag: -showlegithooks (Shows legit hooks that are normally hidden)
    - Big improvements in the IAT hooks engine; Preparation of refactoring for the kernel hooks.
    - Big improvements in Extension Checker module
    - NEW! Arabic translation
    - Updated translations
    - Updated Yara engine to 3.3

    V10.2.0 01/19/2015
    =================
    - Added detections
    - Updated Italian translation
    - Added German translation
    - Added Chinese traditional translation
    - Fixed a bug in Registry scanner where .DEFAULT hive is not scanned
    - Added MBR signature for FinFisher
    - Added MBR signature for TDL4
    - Added MBR signature for Rovnix
    - Fixed some bugs in MBR scanner
    - Improved low level disk access library
    - Added VBR (Volume Boot Record) scanner

    V10.1.2 01/06/2015
    =================
    - Added detections
    - Updated Spanish translation
    - Added Italian translation
    - Added hook signatures engine

    V10.1.1 12/23/2014
    =================
    - Added detections
    - PREMIUM: Added settings form
    - PREMIUM: Added MBR Scan setting
    - PREMIUM: Added Honey Scan setting
    - PREMIUM: Added Antirootkit Scan setting
    - PREMIUM: Added Open website setting
    - Added Dutch translation
    - Added Italian translation
    - Added sanity check for website opening

    V10.1.0 12/11/2014
    =================
    - Added detections
    - Fixed mbamservice false positive

    V10.0.9 12/08/2014
    =================
    - Fixed Xpaj false positive with DiskCryptor MBR
    - Added DiskCryptor MBR signature
    - Added detections
    - TrueSight 1.0.4: Better shellcode module detection
    - IAT Hooks: Better shellcode module detection

    V10.0.8 11/20/2014
    =================
    - Added detections
    - Fixed bug of processes not killed
    - Now process memory is scanned before path scan

    V10.0.7 11/20/2014
    =================
    - Now process pages are scanned for whitelist
    - Updated Yara engine
    - Added detections
    - Reverted some command line to free version: -nodriver -nokill -nopop -nothirdparty

    V10.0.6 11/12/2014
    =================
    - Fixed a bug in Process module (not enough rights to get process path)
    - Fixed a bug in AV whitelist detection
    - Added detections

    V10.0.5 11/11/2014
    =================
    - Now AV processes are whitelisted
    - Added language separator for "Your language here"
    - Added Injected process heuristic detection
    - Fixed bad Zeus signature
    - More aggressive against Poweliks processes
    - Added detections
    - Updated links

    V10.0.4 10/29/2014
    =================
    - Added link to translations in language menu
    - Added Delay IAT in PE module
    - Added Delay IAT hooks in antirootkit
    - Now IAT hooks are printed to UI as they are scanned
    - Removed ctfmon from sensitive processes
    - Now detects Zeus variants
    - Now informative texts are not elided
    - Better choices (currency/amount) for Paypal form
    - Removed unused resources
    - Improvements in quarantine module
    - Now DNS entries show country IP in text report
    - PREMIUM: Added quarantine handler
    - Added detections

    V10.0.3 10/22/2014
    =================
    - New user-agent: Now sends extended vendor names for real time monitoring
    - Added detections

    V10.0.2 10/16/2014
    =================
    - Added detection of services hidden from SCM and from registry
    - Dropped command line support in free version
    - Removed EAT hooks (useless)
    - Improved IAT hooks scanner (now scans all modules instead of main module)
    - Fixed a bug in driver library (driver could not load under certain circumstances)
    - Added Czech translation
    - Added tooltip with detection level (for colorblind people)
    - Added detections

    V10.0.1 10/10/2014
    =================
    - Improvements in Process library
    - Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
    - Fixed Poweliks rule
    - Added detections
    - Fixed Bug in registry module
    - Fixed a bug in logging

    V10.0.0 10/08/2014
    =================
    - Major UI changes
    - Added support for future Premium version
    - Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad keys
    - Now CLSIDs are scanned for path and memory
    - Added detections

    V9.3.0 10/06/2014
    =================
    - New Rules engine. Easier to maintain, more robust.
    - Fixed a lot of bugs in Scanner engines.
    - Added detections

    V9.2.13 09/25/2014
    =================
    - Fixed a bug in registry module introduced in 9.2.12
    - Fixed a bug in process engine that forbids svchost processes to be killed
    - Added detections

    V9.2.12 09/23/2014
    =================
    - TrueSight: 1.0.3: Fixed a Kernel stack overflow leading to a BSoD
    - Better handling of multistring registry value/key names (ZeroAccess/Poweliks)
    - Added Poweliks detections
    - Added detections

    V9.2.11 09/18/2014
    =================
    - Added detection to new Poweliks variant
    - Fixed a bug of infinite wait when COM objects are broken

    V9.2.10 09/09/2014
    =================
    - Fixed a bug in Yara scanner
    - Fixed a bug in language module
    - Fixed a crash dump uploader (due to surlatoile.org move to https)
    - Added service binary path in report

    V9.2.9 09/01/2014
    =================
    - Updated Yara to 3.1.0
    - Added detections
    - Firefox PUM.HomePage is using domain whitelist

    V9.2.8 08/15/2014
    =================
    - Added detections

    V9.2.7 08/15/2014
    =================
    - Added scan of Search Page/Start Page for Internet Explorer
    - Added scan of Start Page for Firefox
    - TrueSight 1.0.2: Process Kill
    - TrueSight 1.0.2: Registry key Kill
    - TrueSight 1.0.2: File Kill
    - RogueKiller: Implementation of new Truesight features
    - RogueKillerCMD: Implementation of new Truesight features


    V9.2.6 08/07/2014
    =================
    - Removed a ZeroAccess false detection
    - Fixed a bug in registry module (introduced in 9.2.5)

    V9.2.5 08/07/2014
    =================
    - Fixed a bug in registry module (poweliks/zeroaccess trick)
    - Fixed a bug in command line parsing
    - RogueKillerCMD: Added registry value/subkey removal by index
    - Added detections

    V9.2.4 07/24/2014
    =================
    - Added detections
    - Added Key present rule
    - Added Value data rule
    - Updated Yara
    - Fixed a bug in file search module
    - Fixed a bug in honey file module
    - Fixed string limit in path module
    - RogueKillerCMD: Registry Kill

    V9.2.3 07/14/2014
    =================
    - Fixed a bug in file module
    - Added detections

    V9.2.2 07/11/2014
    =================
    - Fixed a bug in task scanner
    - Fixed a bug in path parser
    - Fixed a bug in registry module
    - Fixed a bug in install module
    - Unknown MBRs are dumped in %programdata%/RogueKiller/Debug
    - Added detections

    V9.2.1 07/09/2014
    =================
    - Fixed a bug in logging
    - Fixed unicode hosts file read/write
    - Fixed empty hosts lines scan
    - Truesight 1.0.1
    - Truesight now suspends TDL4 threads before MBR fix
    - Removed debug messages from Truesight
    - Fixed pcalua detection in task scanner
    - Added links

    V9.2.0 07/07/2014
    =================
    - Truesight 1.0 (no more in beta)
    - Truesight loads in X64
    - Truesight rewriten from scratch (increased stability, code compatibility)
    - Truesight now detects Filters (regular, reverse)
    - Added detections
    - Added translations
    - Fixed regression about vendor url opening
    - Fixed bug about duplicate registry entries on x86

    V9.1.0 06/23/2014
    =================
    - Added detections
    - Fixed a problem of ProgramFiles/ProgramFilesX86/ProgrameFilesW6432 var env parsing
    - Binaries are now digitally signed.
    - updated translations


    V9.0.3 06/17/2014
    =================
    - Fixed encoding bug in quarantine handler
    - Fixed crash window opening when no dump is available
    - Fixed duplicated files in common startup folder on XP
    - Detection of WinPE. Now LivePE/LiveUSB scan is faster and more accurate.
    - Fixed reboot query
    - Improved replacement method
    - Fixed DNS whitelisting
    - Added Zekos signatures
    - Now file replacement engine looks for same file version before replacing.
    - Fixed a bug in startup honey module
    - Fixed a bug in mbr module
    - Added detections


    V9.0.2 06/04/2014
    =================
    - Fixed a bug in registry scanner
    - Fixed a bug in Buffer lib
    - Added chrome extensions removal
    - Fixed service repair
    - Added single instance mutex
    - Fixed a bug when trying to quit
    - Added detections
    - Added Necurs link
    - Added pathparser special rules (rundll32, wscript)
    - Fixed a bug in file parsing
    - Fixed a bug in Honey module


    V9.0.1 06/02/2014
    =================
    - Fixed a bug in logging
    - Fixed a bug in File lib
    - Fixed a bug in GUI
    - Optimizations in String parser
    - Added detections
    - Fixed a bug in addons detection
    - Fixed a bug in forged file detection
    - Fixed a bug in service scanner
    - Now malware hooks are Orange

    V9.0.0 05/29/2014
    =================
    - Fixed bugs

    V9.0.0 beta 3 05/26/2014
    =================
    - CLI commands -nodriver -autoscan -autodelete -autoquit -autoeula -hideui
    - Added detections
    - Fixed EULA
    - Added service repair
    - Added check for updates
    - Changed driver icon
    - Added reboot notification
    - Added pending detections notification on quit

    V9.0.0 beta 2 05/23/2014
    =================
    - Fixed a bug in MBR log
    - Fixed a bug in Service log
    - Fixed a bug in log (RTL characters removed, ZeroAccess)
    - Replaced SUSP PATH label by Suspicious.Path
    - Removed Chrome.exe IAT/EAT scan
    - Fixed 3 bugs in IEAT/EAT display (process is displayed / legit entries are hidden / fixed size of function in console display)
    - Now suspicious services registry keys are not prechecked (to avoid confusion with true malware)
    - Disabled Forged files removal (except if contains malware signature), due to some false positives
    - Fixed a bug in Registry subkey removal (ZeroAccess)
    - Fixed a bug in File replacement (added ACL copy before replace, Zekos)
    - Fixed a bug in ListView sorting (was too slow)
    - Added detections

    V9.0.0 beta 1 05/22/2014
    =================
    - Added crash handler window
    - Reports are now translated
    - Added missing translations
    - Added hover event for Facebook / Paypal links
    - Added fancy Facebook button
    - Replaced old icons by high res icons
    - Added detections
    - Fixed a bug in ComManager

    V9.0.0 alpha5 05/21/2014
    =================
    - Brand new high res icon! (thanks nfn678 from deviantart.com)
    - Now sending statistics to adlice.com webserver database
    - PUM color detection is now Dark Gray
    - Added web browser scan
    - Added stop button (during scan only)

    V9.0.0 alpha4 05/20/2014
    =================
    - Added context menu select/unselect all
    - replaced old MBR display by a listview
    - added MBR scan
    - fixed carriage return bug in reports
    - fixed bad driver decryption
    - added Hooks scanner

    V9.0.0 alpha3 05/19/2014
    =================
    - Fixed a bug when exiting with file menu
    - Added hosts fix button (hosts tab)
    - Fixed window names bug (massive false positive)
    - Added true version number comparison for version checker
    - Fixed elided text bug
    - Added report footer
    - Now general progressbar is used as progression
    - Now displays fine progression
    - Added file scanner

    V9.0.0 alpha2 05/16/2014
    =================
    - Fixed a crash in Yara scanner on some processes
    - Fixed a bug in Hidden processes detection
    - Fixed a bug in report module, prescan results were removed from reports
    - Fixed display bug (wrong X64 display in title)
    - Fixed crash handler, now crash dumps will be located in %ProgramData%/RogueKiller/Debug
    - Fixed display bug. After removal, status of items was not updated.
    - Added Hosts file support
    - Added Hosts file line removal
    - Removed Proxy, DNS and Shortcut buttons/tabs

    V9.0.0 alpha1 05/14/2014
    =================
    - Rewritten engine from scratch ( RKSdk V1 )
    - Moved to Yara scanner
    - Fixed a lot of bugs

    V8.8.14 03/26/2014
    =================
    - Fixed a bug in PE parser
    - Optimizations
    - Added detections

    V8.8.13 03/25/2014
    =================
    - Optimizations
    - Prepare for 8.9.0
    - NEW! Now scans IAT/EAT on x64 operating systems
    - NEW! Now scans non-PE files (example: .bat)
    - Addded detections

    V8.8.12 03/20/2014
    =================
    - Optimizations
    - Prepare for 8.9.0
    - Added Thanks for Downloading Url at first use.
    - Fixed bug in MBR fix
    - Fixed progressbar behavior

    V8.8.11 03/14/2014
    =================
    - Optimizations
    - Added lot of PUP detections
    - file path are elided in console

    V8.8.10 02/28/2014
    =================
    - Added detections
    - Changed links
    - Fixed a bug in File library
    - RogueKillerCMD 0.1.3
    * Added service list
    * Added service kill

    V8.8.9 02/24/2014
    =================
    - Added double check for current version
    - Added double post for autofeedback
    - Changed sur-la-toile.com domain for new one surlatoile.org (fixed statistics and version check)


    V8.8.8 02/19/2014
    =================
    - URL are now localized
    - Fixed tree process creation deadlock


    V8.8.7 02/11/2014
    =================
    - Fixed bugs in Hidden process detection
    - Added traces for killed processes check bug.


    V8.8.6 02/07/2014
    =================
    - ACLs management improvement
    - Fixed FP in hook module
    - NEW! Google Chrome extensions are listed [Removal not supported yet]
    - Fixed Zekos FP with Zanga.exe
    - Fixed forum link in report


    V8.8.5 02/03/2014
    =================
    - Added debug trace for dllhost issue
    - Added rogue detections
    - Fixed duplicates in Firefox Addons list
    - Added extensions.json / extensions.sqlite in the firefox watch list
    - Now kills firefox before removing extensions

    V8.8.4 01/27/2014
    =================
    - Added ACL module.
    - Fixed bug with ACLs when replacing patched file [Black Screen - Zekos]
    - Restored Zekos signatures

    V8.8.3 01/24/2014
    =================
    - NEW! Extension removal for IE / Firefox (context menu)
    - Neutralized Zekos signatures to avoid black screen at replacement. [To be fixed]

    V8.8.2 01/17/2014
    =================
    - NEW! Miuref detection and removal
    - Added Zekos x64 detection
    - Fixed a bug in honey module
    - Fixed a bug in core module
    - Fixed a bug in driver module

    V8.8.1 01/14/2014
    =================
    - Fixed bug in registry module
    - Fixed a bug in file module
    - NEW! Zekos detection and removal.

    V8.8.0 12/27/2013
    =================
    - NEW! web browser addons are listed (Internet Explorer | Firefox )
    - NEW! Cryptolocker pattern
    - NEW! Killed process verifier. If some processes remain, they are killed by their whole tree.
    - Added detections

    V8.7.13 12/18/2013
    =================
    - Translated Paypal Icon
    - Fixed a bug in GUI lib
    - Added PUP pattern
    - Fixed a bug in File lib (ZeroAccess detection)
    - Added addons tab

    V8.7.12 12/16/2013
    =================
    - Windows 8.1 detection
    - Fixed bug in Shortcut mode
    - Refactoring of File lib
    - Added detections
    - RogueKillerCMD 0.1.2
    * Added process list

    V8.7.11 12/04/2013
    =================
    - Fixed a bug in UI lib

    V8.7.10 12/04/2013
    =================
    - Added detections
    - RogueKillerCMD 0.1.1
    * Fixed DLL dependencies

    V8.7.9 11/25/2013
    =================
    - Fixed a bug in regex parsing
    - Optimization of regex
    - Added 2 new methods for registry Read/Write
    - NEW! Honey module now uses the Win32 API Offline method (Safer)
    - Fixed a bug in script cleanup
    - Fixed a bug in mbr module
    - Added detections
    - Added Error code for MBR read
    - Removed ROGUE ST detection for registry values


    V8.7.8 11/14/2013
    =================
    - NEW! Added Zlib compression for crash dump sending
    - Improvement of args handler

    V8.7.7 11/11/2013
    =================
    - NEW! new banner
    - Fixed bugs in Registry module
    - Fixed bug in PeParser
    - Added progress window for crash report uploading
    - Now collecting FUll dumps [This can be long, be patient!]


    V8.7.6 10/28/2013
    =================
    - Changed crash feedback for sending crash dump instead of custom crash logs
    - Fixed bug in PeParser


    V8.7.5 10/22/2013
    =================
    - Added useragent in debug log sending
    - NEW! Geoloc for proxy / DNS IPs
    - Fixed bug on TaskMan value
    - NEW! -report_output and -hide switches
    - NEW! Stop button


    V8.7.4 10/16/2013
    =================
    - Added COUNTRY in user agent of statistic module


    V8.7.3 10/15/2013
    =================
    - NEW! Detection/Removal of generic name mismatches in registry key/values (API fool trick -Rootkit)
    - Fixed a bug in HiveReader module
    - Fixed a bug in Pattern module


    V8.7.2 10/10/2013
    =================
    - Fixed memory leak in sigcheck
    - Fixed bug in PeParser
    - Fixed bug in File module
    - Added RECYCLER suspicious path (DorkBot)
    - Added TaskManager key monitoring


    V8.7.1 10/03/2013
    =================
    - Fixed bugs in PeParser
    - Fixed bug in IAT/ETA hooks
    - NEW! Listview sorting


    V8.7.0 09/30/2013
    =================
    - NEW! Scan IAT/ETA of sensible processes
    - NEW! Filesystem userland antirootkit
    - Added colors to differenciate type of objects
    - Added Romanian language
    - Fixed bug in file deletion
    - Fixed bugs in Pe parser
    - Optimizations: Com library
    - Fixed bug in GUI library
    - Added detections


    V8.6.12 09/18/2013
    =================
    - Added detections
    - Added MBR infos
    - Added PUM label, and more consitent colors
    - Fixed a bug in MBR module


    V8.6.11 09/11/2013
    =================
    - Fixed a crash a startup on x64 OS


    V8.6.10 09/09/2013
    =================
    - Fixed a bug in PeParser
    - TrueSight 0.9.1


    V8.6.9 09/03/2013
    =================
    - Fixed a bug in PeParser
    - Added Export parsing
    - Fixed a bug in SSDT parsing
    - Added detections


    V8.6.8 09/02/2013
    =================
    - Fixed a bug in peParser
    - Truesight v0.9


    ----- Now Date in english format


    V8.6.7 27/08/2013
    =================
    - Fixed display issue
    - Fixed problem in Registry module
    - Added Rogue.AntiSpy-LSP pattern (Live Security Professional)
    - Added detections


    V8.6.6 19/08/2013
    =================
    - NEW! Ability to resize the application (but still flickering when resized...)
    - Fixed display issue in safe mode
    - Removed Hosts scan if file is bigger than 1MB
    - Added detections
    - Fixed bug in removal


    V8.6.5 04/08/2013
    =================
    - NEW! Added support for new ZeroAccess variant (RTL)
    - NEW! Added AutoRun value support in PE mode
    - Fixed bug for rebooting query
    - Fixed bug in file/folder deletion
    - Removed unauthorized characters in report
    - Updated links


    V8.6.4 29/07/2013
    =================
    - Fixed display bugs
    - Added tab icons
    - NEW! One scan can allow user to trigger each option once (Delete, HostsFix, DNSFix, ProxyFix)
    - Fixed bug in DLL module
    - Modified Honey display in report
    - Fixed bugs in PeParser
    - Fixed bug in file parser
    - Added detections
    - Database queries switched to UNICODE


    V8.6.3 17/07/2013
    =================
    - Added detections
    - Fixed bugs
    - Added crash feedback link into crash window


    V8.6.2 02/07/2013
    =================
    - Modified links
    - Fixed bugs
    - Added Turkish translation
    - Added switches -autoscan, -autoaccepteula, -autoquit and -autodelete for automation of the flow
    - NEW! Minidump writting for DEBUG version (in cas of crash)


    V8.6.1 17/06/2013
    =================
    - Fixed bugs
    - Improved filename parsing


    V8.6.0 14/06/2013
    =================
    - Changelog in English
    - Rewrited whole engine
    - NEW! Added icons in lists
    - NEW! Added colors for Hosts lines detection
    - Report: Splitted in object coherency (Tasks, Startup folders, registry)
    - NEW! Honey module (previous PE module rewriten from scratch)
    - NEW! .ini file for configuration storing
    - NEW! Firefox malware detection module
    - Added signatures
    - Added ZeroAccess infection => Windows Defender repair
    - Added disclaimer on Shortcut fix option
    - Added hosts malicious lines identification in report
    - Translations updated
    - Added drivers to the patched files list to check
    - Added service repair option (Tools/Repair services)
    - Added Aho-Corasick algorithm for fast signature matching. Improved signature finding speed.
    - NEW! Opera module - Added Proxy configuration


    V8.5.4 18/03/2013
    =================
    - D?tection de lignes malicieuses Hosts file
    - Ajout de signatures


    V8.5.3 13/03/2013
    =================
    - Correction de bugs
    - Ajout de signatures


    V8.5.2 23/02/2013
    =================
    - D?placement des signatures MBR dans la base de donn?es
    - Correction de bugs


    V8.5.1 12/02/2013
    =================
    - MAJ d?tection Necurs.A
    - MAJ base de donn?es
    - Correction d'un bug dans le module database


    V8.5.0 08/02/2013
    =================
    - Meilleure prise en charge de ZeroAccess

    V8.4.4 01/02/2013
    =================
    - Langue Italien
    - Langue Polonais
    - Langue Cor?en
    - Module PE: Correction de bugs
    - Module Reg: correction d'un bug
    - Detection ZeroAccess - Am?liorations


    V8.4.3 08/01/2013
    =================
    - Langue Russe
    - Module PE: Ajout des dossiers de d?marrage
    - Module PE: Am?liorations diverses

    V8.4.2 31/12/2012
    =================
    - Am?lioration du module PE


    V8.4.1 23/12/2012
    =================
    - Correction d'un bug dans le module PE
    - Correction d'un bug dans le module Files
    - Correction d'un bug dans le module Hive
    - Langue Spanish
    - Dell MBR


    V8.4.0 11/12/2012
    =================
    - Optimisations de code pour passage en x64
    - Version x64 disponible
    - correction d'un bug dans le module Tasks
    - correction d'un bug dans le module Hooks

    V8.3.2 07/12/2012
    =================
    - correction d'un bug dans le module startup
    - correction d'un bug dans le module patched
    - Correction d'un bug dans le module ntreg
    - Possibilit? de d?senregistrer un service (ntreg) si impossibilit? de supprimer en mode RAW
    - Prise en charge du MBR Fix pour TDL4 (Thanks XdeadCode)
    - d?tection Root.MBR Alipop
    - D?tection Root.MBR Mebroot
    - D?tection Root.MBR Plite


    V8.3.1 20/11/2012
    =================
    - R?organisation du traitement


    V8.3.0 17/11/2012
    =================
    - Migration de la base de donn?es
    - Correction de bugs
    - Bouton facebook

    V8.2.3 07/11/2012
    =================
    - Preparation ? SQLite
    - Optimisation module parsing
    - Correction d'un bug de d?tection du chemin process x64
    - WL dll
    HPStatusBL.dll
    - Correction d'un bug dans le module Crypt
    - WL
    Screenpresso.exe

    V8.2.2 03/11/2012
    =================
    - Window BL
    Micorsoft Essential Security Pro 2013
    Windows 8 Defender 2013
    - BL
    MESP.exe
    - Ajout d'une whitelist par chemin
    - Corection d'un bug dans le module blacklist
    - Modification du lien FR tutoriel
    - Traduction N?erlandais
    - Ajout de la date et du mode dans le nom du rapport
    - Executable pack? UPX
    - driver WL
    sbhips.sys */ SunBelt */
    d347bus.sys /* Daemon tools*/
    - WL
    Windir/VPro500.exe
    windir/*np325.exe
    - BL particular
    Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\@
    Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\U
    Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\n
    Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\L

    V8.2.1 29/10/2012
    =================
    - DNS WL
    24.222.0.95
    - Driver WL
    avgtpx86.sys /*AVG*/
    regguard.sys /*RegRun*/
    - Whitelist
    cdloader2.exe
    magicJack.exe
    AmazonCloudDrive.exe
    V0220Mon.exe
    msnotif.exe
    LGMLauncher.exe
    Communicator.exe
    - Correction d'un bug dans le module debug
    - Modifications du module d'importance
    - Adaptation du driver pour Windows 8
    - R?cup?ration des noms d'API SSDT en userland (compatibilit? Win8)


    V8.2.0 22/10/2012
    =================
    - Truesight v0.7
    - Fix langue German
    - Divers corrections de bugs
    - Whitelist
    sys32/pcalua.exe
    LogMeInSystray.exe
    Dashlane.exe
    - DNS Whitelist
    86.64.145.14*
    129.250.35.251
    - Driver WL
    SbFw.sys /*GFI Software*/
    - Window BL
    File Restore (FakeHDD)
     
  7. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ROGUE KILLER ChangeLog part2

    V8.1.1 01/10/2012
    =================
    - Traduction Chinois traditionnel
    - correction de bugs mineurs
    - ajout de couleurs sur les listviews pour diff?rencier les type de d?tection
    - correction d'un bug dans le module Blacklist
    - Window BL
    XP Defender 2013
    Vista Defender 2013
    Win 7 Defender 2013


    V8.1.0 28/09/2012
    =================
    - Support du changement de langue au runtime
    - correction d'un bug dans le module processes
    - ajout d'un bouchon MBR (pour les tests)
    - ajout d'un lien "website" dans l'ent?te du rapport

    V8.0.5 23/09/2012
    =================
    - gestion des switchs de lancement
    - ajout du switch "-nodriver" qui emp?che le chargement du driver
    - ajout du switch "-nokill" qui emp?che le kill de processus (certains processus provoquent un BSOD au kill, il vaut mieux attaquer leur cl? de registre)
    - ajout d'une cat?gorie "Extern Hive" dans le rapport => Listing des ruches externes trouv?es
    - correction d'un bug dans le module Extern hives
    - correction de bugs


    V8.0.4 19/09/2012
    =================
    - Encryption des fichiers en quarantaine (Utiliser Cryptonic avec la cl? "RogueKiller" pour d?chiffrer)
    - optimisation du module WEB
    - Ajout de la suppression hors API lorsqu'une cl? est prot?g?e
    - Correction d'un bug dans le module HiveReader
    - Suppression de la v?rification des cl?s LEGACY (pas utilis?)
    - Dll whitelist
    adawarebp.dll
    SkyDriveShell.dll


    V8.0.3 13/09/2012
    =================
    - Correction d'un bug dans le module HiveReader
    - Correction d'un bug dans le module Registry
    - Correction d'un bug dans le module File ASSO
    - Correction d'un bug dans le module Proxy FF
    - Prise en charge des rootkits maxSST (fix d?sactiv? car non test?)
    - Deactivation of "Patched" module (not really used, to many false positives)
    - Whitelist DLL
    tv_w32.dll
    - Whitelist
    %Windir%/HelpPane.exe
    TeamViewer.exe
    tv_w32.exe
    TeamViewer_Desktop.exe
    ibsvc.exe


    V8.0.2 31/08/2012
    =================
    - Fichiers particuliers
    \\RECYCLER\\[ANYFOLDER]\\$********************************\\n
    \\RECYCLER\\[ANYFOLDER]\\$********************************\\@
    \\RECYCLER\\[ANYFOLDER]\\$********************************\\L
    \\RECYCLER\\[ANYFOLDER]\\$********************************\\U
    \\$recycle.bin\\[ANYFOLDER]\\$********************************\\n
    \\$recycle.bin\\[ANYFOLDER]\\$********************************\\@
    \\$recycle.bin\\[ANYFOLDER]\\$********************************\\L
    \\$recycle.bin\\[ANYFOLDER]\\$********************************\\U
    - Incproc HJ
    {fbeb8a05-beee-4442-804e-409d6c4515e9}
    {5839fca9-774d-42a1-acda-d6a79037f57f}
    - Blacklist
    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.exe


    V8.0.1 30/08/2012
    =================
    - Correction de bugs
    - Whitelist
    c2c_service.exe
    SkyDrive.exe
    procexp.exe
    - Driver WL
    RapportCerberus$ (trusteer)
    - Truesight v0.6
    Surveillance de DriverEntryIO
    - Ajout patterns pour blacklist (GENDARMERIE)
    install_0_msi.exe
    hleo32.exe
    regsrv64.exe
    msconfig.dat
    hos32.exe

    V8.0.0 26/08/2012
    =================
    - [[Ramaniement de Code]]
    - Surveillance de la cl? HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters : DataBasePath (HOSTS)
    - Am?liorations diverses
    - Ajout d'un cartouche d'information sur l'infection
    - Refonte de certaines fenetres
    - Whitelist
    StatBar.exe
    %windir%\^^Service.exe
    %sys32%\iac25_32.ax

    V7.6.6 10/08/2012
    =================
    - Recherche de fichiers de remplacement en cas de fichiers patch?s.
    - Remplacement des fichiers patch?s en mode SUPPRESSION

    V7.6.5 03/08/2012
    =================
    - Correction d'un bug dans le module peParser (PE x64)
    - Ajout signature
    ZeroAccess (services.exe x64)
    - Windows BL
    Live Security Platinum

    V7.6.4 17/07/2012
    =================
    - Ajout d'une blacklist pour valeurs de registre
    - BlacklistValue
    Update (GENDARMERIE)
    - Ajout patterns pour blacklist (GENDARMERIE)
    fest0r_ot.exe
    Schnarch.exe
    - Whitelist DLL
    cleanup.dll (MBAM)
    - Windows BL
    File Recovery


    V7.6.3 08/07/2012
    =================
    - Correction d'un bug dans le module HiveReader (gestion valeurs de registre unicode)
    - Ajout patterns pour blacklist (GENDARMERIE)
    roper0dun.exe
    rasmxs.exe
    SCardDlg.exe
    TapiSysprep.exe
    0_0u_l.exe
    glom0_og.exe


    V7.6.2 02/07/2012
    =================
    - Ajout d'un module de kill / relaunch de processus englobant la suppression de fichiers particuliers
    (explorer.exe est tu? / r?activ?)
    - Correction d'un bug dans la d?tection des fichiers particuliers
    - Surveillance de la cl? : HKCR\\CLSID\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InprocServer32 (ZeroAccess)
    - Blacklist
    sys32 / n
    - Part files blacklist
    windows\\Installer\\{********-****-****-****-************}\\L
    localAppdata\\{********-****-****-****-************}\\L
    sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\L
    sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\U
    sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\@
    sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\n


    V7.6.1 28/06/2012
    =================
    - R?ctivation du module de recherche de signatures
    - Ajout d'un module de v?rification des fichiers syst?mes (ASLR + recherche de signatures)
    - V?rification du fichier services.exe
    - Ajout signature
    ZeroAccess (services.exe)
    - Correction de bugs (module Window)
    - Ajout patterns pour blacklist (GENDARMERIE)
    er_00_0_l.exe
    - Correction de bugs


    V7.6.0 26/06/2012
    =================
    - Ajout d'un contract utilisateur (EULA)
    - Modification du module Particular files pour prise en compte des raisons de suppression + comparaison par masque
    - Part files blacklist
    windows\\Installer\\{********-****-****-****-************}\\n
    windows\\Installer\\{********-****-****-****-************}\\@
    windows\\Installer\\{********-****-****-****-************}\\U
    localAppdata\\{********-****-****-****-************}\\n
    localAppdata"\\{********-****-****-****-************}\\@
    windows\\Assembly\\GAC\\Desktop.ini
    windows\\Assembly\\GAC_32\\Desktop.ini
    windows\\Assembly\\GAC_64\\Desktop.ini
    - Drivers WL
    avgidsshimx.sys (AVG)


    V7.5.4 07/06/2012
    =================
    - Surveillance de la cl? : HKCR\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32 (ZeroAccess)
    - Ajout programdata dans chemins sensibles
    - Ajout patterns pour blacklist (GENDARMERIE)
    pkg0u.exe
    pkg_0ll.exe
    WinzipArchiver.exe
    TarArchiver.exe
    Smoerrebroe.exe
    tpl_0_c.exe
    RarArchiverWin.exe

    V7.5.3 05/06/2012
    =================
    - Am?lioration de l'interface
    - Revue des traductions
    - Mise ? jour de la detection ZeroAccess (Sirefef)
    - Ajout patterns pour blacklist (GENDARMERIE)
    krussel3.exe
    AMD_cpx.exe
    Apple_Store.exe
    cs8v0k.exe


    V7.5.2 30/05/2012
    =================
    - Correction d'un bug faisant apparaitre une popup
    - Am?lioration du module de redirection des chemins
    - Whitelist
    SpotifyWebHelper
    %windows%/ALCMTR.exe
    - Ajout patterns pour blacklist (GENDARMERIE)
    ArchiverforWin.exe
    game_client.exe
    WinArchiver.exe


    V7.5.1 28/05/2012
    =================
    - Am?lioration du module de comparaison par masque
    - Surveillance de HKLM\\SYSTEM\\ControlSet001\\Control\\SafeBoot : AlternateShell
    - Surveillance du registre x64 pour la cl? SHELL
    - Ajout patterns pour blacklist (GENDARMERIE)
    k8h0pp.exe
    temp##.exe
    ServiceVBOX.exe
    %sys32%/%%%%%%%%%%%%%%%%%%%%.exe


    V7.5.0 24/05/2012
    =================
    - Ajout de la possibilit? d'utiliser RogueKiller sous environnement PE.
    - Possibilit? de scanner les ruches windows en branchement externe du DD.
    - Correction d'un bug dans ntreg
    - Ajout bureau dans suspect paths
    - Ajout patterns pour blacklist (GENDARMERIE)
    k8h00.exe
    VboxServs.exe


    V7.4.5 18/05/2012
    =================
    - Int?gration librairie ntreg
    - Ajout patterns pour blacklist (GENDARMERIE)
    ch8l0.exe
    p0j99p.exe
    spoolsrv.exe
    FSnapshot_x86.exe
    BSI.bund.exe
    GboxService.exe
    InfoServices_a.exe
    ksprskylabs1.exe


    V7.4.4 08/05/2012
    =================
    - D?tection de Xpaj (bootkit)
    - Ajout de patterns de d?tection GENDARMERIE
    ms.exe
    #{1}.#{12+}.exe
    wpbt#{1}.dl{2}
    hnszs#{1}.exe
    ms*****.bat
    ram_reserver64.exe
    itunes_service#{2}.exe
    syncservicex86.exe
    EPUhelpers.exe
    DNS_Servicex86.exe
    kitre#{1}.exe


    V7.4.3 04/05/2012
    =================
    - Mise en place des patterns pour d?tection des processus, cl?s RUN, SHELL, Startup
    - Correction d'un bug dans le module HiveReader
    - Optimisations de code
    - TrueSight : Securisation du code


    V7.4.2 03/05/2012
    =================
    - Correction d'un bug dans le module HiveReader


    V7.4.1 02/05/2012
    =================
    - Whitelist
    E_FATIHJL.EXE
    - Ajout du pattern GEMA
    - Ajout du pattern GENDARMERIE
    - Correction d'un bug dans le module readMBR
    - Correction d'un bug dans le module SSDT


    V7.4.0 01/05/2012
    =================
    - Correction d'un bug dans le module debug
    - Ajout du module ExceptionHandler => gestion automatique des plantages (en partie).
    Quand un crash survient, une fen?tre s'ouvre et propose ? l'utilisateur de l'envoyer automatiquement.
    - Window BL
    Data Recovery (FakeHDD)
    - Support des langues:
    Allemand


    V7.3.4 27/04/2012
    =================
    - Ajout du module SigCheck, permettant la recherche de signatures dans les fichiers binaires.
    => Recherche de signatures dans les processus
    - Correction d'un bug dans le module readMBR (r?organisation de la priorit? des signatures)
    - Correctifs dans les resources de langue.


    V7.3.3 22/04/2012
    =================
    - Prise en compte de la valeur Start_TrackProgs (Programmes r?cents menu d?marrer)
    - Correction d'un bug dans le module HiveReader
    - Modification des ACLs avant v?rification des cl? RUN (bug virus Gendarmerie)
    - Support des langues:
    Grec
    Portugais


    V7.3.2 20/03/2012
    =================
    - [13/04/2012] Correction de bugs
    - [03/04/2012] Window BL
    SMART HDD
    - [23/03/2012] Ajout lien vers Security Shield (blog)
    - [22/03/2012] Module Debug - Second ajout
    - [22/03/2012] Module statistique => Activation de plusieurs langages.
    - [21/03/2012] Ajout progressBar (permet de savoir si un scan est en cours)
    - [21/03/2012] Activation des styles visual
    - [21/03/2012] Module Debug - Premier ajout
    - [21/03/2012] Correction d'un bug
    - [21/03/2012] Window Blacklist
    System Shield
    Security Shield
    - Correction d'un bug dans le module startup
    - Ajout de la surveillance du dossier "Common Startup"
    - TrueSight v0.5 : Optimisations de code
    - MAJ langue Czech / Slovak
    - Ajout checkbox "AntiRootkit" qui d?sactive les fonctionnalit?s du module TrueSight


    V7.3.1 10/03/2012
    =================
    - Correction d'un bug dans le module faked
    - Ajout d'une checkbox pour d?sactiver le module faked (le scan prend du temps)
    - Whitelist
    Skype.exe
    FixCamera.exe
    firefox.exe
    plugin-container.exe
    - Driver WL
    Crypto.sys /*SafeNet*/
    mfehidk.sys /*McAfee*/
    wpsdrvnt.sys /*Symantec*/


    V7.3.0 08/03/2012
    =================
    - TrueSight v0.4
    - Possibilit? de fixer les hooks inline.
    - TrueSight : D?tection des hooks IRP (Major et Inline) sur un driver donn? -> Atapi.sys
    - Possibilit? de fixer les hooks IRP inline (peut g?n?rer un BSOD dans certains cas, cette fonction reste ? am?liorer. A utiliser uniquement en dernier recours).
    - Ajout d'un messagebox demandant confirmation si aucune suppression n'a ?t? effectu?e
    - TrueSight : Bypass des fonctions du driver pour Windows 8 (pas compatible pour le moment)
    - TrueSight : Optimisations de code
    - Detection de Windows 8
    - Correction d'un bug dans le module HiveReader (valeur / cl?s avec accents)
    - Ajout d'un module de d?tection des fichiers FAKED (exp?rimental)
    -> Appliqu? sur sys32/drivers
    - Correction d'un bug dans le module SHELL
    - Correction d'un bug dans le module STARTUP
    - Correction d'un bug dans le module WEB
    - Module Startup : Possibilit? de voir les dossiers de toutes les sessions (au lieu de la courante)
    - Surveillance de la cl? HKCU\...\Advanced : Start_ShowRun


    V7.2.1 29/02/2012
    =================
    - TrueSight v0.3
    - Detection des hooks inline (fonctions SSDT seulement)
    - Correction d'un bug dans le module HiveReader
    - Driver WL
    avipbb.sys /*Avira*/
    avkmgr.sys /*Avira*/
    - Window BL
    Smart Fortress 2012
    Windows Shield Tool
    Windows PRO Scanner
    Windows Basic Antivirus
    Windows Stability Guard
    Windows Firewall Constructor

    V7.2.0 27/02/2012
    =================
    - Ajout d'une option FixMBR dans l'onglet MBR. Cette option devient disponible si une infection MBR est trouv?e.
    - Possibilit? de fixer le bootstrap MBR avec un MBR standard (XP, Vista ,Seven)
    - Ajout d'un module de lecture directe des ruches => d?tection cl?s / valeurs cach?es de l'API
    - d?tection MBR Toshiba
    - d?tection MBR Lenovo
    - d?tection MBR Standard
    - d?tection MBR KIWI Image system
    - Whitelist
    Spotify.exe
    jusched.exe (global)
    - Window BL
    Windows Functionality Checker
    Windows Smart Warden
    Home Malware Cleaner
    Windows Smart Partner
    Antivirus Protection
    Windows Telemetry Center
    Windows Perfomance Catalyst
    Strong Malware Defender

    V7.1.0 15/02/2012
    =================
    - Passage du code en logique UNICODE (au lieu de ANSI)
    - Correction de bugs
    - Ajout du support des langues:
    Czech
    Slovak
    - Mise ? jour des d?tections MBR whistler/sinowal
    - d?tection MBR myBIOS
    - D?tection des MBR flood?s par NOP
    - Blacklist window
    Security Scanner
    Internet Security
    Internet Security 2012
    - Rogue ProgFile
    \\PCSpeed Service\\
    \\everyclear\\
    - Blacklist
    gema.exe

    V7.0.4 08/02/2012
    =================
    - Ajout d'une checkbox pour d?sactiver le scan MBR (choix utilisateur)
    - Correction d'un bug d'affichage faisant disparaitre les boutons dans certaines basses r?solutions d'?cran


    V7.0.3 06/02/2012
    =================
    - Modification du module LL2 => moins d'erreur d'acc?s, notemment sur les OS x64
    - Correction d'un bug dans le workflow des modes secondaires
    - Blacklist
    InetAccelerator.exe (Gendarmerie2)

    V7.0.2 30/01/2012
    =================
    - Correction de bugs d'affichages (retours ? la ligne en trop) dans l'?dition du rapport
    - Correction dans le module MBR => taille des partitions actualis? (1ko = 1024 octets)
    - Whitelist
    adawarebp.exe
    DropBox.exe
    - Rogue ProgFiles
    \\BoanCatch\\
    \\pcupgrade\\
    \\best-pc\\
    \\PCMaster Antispyware\\
    \\InfoSeven\\
    \\comdoumi\\
    - Ajout pattern Rogue.ViusDoctor, Rogue.Zaxar
    - Window BL
    Antivirus Smart Protection
    Malware Protection Center


    V7.0.1 28/01/2012
    =================
    - Correction d'un bug dans le module MBR => Type de partitions actualis?s
    - Correction d'un bug dans le module MBR => Calcul des tailles de partition actualis?
    - Passage ? 5 PhysicalDrive Max
    - Ajout du nom des disques physiques


    V7.0.0 26/01/2012
    =================
    - Passage en mode GUI


    V6.2.4 12/01/2012
    =================
    [24/01/2012] - Ajout de cl?s Advance: Start_ShowMyDocs Start_ShowRecentDocs Start_ShowUser
    Start_ShowMyPics Start_ShowMyGames Start_ShowMyMusic Start_ShowControlPanel Start_ShowDownloads
    Start_ShowVideos Start_ShowHelp Start_ShowPrinters Start_ShowSetProgramAccessAndDefaults
    [23/01/2012] - Correction d'un bug dans le module MBR
    [23/01/2012] - Correction d'un bug dans le module TASKS
    [23/01/2012] - Window BL : Smart Protection 2012
    [16/01/2012] - Prise en charge des dlls lanc?es depuis un raccourci startup (virus Gendarmerie)
    [16/01/2012] - Correction d'un bug dans le module checkPath
    - Ajout HKEY_USERS\\Software\\Classes\\pezfile\\shell\\open\\command
    - Ajout HKEY_USERS\\Software\\Classes\\.exe\\shell\\open\\command
    - Ajout HKEY_USERS\\Software\\Classes\\exefile\\shell\\open\\command
    - Correction d'un bug dans le module de sauvegarde REG
    - Ajout de l'option a : WhyIGotInfected? => ouverture de la page de WIGI
    - Ouverture de liens vers les manips du blogspot en fonction de l'infection detect?e (ZeroAccess, FakeRean)


    V6.2.3 09/01/2012
    =================
    - Whitelist
    smad.exe
    - Whitelist Dll
    BatInfEx.dll
    BatLogEx.dll
    - Driver Whitelist
    hookcentre.sys /*Gdata*/
    - Window Blacklist
    System Check
    - Rogue ProgFiles
    \\InfoSafe\\
    \\CleanerCom\\
    \\MicroVaccine\\
    \\PC-Spider\\
    \\CYAK\\
    \\PcVirusDoctor\\
    \\VDoctor Professional\\
    \\CheckSpeed\\

    V6.2.2 31/12/2011
    =================
    - Detection MBR Code TestDisk
    - Detection MBR Code HP tatou?
    - Detection MBR Code Whistler
    - Distinction entre Vista / 7 MBR Code
    - Detection MBR Code Linux
    - Correction d'un bug dans le module de backup REG


    V6.2.1 28/12/2011
    =================
    - Detection MBR codes XP et Vista/7
    - Detection MBR codes MaxSS / TDL4 / PiHar
    - Modification du module MBR (prise en compte de plusieurs PhysicalDrive)
    - Whitelist DLL
    %sys32%/LogiLDA.dll
    panda_url_filtering.dll
    nsMouselib.dll
    msconf.dll
    - Whitelist
    B2CNotiAgent.exe
    HpSAUpgrade.exe
    HPSFUpdater.exe
    panda_url_filtering.exe
    MpSigStub.exe
    dplaysvr.exe
    realplayerent_config.exe
    - rogue ProgFiles
    \\info-manager\\
    - Window BL
    Security Monitor

    V6.2.0 12/12/2011
    =================
    - Ajout d'un module de d?tection des screensavers : HKEY_CURRENT_USER\\Control Panel\\Desktop : SCRNSAVE.EXE
    - Mise ? jour du pattern ZeroAccess (d?tection du FS $NtUninstallKB / consrv.dll)
    - Ajout de mot-cl?s d'importance dans les rapports (redirection des logs au niveau du serveur PHP)
    - Ajout du pattern statistique Root.MBR
    - Ajout check du MBR (LL2) + activation du module
    - Dump des MBR trouv?s dans la quarantaine
    - Modification de la fin du script => possibilit? de garder le notepad ouvert
    - Correction de bugs
    - Rogue ProgFiles
    \\datasave\\
    \\sweeperlab\\
    \\virussecurity\\
    \\ProtectCop\\
    \\HomeBoan\\
    \\SmartSafer\\
    - Whitelist
    pccntupd.exe
    pull.exe
    RapportService.exe
    HWDeviceService.exe
    windir\v0330mon.exe
    - Driver Whitelist
    uphcleanhlp.sys /*WinXP (?)*/
    FireTDI.sys /*Mac Afee*/
    fslx.sys /*Symantec*/
    savonaccesscontrol.sys /*Sophos*/
    ShldDrv.sys /*Panda*/
    bdrsDrv.sys /*BitDefender*/
    - WhitelistDLL
    rooksbas.dll
    - Blacklist
    %sys32/sysrunc.exe


    V6.1.12 02/12/2011
    =================
    - Ajout check du MBR (User / LL1) --> d?sactiv? pour tests
    - Ajout pattern Rogue.AntiSpy-AH
    - Window Blacklist
    XP Antispyware 2012
    XP Antivirus 2012
    XP Security 2012
    XP Antispyware 2012
    XP Home Security 2012
    XP Internet Security 2012
    Vista Antispyware 2012
    Vista Antivirus 2012
    Vista Security 2012
    Vista Home Security 2012
    Vista Internet Security 2012
    Win 7 Antispyware 2012
    Win 7 Antivirus 2012
    Win 7 Security 2012
    Win 7 Home Security 2012
    Win 7 Internet Security 2012


    V6.1.11 30/11/2011
    =================
    - Ajout d'un module de chargement direct du driver (plus efficace)
    - d?sactivation du module "LOCKED"
    - Window Blacklist
    BlueFlare Antivirus
    Wolfram Antivirus
    OpenCloud Security
    Malware Protection
    Spyware Protection
    Cloud Protection
    Guard Online
    AV Guard Online
    Cloud AV 2012
    - Rogue ProgFiles
    \\NDoctorCom\\
    \\perfectcare\\
    \\privacyup\\
    \\PowerPC\\
    \\CleanCatch\\
    - blacklist
    Cloud AV 2012v121.exe


    V6.1.10 18/11/2011
    =================
    - Ajout d'un module de r?cup?ration des donn?es des pr?c?dents scans (PREVRUN)
    - Rogue ProgFiles
    sweeperlab
    VirusSecurity
    - Blacklist
    AV Protection 2011v121.exe
    - Window Blacklist
    AV Protection 2011

    V6.1.9 16/11/2011
    =================
    - Ajout d'un module de v?rification des fen?tres windows ouvertes
    - Ajout d'un module de r?sidu des process (pour registre)
    - Correction de bugs
    - Window Blacklist
    System Fix
    Privacy Protection
    AV Security 2012
    System Restore
    System Security 2011
    AV Protection Online
    Security Sphere 2012
    - Driver WL
    pxrts.sys /*PrevX real time scanner*/
    guard.sys /*AVG 7*/
    - Whitelist
    %windows%\wanmpsvc.exe
    %windows%\*snpstd$
    %windows%\sttray.exe
    %windows\lclock.exe
    %windows\ATKKBService.exe
    MessageCheck.exe
    %windows\UpdReg.EXE
    uUACTokenSvc.exe
    GameXNGO.exe
    - Whitelist DLL
    LC.dll
    npSkypeChromePlugin.dll
    - Whitelist DNS
    4.2.2.$


    V6.1.8 14/11/2011
    =================
    - Ajout Pattern: PrivacyProtection
    - Correction de bugs
    - Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowMyComputer
    - Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowSearch
    - Whitelist
    netsession_win.exe
    SetWallpaper.cmd
    TUAutoReactivator32.exe
    %windows%\VM_STI.EXE
    %windows%\ZSSnp211.EXE
    %windows%\Domino.EXE
    FacebookUpdate.exe
    googletalkplugin.exe
    %windows%\SiSUSBrg.exe
    lsnfier.exe
    %windows%\Imgtask.exe
    mediaget.exe
    %windows%\AutoKMS.exe
    %windows%\mixer.exe
    - Driver WL
    SandBox.sys /*Sandboxy*/
    RapportPG.sys /*Trusteer (Report)*/
    sbaphd.sys /*Sunbelt*/
    PavProc.sys /*Panda antivirus*/
    PavSRK.sys /*Panda antivirus*/
    - Dll WL
    KeyboardOnlineTray.dll
    mcdvd_32.dll
    - Blacklist
    AV Security 2012v121.exe


    V6.1.7 05/11/2011
    =================
    - Am?lioration du module statistique (Patterns ZeroAccess, Fake HDD, Rogue ProgFiles)
    - Correction de bugs
    - Ajout d'un module de gestion de la reflection du registre (x64)
    - am?lioration du backup en .reg (prend en charge les cl?s au lieu des valeurs seulement)
    - Rogue ProgFile
    \\PatchUp_Plus\\
    \\NVirusKorea\\
    \\ProtectCode\\
    \\CoreScan\\
    \\AntiAvoid\\
    \\IPRIVACY\\
    \\ProtectKeep\\
    \\AnyCop\\
    \\windowpc\\
    - Whitelist
    arservice.exe
    supprim? kmservice.exe (crack pour Office 2010)
    - Whitelist DLL
    IadHide5.dll


    V6.1.6 01/11/2011
    =================
    - Ajout d'un module statistique (connexion base de donn?e SLT)
    - DNS whitelist:
    8.8.4.$
    - Correction de bugs
    - Whitelist :
    windows\BCMSMMSG.exe
    windows\*snp2***.exe
    windows\stsystra.exe
    windows\qmc.exe
    windows\cthelper.exe
    windows\ALCXMNTR.EXE
    sys32\ANIWConnService.exe
    sys32\PSDrvCheck.exe
    rnupgagent.exe
    googletalk.exe
    E_FATICDL.EXE
    - Drivers WL:
    OADriver.sys /*Online armor*/
    sp_rsdrv2.sys /*Spyware terminator*/
    cmdguard.sys /*Comodo IS*/
    SYMEVENT.SYS /*Symantec*/
    SASKUTIL.SYS /*SUPER Antispyware*/
    PSINProc.sys /*Panda Security*/
    - Whitelist DLL
    migrate.dll
    OIExt.dll
    BthAuthenticationTime.dll
    NativeHelpNotifier.dll


    V6.1.5 29/10/2011
    =================
    - Ajout d'un module de v?rification en ligne du num?ro de versio
    - Ajout d'un module d'envoi automatique des rapports ? l'adresse du d?veloppeur (pour am?lioration de l'outil)
    - Drivers WL:
    fshs.sys /*F-Secure Orange AV*/
    - Rogue ProgFiles
    \\boankorea\\
    \\FastScan\\

    V6.1.4 22/10/2011
    =================
    - Rogue ProgFiles
    \\VirusScan\\
    \\pcspeedup\\
    - Drivers WL:
    ehdrv.sys /*ESET Helper Driver*/
    - Whitelist
    AVGIDSMonitor.exe
    - Ajustement de la d?tection dans le module RANDOMNAME



    V6.1.3 14/10/2011
    =================

    - TrueSight v0.2
    - Correction de bugs
    - R?arrangement du code
    - Ajout backup des suppressions registre en .reg
    - Ajout d'un module de d?tection des noms al?atoires
    - Blacklist
    sys32\lvvm.exe
    crss.exe (Cloud Protection)
    - Rogue ProgFiles
    \\realcleaner\\

    V6.1.2 07/10/2011
    =================

    - Drivers WL:
    PCTCore.sys /*PCTools*/
    bdselfpr.sys /*Bitdefender*/
    - Kill des processus v?rouill?s
    - WellKnown processes
    audiodg.exe
    - Rogue ProgFiles
    \\vaccinecom\\
    \\PCPlusSecurity\\
    - WellKnown WL
    sys32\ctfmon.exe
    sys32\lsm.exe
    sys32\SearchIndexer.exe
    sys32\sppsvc.exe
    sys32\SearchProtocolHost.exe
    sys32\SearchFilterHost.exe
    sys32\mctadmin.exe
    sys32\dllhost.exe
    sys32\alg.exe
    sys32\wscntfy.exe
    sys32\notepad.exe
    sys32\wuauclt.exe
    sys32\userinit.exe
    sys32\msdtc.exe
    windows\agrsmmsg.exe
    - Whitelist dll
    nvsysrot.dll


    V6.X.X XX/XX/XXXX (Version repous?e)
    =================
    - Module de suppression de cl?s (recursif) par appel direct
    - chargement du driver en mode BOOT antagoniste si bloqu?
    - Detection de cl?s de registres cach?es du SCM
    - Ajout chemin sensible %sysroot% pour processus
    - Ajout d'un module de detection des noms long -processus et cl?s- (Guard Online / OpenCloud / ...)


    V6.1.1 28/09/2011
    =================
    - Correction d'un bug dans le chargement / d?chargement du driver
    - Supprim? messages debug
    - TrueSight v0.1
    - Ajout driver Whitelist avec masque
    - Ajout blacklistPath dans recherche des services
    - Drivers WL:
    unknown /*Unknown*/
    vsdatant.sys /*ZoneAlarm*/
    procguard.sys /*ProcGuard*/
    aswSP.sys /*Avast*/
    aswSnx.sys /*Avast*/
    PCTAppEvent.sys /*PCToolsFirewallPlus*/
    sp**.sys /*Daemon tools*/
    AVGIDSShim.Sys /*AVG*/
    - Rogues progFiles
    \\HelpPrivacy\\
    \\InfoBoan\\
    \\windowsliveprotect\\
    \\DrBoan\\
    \\Privacyi\\
    \\Micropop\\
    - Service Blacklist
    MPopService


    V6.1.0 22/09/2011
    =================
    - R?cup?ration des vrais adresses de la SSDT
    - Ajout option 7 (restauration de la SSDT par index) : OPTION CACHEE car dangereuse. A utiliser sur demande d'un helper
    - module TrueSight : Restauration SSDT
    - module TrueSight : Kill par appel direct aux APIs NT (DrvNtTerminate)


    V6.0.0 21/09/2011
    =================
    - Ajout d'un driver embarqu? dans les ressources
    - Chargement du driver TrueSight (x86 seulement)
    - Recherche des Hooks SSDT
    - Recherche des Hooks Shadow SSDT


    V5.3.5 21/09/2011
    =================
    - WhitelistDLL
    LVPrcInj01.dll
    - Whitelist
    kmservice.exe
    - Rogues ProgFiles
    \\BoanCop\\
    \\cleancert\\
    \\VIHunter\\


    V5.3.4 30/08/2011
    =================
    - Correction d'un bug dans la detection de la whitelist (masque)
    - Ajout module de restauration des icones du bureau (SHELL)
    - Ajout module de restauration de la barre des t?ches (SHELL)
    - Ajout d'un mutex pour emp?cher le lancement de plusieurs instances
    - Rogues ProgFiles
    \\PrivacyBoho\\
    \\SafePrivacy\\
    \\BoanClear\\
    - Whitelist
    BR040286.exe
     
  8. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ROGUE KILLER ChangeLog part3

    V5.3.3 18/08/2011
    =================
    - Ajout d'un module de d?tection de fichiers / dossiers particuliers
    - Blacklist Particular:
    %Appdata%\Adobe\shed
    %Appdata%\Adobe\plugs
    - Dll Whitelist
    rpchrome$
    MSVC^71.dll
    - Rogue ProgFile
    \\errordoctor\\
    - GUID
    {19090308-636D-4E9B-A1CE-A647B6F794BF} //Wolfram antivirus



    V5.3.2 18/08/2011
    =================
    - Meilleure prise en charge du x64
    --> Ajout des variables d'env SysWow64 / Program Files (x86)
    --> Ajout de la restauration de Program Files (x86) dans le mode 6
    - Optimisation de code
    - WellKnownProcess:
    varEnv.syswow64\\svchost.exe
    - Whitelist:
    nclaunch.exe


    V5.3.1 06/08/2011
    =================
    - Ajout d'un module de surveillance des cl?s manquantes
    - Ajout des cl?s manquantes:
    HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command" => default : "%1" %*
    - Rogue ProgFile:
    \\PrivacyCode\\
    \\InfoGuard\\
    \\DefenseVirus\\
    \\PatchUp_Plus\\
    - Whitelist dll:
    btmshell.dll
    mkil.dll

    V5.3.0 01/08/2011
    =================
    - Detection des d?tournements des noms syst?me
    - Le programme est maintenant capable de tuer un process de 6 mani?res diff?rentes
    Cel? permet de contourner les protections de pas mal de malwares

    - Service Blacklist:
    wxpdrivers
    srvsysdriver32
    srvbtcclient
    srviecheck

    - Rogue progFiles
    \\MacroVirus\\
    \\DualVaccine\\
    \\CodeScan\\


    V5.2.9 31/07/2011
    =================
    - Service Blacklist:
    Windows_Update

    - Dll Whitelist
    MSVCP71.dll

    - Whitelist
    alcwzrd.exe
    PLFset^.exe


    V5.2.8 23/07/2011
    =================
    - Ajout v?rification des .exe dans dossier d?marrage
    - Dll Whitelist
    Dropbox$
    PLFSet.dll
    -Whitelist
    vsnp2uvc.exe
    - Rogue progFiles
    \\Clear2PC\\
    \\PCMedic\\
    \\boanking\\
    - ajout BlackList
    <user>\startupFolder\csrss.exe


    V5.2.7 30/06/2011
    =================
    - Correction de bugs (RegCloseKey)
    - Correction de bugs provoquant un ?cran noir apr?s passge de OTL (au reboot)


    V5.2.6 23/06/2011
    =================
    - Ajout de la surveillance de la ligne:
    HKEY_CLASSES_ROOT\.exe => default


    V5.2.5 23/06/2011
    =================
    Correction de bugs majeurs faisant planter l'appli


    V5.2.4 22/06/2011
    =================
    Rogue ProgFiles:
    -\\privacyalpha\\
    -\\basicprivacy\\
    -\\MicroPC\\
    -Whitelist
    Bginfo.exe
    PLFsetL.exe
    - Ajout suppression ACL pour les cl?s Shell


    V5.2.3 16/06/2011
    =================
    - Blacklist
    %ProgramFiles%\csrss.exe
    %ProgramFiles\conhost.exe
    - Service blacklist
    QTUpdate
    - Rogue ProgFiles
    -\\Milestone Antivirus\\


    V5.2.2 05/06/2011
    =================
    - Ajout d'infos sur les lecteurs pour le mode 6
    - Correction de bugs faisant planter les modes 6/1/2


    V5.2.1 02/06/2011
    =================
    - Correction de bugs faisant planter le module Task Scheduler 2.0
    - Raports sur le bureau quelque soit le repertoire de lancement de l'application


    V5.2.0 01/06/2011
    =================
    - Blacklist service
    cdfss
    wcscd
    - Prise en charge des cl?s
    Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run
    HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\ShellServiceObjectDelayLoad
    HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler
    HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects
    HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats
    - V?rification et kill des DLL malicieuses charg?es sous explorer.exe
    - Ajout du kill des dll explorer.exe dans les r?sidues
    - Ajout d'un module d'exploration des GUID (Si un GUID est connu, on retrouve le chemin de la DLL malicieuse
    et on l'ajoute ? la BlackList dynamique)
    - Prise en charge du dossier Common Startup


    V5.1.9 29/05/2011
    =================
    - Rogue ProgFile:
    \\vaccineu\\
    - Affichage des icones User / Poste de travail / Corbeille sur le bureau
    Hijack : WarnOnHTTPSToHTTPRedirect
    - Whitelist
    soundman.exe
    - Blacklist
    wuaucldt.exe


    V5.1.8 27/05/2011
    =================
    - Correction de bugs dans le mode 6
    - Ajout des librairies dans la mode 6


    V5.1.7 26/05/2011
    =================
    - Correction de bugs dans le mode 6
    - Whitelist:
    mhotkey.exe
    mmkeybd.exe
    dit.exe
    LxrAutorun.exe
    sw2#.exe
    Screenpresso.exe


    V5.1.6 21/05/2011
    =================
    - Rogue ProgFile
    \\\Error Fix\\
    - Whitelist
    OEM0#Mon.exe
    vVx#000.exe


    V5.1.5 20/05/2011
    =================
    - Correction d'un bug majeur du mode 6
    - Whitelist
    RtHDVCpl.exe


    V5.1.4 16/05/2011
    =================
    - Prise en charge de la sauvegarde effectu?e par Windows Recovery (Option 6)
    - Whitelist:
    RtHDVCpl.exe
    googlecrashhandler.exe
    megakeyupdater.exe
    zHotkey.exe
    ASScrProlog.exe
    ASScrPro.exe


    V5.1.3 13/05/2011
    =================
    - Ajout de chemins dans les repertoires sensibles:
    %SystemDrive% / Windows
    %System Drive% / Documents and settings / <user>
    - Policy:
    HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer -> NoDesktop
    - Rogues PF:
    \\Ifkpr\\
    \\AntiDefend\\
    - WhiteList:
    vVX1000.exe
    regedit.exe



    V5.1.2 13/05/2011
    =================
    - Correction d'un bug dans le module rundll32
    - Rogue progFile
    \\selfprivacy\\
    \\PrivacyKey\\


    V5.1.1 05/05/2011
    =================
    - Correction de bugs faisant planter le module Task Scheduler 2.0
    - Correction d'un bug de fausse d?tection dans le module RUNDLL32 (RUN) -> report? dans 4.3.12


    V5.1.0 02/05/2011
    =================
    - Prise en charge du Task Scheduler 2.0 (Vista / Seven)
    - Rogue progFile
    \\PrivacyView\\


    V5.0.0 30/04/2011
    =================
    - Migration d'IDE


    V4.3.12 30/04/2011
    ==================
    - Ajout ACCESS_DENIED dans rapports
    - Ajout date p?remption de l'ex?cutable, avec message d'avertissement si > 3 jours
    - Whitelist
    RockMeltUpdate.exe


    V4.3.11 25/04/2011
    ==================
    - Grosses optimisations (Rapidit? du scan x4)
    - Whitelist
    OctoshapeClient.exe
    - Rogue progFile
    \\PC2Safe\\


    V4.3.10 24/04/2011
    =================
    - Rogue progFile
    \\Boan119\\
    \\VaccineCore\\
    \\Antivirus Clean 2011\\
    - Ajout cl? : FIREFOX.EXE\\shell\\safemode\\command
    - Ajout whitelist:
    ereg.$ (Dragon naturally speaking)
    - Correction bug module Shell
    - Whitelist DNS:
    62.251.229.237
    - Blacklist
    sys32\\windupdt\\winupdate.exe
    - Whitelist:
    Rsystems Support.exe
    - DllWhitelist:
    bthprops.cpl
    -WellKnownProcess:
    dwm.exe
    wininit.exe

    V4.3.9 16/04/2011
    =================
    - DllWhitelist:
    "csnp2uvc.dll"
    "gcswf32.dll"
    "rpchromebrowserrecordhelper.dll"
    - Ajout whitelist:
    OrangeInside.exe
    - Rogue progFile
    \\Error Repair Professional\\
    - Correction bug module WhitelistDLL
    - Ajout de la date de la version
    - Ajout d'un mode (0) pour quitter. Le programme se relance automatiquement ? la fin.
    Il convient donc de choisir le mode 0 pour fermer le programme



    V4.3.8 09/04/2011
    =================
    - Ajout d'un module de reconnaissance de processes connus (explorer.exe, etc..)
    - Optimisations
    - Ajout d'un module de reconnaissance des dlls charg?es en 04 sous rundll32
    - Rogue progFile
    \\HomeClean\\
    \\BoanSupport\\
    - DllWhitelist:
    "oobefldr.dll" "nvsvc.dll" "NvCpl.dll"
    "NvMcTray.dll" "nview.dll" "srclient.dll"
    "dr25svc.dll" "cmicnfg.dll" "ksrun.dll"
    "sbavmon.dll" "dlbttime.dll" "ftutil2.dll"
    "nvclock.dll" "nvhotkey.dll" "nvmctray.dll"
    "p17.dll" "spirun.dll" "p17rune.dll"
    "ptipbmf.dll" "ulutil2.dll" "sispower.dll"
    "wf2kcpl.dll" "zsscheduler.dll" "apphelp.dll"
    "advpack.dll" "sti_ci.dll" "ASTSVCC.dll"
    "LXBUtime.dll" "p0**0pin.dll"
    - Purge rogues ProgFile
    - Correction bugs (Language anglais, kill svchost.exe)
    - Ajout module de restauration des param?tres du centre de s?curit?
    - Ajout whitelist:
    clavier.exe


    V4.3.7 04/04/2011
    =================
    - Ajout d'un module de reconnaissance MD5 pour les process, les dll et les cl?s RUN
    - MD5 Blacklist:
    2eb8bf9d3fad4cb9e26a1ae184a65816 //AntivirusPlus "random.dll"


    V4.3.6 29/03/2011
    =================
    - AJout module Association de fichiers StartMenuInternet (Firefox, IE, Opera)
    - Rogue Program files
    \\ADSTOP\\
    \\SystemDefender\\
    - DNS Whitelist
    90.0.0.38


    V4.3.5 29/03/2011
    =================
    - Ajout du disque local syst?me dans l'option 6
    - Ajout du repertoire CurrentUser dans l'option 6
    - Am?lioration de l'algorithme, gain de rapidit? (option 6)
    - Ajout des modules de surveillance UAC: "ConsentPromptBehaviorAdmin" , "ConsentPromptBehaviorUser" , "EnableLUA"
    - Ajout de module de r?paration du fond d'?cran.
    - Rogue Program files
    \\vaccinescan\\
    - Whitelist DNS
    199.243.213.* (Canada)


    V4.3.4 26/03/2011
    =================
    - Ajout des removable devices dans l'option 6, sauf lecteur disquette.
    - Ajout des repertoires Ma musique, Mes videos, Mes images
    - Correction bug sur la r?cup?ration des chemins Mes videos.


    V4.3.3 24/03/2011
    =================
    - Ajout module de v?rification de l'activation de la restauration syst?me
    - Modification du syst?me WL/BL => Ajout de plusieurs chemins possible
    - Ajout des disques locaux (Sauf syst?me) pour le mode 6.
    - DNS Whitelist
    86.64.145.145 (NEUF)
    84.103.237.145 (NEUF)
    - Whitelist
    Dropbox.exe
    LBubble Dock.exe


    V4.3.2 16/03/2011
    =================
    - Ajout d'un module pour neutraliser les liens dans les rapports (fichiers Hosts principalement)
    - Correction d'un bug g?n?rant des FPs dans le module de services
    - Rogue PF
    \\ProPrivacy\\
    \\antiguard\\
    - Whitelist
    rockmeltcrashhandler.exe
    rockmelt.exe
    - WhitelistDNS
    195.235.96.90 (DNS Espagnol)
    195.235.113.3 (DNS Espagnol)

    V4.3.1 14/03/2011
    =================
    - Ajout d'un module pour la restauration des fichiers pass?s en "cach?" par le rogue Windows diagnostic (option 6)
    - Ajout whitelist:
    IMVUQualityAgent.exe
    - Suppression du checkPath pour les services (trop de FPs)


    V4.3.0 10/03/2011
    =================
    - Refonte des Whitelist/Blacklist, ajout de chemins (permet de dire qu'un fichier est blacklist? sauf dans un certain repertoire, etc...)
    - Correction d'un bug causant des probl?mes d'affichage dans le module de langue englais


    V4.2.1 09/03/2011
    =================
    - Correction d'un bug faisant planter le module de langue
    - Prise en charge Quarantaine pour les modules RUN/Services/Tasks/Startup Folder/Residus
    - Ajout Whitelist:
    isuspm.exe (Install Shield Update manager)


    V4.2.0 07/03/2011
    =================
    - Modification du syst?me de rapports:
    Les rapports ne s'ajoutent plus au fichier RKreport.txt, mais ? des fichiers distincts ? chaque lancement, nomm? suivant la norme: RKreport[NUMERO].txt
    Le r?capitulatif de tous les fichiers disponibles s'affiche ? la fin du rapport.
    - Whitelist DNS: 81.253.149.$


    V4.1.1 07/03/2011
    =================
    - Correction d'un bug dans la detection des chemins de fichiers, entra?nant la non d?tection de certaines cl?s de registre avec espaces.
    - Ajout rogue program files:
    \\ZeroVaccine\\


    V4.1.0 04/03/2011
    =================
    - Correction de bugs
    - Ajout d'une traduction Fran?ais/Anglais selon la langue du PC


    V4.0.1 28/02/2011
    =================
    - Correction de bugs (refonte du systeme de parsing des cl?s de registre)
    - Ajout de surveillance des cl?s RunOnce, RunServices, RunOnceEx, RunServiceOnce pour toutes les sessions.
    Des rogues comme System tool peuvent maintenant ?tre supprim?s depuis une session saine.
    - Rogue Program files:
    \\pcvaccine\\


    V4.0.0 23/02/2011
    =================
    - Refonte du moteur avec passage du C au C++
    - Modification de l'affichage des rapports, plus d'infos.
    - Ajout blacklist
    sdra64.exe
    - Rogue program files
    \\specialguard\\


    V3.10.3 21/02/2011
    ==================
    - Ajout des modules de surveillance Associations de fichiers:
    HKEY_LOCAL_MACHINE\Software\\Classes\\pezfile\\shell\\open\\command
    HKEY_LOCAL_MACHINE\Software\\Classes\\.exe\\shell\\open\\command
    HKEY_LOCAL_MACHINE\Software\\Classes\\exefile\\shell\\open\\command
    HKEY_CURRENT_USER\Software\\Classes\\exefile\\shell\\open\\command
    - Ajout blacklist
    eksplorasi.exe


    V3.10.2 17/02/2011
    ==================
    - Ajout d'une mise en quarantaine pour les process tu?s (pas encore pour les DLL et les r?sidus)
    La quarantaine se trouve ? la racine de l'ex?cutable (RK_Quarantine) et comprends:
    * Les fichiers au format -> Nom_de_lexe.exe.vir
    * un fichier texte (QuarantineReport.txt) comprenant le r?capitulatif par date des suppression, ainsi que les chemins d'origine.
    Demander ce rapport en cas de faux positif pour restaurer (? la main) les fichiers d?plac?s par erreur.
    - Ajout module HKEY_USERS (cl? Winlogon/Windows) pour surveiller les cl?s Shell et Load des autres sessions du PC
    - Ajout surveillance proxy sur HKLM
    - Ajout Association fichiers EXE: HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command
    - Rogue Program Files
    \\McAVG\\
    \\AVGT\\



    V3.10.1 16/02/2011
    ==================
    - Ajout module HKEY_USERS (cl? RUN) pour surveiller les cl?s RUN d'autres sessions.
    - Correction bug CheckPath
    - Ajout surveillance du chemin des fichiers Services
    - Ajout surveillance cl? ProxyEnable (Module Proxy)
    - Rogue Program Files
    \\PrivacyHidden\\
    \\SafeCare\\


    V3.10.0 11/02/2011
    ==================
    - Ajout module de d?tection rootkits (sommaire)
    => BruteForce PIDs + v?rification Blacklist / WhiteList
    - Ajout ouverture UAC au lancement (pour mode admin)
    - R?organisation DNS Blackist => Comparaison par masque
    - Rogues program files
    "\\eoRezo\\"
    "\\homevaccine\\"
    "\\smartscan\\"



    V3.9.0 01/02/2011
    =================
    - Migration des modules Proxy et DNS dans des options distinctes. (options 4 et 5)
    - Ajout BlackList:
    printer.exe (EasySpywareCleaner)
    ctfmona.exe (EasySpywareCleaner)
    xpupdate.exe (EasySpywareCleaner)
    - Rogue Program Files:
    \\EasySpywareCleaner\\
    - Correction Bug sur module Shell, qui emp?chait la detection des cl?s "Load"


    V3.8.5 31/01/2011
    =================
    - Ajout module de reconnaissance du mode de d?marrage (Normal, Mode sans ?chec avec / sans prise en charge r?seau)
    - Ajout reconnaissance du nom de la session courante
    - Ajout DNS WhiteList: "74.118.212.1","74.118.212.2", "192.168.10.1", "15.243.128.51","15.243.160.51", "193.95.75.10","193.95.75.13"
    - Rogue Program Files:
    \\MyPCCheck\\

    - Ajout WhiteList:
    autologin.exe



    V3.8.4 29/01/2011
    =================
    - Ajout module de reconnaissance des DNS malicieux
    - Ajout WhiteList DNS: http://www.commentcamarche.net/faq/1496-serveurs-dns-des-principaux-fai
    - 74.118.212.1,74.118.212.2,192.168.10.1,156.154.70.22,156.154.71.22
    - Ajout Whtelist
    little transparency.exe
    SmpSys.exe
    - Changement Icone


    V3.8.3 27/01/2011
    =================
    - Ajout module de d?tection de lancement automatique de raccourcis dans le dossier Startup
    (C:\Documents and Settings\<USER>\Menu D?marrer\Programmes\D?marrage)

    - Ajout rogues program files:
    \\liveboan\\
    \\security119\\
    \\PrivacyInfo\\
    \\MegaVaccine\\
    \\WebVaccine\\
    \\Smart Security\\


    V3.8.2 27/01/2011
    =================
    - Correction de bugs
    - Ajout rogues program files:
    \\PC Security 2011\\
    \\Best Spyware Scanner\\
    \\AVP2009\\
    \\RegGenie\\

    - Ajout WhiteList
    e_s$$**$.exe (Epson Driver)



    V3.8.1 20/01/2011
    =================
    - Modification de code
    - Correction de bugs


    V3.8.0 19/01/2011
    =================
    -Ajout module de d?tection des rogues dans program files
    -Modif module DLL pour d?tection chemin sensibles/program files
    -Ajout blacklist:
    avsubengine.exe (VaccineClean)
    uninst_$ (Rogue.multiple)
    -Ajout rogues program files:
    \\VaccineClean\\
    \\easyvaccine\\
    \\PCoptimizer 2010\\
    \\PrivacyRight\\
    \\wisevaccine\\
    \\privacyguard 2010\\
    \\v2accine2010\\
    \\NewVC\\
    \\ddosclean\\
    \\vaccineprogram\\
    \\SpyCare\\
    \\pcclearplus\\
    \\CleanV\\
    \\uservaccine\\
    \\powercare\\
    \\protect_one\\
    \\QScan\\
    \\ScanZero\\
    \\searchguard\\
    \\safetyboan\\
    \\BestBoan\\
    \\DataProtect\\
    \\????????????\\
    \\adsafer\\
    \\AntiProtect\\
    \\cleanscan\\
    \\New2Clean\\
    \\IDBoan\\
    \\Scan119\\
    \\????????\\
    \\Vkiller\\
    \\infosecret\\
    \\VaccineLab\\
    \\RegistryClever\\
    \\VaccineData\\
    \\infohold\\
    \\Internetvaccine\\
    \\keycop\\
    \\k-security\\
    \\eClean3.0\\
    \\RealVaccine\\


    V3.7.4 13/01/2011
    =================
    - Modification module HOSTS -> affichage des 20 premi?res lignes seulement
    (simplifie la lecture du rapport)
    - Modification du module de detection du type d'user
    - Ajout whitelist:
    Smax4.exe


    V3.7.3 09/01/2011
    =================
    - Modification du module HOSTS (Ajout d'un fixACL et d'un fixAttributes, qui permettent la modif du fichier)
    - Correction d'un bug g?n?rant des faux positifs dans le module HijackInitDLL


    V3.7.2 08/01/2011
    =================
    - Ajout module de surveillance des AppInitDLL (chargement de dll au d?marrage de windows dans explorer)
    - Renseignement du mode de lancement de l'appli (Admin - NOT Admin)
    - Ajout blacklist
    SM***.exe
    SM****.exe
    SM****_$.exe


    V3.7.1 07/01/2011
    =================
    - Correction d'un bug cr?ant des faux positifs dans le module de masque
    - Modification du module "inkillable" => meilleurs r?sultats, surtout sous Vista/seven
    - Ajout blacklist:
    sw2#.exe
    Fullremove.exe

    -Service Blacklist
    sst#


    V3.7.0 05/01/2011
    =================
    - Ajout module de detection Hijack WBEM (famille Antivirus 2010)


    V3.6.1 28/12/2010
    =================
    - Ajout blacklist:
    *****_##$.exe (Internet Security suite)


    V3.6.0 28/12/2010
    =================
    - Ajout d'un module de surveillance du fichier HOSTS
    - Ajout d'un mode permettant de restaurer un HOSTS sain


    V3.5.2 27/12/2010
    =================
    - Ajout de la surveillance de la ligne
    HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows -> Load

    - Ajout Blacklist:
    !^!^!#####.exe (System tool)


    V3.5.1 18/12/2010
    =================
    - Correction d'un bug emp?chant la suppression de cl?s de registre poss?dant +2 niveaux de sous-cl?s


    V3.5.0 13/12/2010
    =================
    - Modification du module de modif des ACLs, prise en charge de Vista / Seven
    (Merci ? Egwene et Eric_71)


    V3.4.0 11/12/2010
    =================
    - Ajout d'un module pour rendre le process inkillable! :)
    (du moins hormis l'utilisateur, et les applis ayant SE_DEBUG)


    V3.3.0 11/12/2010
    =================
    - Ajout d'un module de suppression des LEGACY
    (Ne marche que sous XP pour le moment)
    - Ajout d'un module de modification des ACL, avec resatauration apr?s le scan/modif des cl?s (merci ? Egwene)
    - Correction d'un bug de d?tection des chemins sensibles (Appli~1 = Appdata)

    V3.2.1 01/12/2010
    =================
    - Correction d'un bug qui faisait planter le module running services
    - service blacklist:
    vbma**** (Antivirus Action)


    V3.2.0 20/11/2010
    =================
    - Modification et activation du module des taches planifi?es.
    Bas? sur la blacklist, et les r?sidus en m?moire.


    V3.1.0 20/11/2010
    =================
    - Ajout de module de scan 04
    RunServices
    RunOnceEx

    - Blacklist
    windowstmsystem.exe
    microsoftspeech.exe
    mbamzlib.exe
    sshnas$
    Zludo*.exe
    Zjuje*.exe

    - Service
    SSHNAS

    V3.0.1 14/11/2010
    =================
    - Ajout de service Blacklist
    Follower

    - Ajout de cl?s Blacklist
    netc.exe
    nnmmnnsys.exe


    V3.0.0 14/11/2010
    =================
    - Hijack Policies
    NoFolderOptions

    - Correction d'un bug qui faisait planter le module de recherche RUN


    V2.9.0 14/11/2010
    =================
    - Ajout d'un module de Shell Spawning (Hijack du lancement des .Exe)
    pezfile
    .exe


    V2.8.0 13/11/2010
    =================
    - Ajout de module de d?tection des Hijack Policies
    DisableTaskMgr
    DisableRegistryTools
    DisableCMD

    V2.7.1 12/11/2010
    =================
    - Correction d'un bug faisant planter le module IFEO
    (d?bordement de tableau)


    V2.7.0 11/11/2010
    =================
    - Ajout module proxy Firefox


    V2.6.0 05/11/2010
    =================
    - Ajout module de reconnaissance des dll charg?es sous rundll32
    - Ajout module de kill des dll trouv?es dans les r?sidus
    - Services Blacklist:
    kxtoykoc (smart defragmenter)
    jvfrhmo (think point)

    V2.5.0 05/11/2010
    =================
    - Ajout module Image File Execution Options
    - Ajout module taches planifi?es (? completer)


    V2.4.0 05/11/2010
    =================
    - Ajout description dans les propri?t?s.


    V2.4.0 30/10/2010
    =================
    - Ajout d'un module de scan des r?sidue
    (process dont la cl? de registre ? ?t? supprim?e, mais qui n'ont pas ?t? tu?s,
    car seul la valeur de la cl? de registre permet de les identifier)
    - Ajout Date/Heure dans le rapport
    - Correction d'un faux positif sur les noms de fichier contenant "temp"


    V2.3.1 30/10/2010
    =================
    - Ajout recherche Blacklist pour les valeurs de registre
    - BlackList:
    MK**.exe (Antimalware Doctor)
    MK***.exe (Antimalware Doctor)
    uPc+MV$.exe (Antimalware Doctor)

    - WhiteList:
    Chrome.exe (se lance dans Appdata)

    - Ouverture automatique du rapport ? la fin
    - Message invitant ? passer le mode 2 si des infections
    ont ?t? trouv?es dans le registre



    V2.3.0 22/10/2010
    =================
    - refonte du module de scan svchost (?l?vation des privil?ges)
    -> plus besoin des taskkill et tasklist

    - Ajout d'un module de scan des services en cours d'ex?cution (autres
    que svchost)


    V2.2.0 21/10/2010
    =================
    - Ajout currentcontrolset003
    - remaniement du code


    V2.1.0 20/10/2010
    =================
    - Ajout d'un module de comparaison g?rant les masques
    - Ajout de rogue

    SM***_****.exe (Smart Engine)


    V2.0.0 20/10/2010
    =================
    - Ajout d'un module de scan des services svchost
    -> on tue le service si celui ci est suspect

    Ce module ne fonctionne pas nativement sous XP home.
    il faut t?l?charger 2 ex?cutables et les placer ? la racine de RogueKiller


    V1.8.0 19/10/2010
    =================
    - Ajout d'un module de scan des services (CurrentControlSet, ControlSet001, 002)

    - Ajout de services ? la liste noire:

    userinit (Antivirus 2010)


    V1.7.1 19/10/2010
    =================

    - Ajout de quelques process en WhiteList

    flux.exe
    RtkBtMnt.exe
    GoogleUpdate.exe


    V1.7.0 18/10/2010
    =================
    - Ajout d'un module de suppression des proxy

    V1.6.0 18/10/2010
    =================
    - refonte de la recherche de processus.
    -> Purge des Blacklist / WhiteList
    -> Scan bas? sur l'emplacement du process en priorit? pour une plus grande rapidit?

    - Ajout? le repertoire "Bureau/Desktop" comme dossier sensible
    - Ajout? chemin des fichiers tu?s (Sauf security Tools) dans le rapport


    V1.5.0 18/10/2010
    =================
    - Ajout d'un scan de la cl? Shell

    rogue Thinkpoint pris en charge

    BlackList
    Hotfix.exe
    Desktop Security 2010.exe


    WhiteList:
    GoogleUpdate.exe
    chrome.exe
    GoogleCrashHandler.exe
    flux.exe
    Ati2evxx.exe
    spoolsv.exe




    V1.4.0 14/10/2010
    =================
    - Ajout d'un choix de mode pour le registre
    mode scan: ne supprime pas les cl?s de registre trouv?es
    mode remove: supprime les cl?s de registre trouv?es

    Cela permet de voir d'?ventuels faux positifs et rassurer les personnes
    qui ne veulent pas toucher au registre, et seulement tuer le processus infectieux


    V1.3.0 14/10/2010
    =================
    - Ramaniement du code, optimisations.
    Arrangement modulaire


    V1.2.0 12/10/2010
    =================
    - Am?lioration du module de d?tection des cl?s RUN/RUNONCE infectieuse
    d?tection des fichiers / chemin de mani?re plus pr?cise
    moins de faux positifs, ciblage plus facile.

    - Passage en "Append" du fichier RKreport.txt (au lieu de w+)
    ce qui permet de ne pas ?craser les rapports pr?c?dents en cas de multiples
    ex?cutions ? la suite
    (le rapport est donc une superposition ant?-chronologique des diff?rents rapports)



    V1.1.2 10/10/2010
    =================
    - Ajout d?tection OS et affichage dans le rapport

    Desktop Security 2010.exe
    flash_player_installer.exe

    Whitelist:
    rundll32.exe


    V1.1.1 08/10/2010
    =================

    avp32.exe (Peak Protection)
    user.exe (Peak Protection)
    system.exe (Peak Protection)
    svc.exe
    load.exe (Antivirus studio 2010)
    securitycenter.exe (Antivirus studio 2010)
    securityhelper.exe (Antivirus studio 2010)
    AntiVirus Studio 2010.exe (Antivirus studio 2010)


    V1.1.0 04/10/2010
    =================
    - Ajout d'un module de suppression des cl?s RUN/RUNONCE en fonction
    de la liste noire/liste blanche et des filtres dossiers habituels
    - Optimisations
    - Ajout d'un icone programme
    - Ajout de quelques process Koobface:

    ld15.exe
    ld16.exe
    andy133.exe


    V1.0.3 01/10/2010
    =================
    - Ajout d'un module tuant les applications tournant sous "\Application Data\"
    ou un de ses sous-dossiers
    - Ajout d'un module tuant les applications tournant sous "\Temp\"
    ou un de ses sous-dossiers


    V1.0.2 01/10/2010
    =================
    - Passage en priorit? Haute au d?marrage du processus
    (plus grande part CPU pour le scan, donc moins de chances de se faire killer)


    V1.0.1 01/10/2010
    =================
    - Ajout d'une whitelist minimaliste pour acc?l?rer la recherche

    [System Process]
    System
    smss.exe
    csrss.exe
    wininit.exe
    winlogon.exe
    services.exe
    lsass.exe
    lsm.exe
    svchost.exe
    dwm.exe
    explorer.exe
    ctfmon.exe
    dllhost.exe
    alg.exe
    conhost.exe
    taskhost.exe
    sched.exe
    Locator.exe
    jusched.exe



    V1.0 30/09/2010
    ===============
    - Rogue Security Tools
    module de d?tection des noms compos?s uniquement de chiffres

    - Ajout de rogues plus anciens:
    ccagent.exe (Control center)
    ccmain.exe
    richtx64.exe (Data Protection)
    asr64_ldm.exe (Dr Guard)
    diskperfxp.exe (User Protection)
    davclnt.exe (Digital Protection)
    avp.exe
    digprot.exe
    datprot.exe (Data Protection)
    ave.exe


    - Changelog SmitfraudFix jusqu'? November 06, 2008

    winupdate.exe
    AVR09.exe
    msa.exe
    ld09.exe
    mediacodec.exe
    pp10.exe
    SYSDLL.exe
    SYS32DLL.exe
    DL32.exe
    pcdefender.exe
    svchost_32.exe
    asasa.exe
    syst.exe
    msctrl.exe
    msavsc.exe
    msscan.exe
    msiemon.exe
    msfw.exe
    msctrl.exe
    msavsc.exe
    msscan.exe
    msiemon.exe
    msfw.exe
    setup2.exe
    AntivirusXP.exe
    ld03.exe
    pp06.exe
    userload.exe
    rs32net.exe
    renus2008.exe
    sysrc32.exe
    svchostw.exe
    ld01.exe
    ld02.exe
    pp2.exe
    dll32.exe
    winagent.exe
    systeminit.exe
    sysguard.exe
    avrlabs.exe
    AnvTrgr.exe
    msiconf.exe
    VirTrigger.exe
    VirusTriggerBin.exe
    svhost.exe
    reged.exe
    spoolsystem.exe
    syscert.exe
    sysexplorer.exe
    wsc32x.exe
     
  9. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    Wasn't sure if you needed the ChangeLog but I put it anyway. Rest will come shortly.
    Greetings
     
  10. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    MBAM Log (It did not ask me to restart my computer so I did not)

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/8/2016
    Scan Time: 3:04 PM
    Logfile: Mbam log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.02.16.06
    Rootkit Database: v2016.02.08.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: pantahsharam

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 421339
    Time Elapsed: 53 min, 14 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.FrameWorkBHO, HKLM\SOFTWARE\CLASSES\CLSID\{CACB139B-7C2C-4A99-A4EE-72449D0FF549}, Quarantined, [5016b6abaced66d07c0f910ae71b0bf5],
    PUP.Optional.Somoto, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SomotoUpdateCheckerAutoStart, Quarantined, [88de6df499003df968d14aba24e0bc44],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3255573426-2543451188-2402224606-501\SOFTWARE\AskPartnerNetwork, Quarantined, [98ce89d8e7b2de58f1f846b6ae54bd43],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.Somoto, C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart, Quarantined, [ed797be65940063062d09f65de2633cd],
    PUP.Optional.ASK.Gen, C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dj0j0bkq.default\searchplugins\ask-search.xml, Quarantined, [86e0c59c584196a0e73bc94a1bead32d],
    PUP.Optional.Iminent, C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\prefs.js, Good: (), Bad: (user_pref("iminent.adapters", "{\"digitaltrends\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918115605761814400\"},\"thepiratebay\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918120998591814400\"},\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918121671501814400\"},\"facebook\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":3,\"expireTime\":\"13918121702531814400\"},\"pakalertpress\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918123905401814400\"},\"imdb\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918149294831814400\"},\"youtube\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918150980681814400\"},\"chinawomendating\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918164699201814400\"},\"google\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918165274491814400\"},\"milfhd\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166262801814400\"},\"puremature\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166364021814400\"},\"****milfporn\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166701651814400\"},\"porntube1\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166884101814400\"},\"redtube\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167122471814400\"},\"akamaihd\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167219151814400\"},\"xsrving\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167230251814400\"},\"doublepimp\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167245361814400\"},\"mrskin\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918233822111814400\"},\"celebritymixer\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918234152471814400\"},\"upworthy\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918236461351814400\"},\"paradigmshiftcentral\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918344220901814400\"},\"theocgproject\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918346534071814400\"},\"fromthesilence\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918430790481814400\"},\"website-unavailable\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918436513221814400\"},\"soundcloud\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918436625591814400\"},\"flickr\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918440130941814400\"},\"yahoo\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918937172551814400\"},\"techspot\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918937421601814400\"},\"imgnip\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918938268291814400\"},\"adultxpictures\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918938890281814400\"},\"imgboxxx\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918939386481814400\"},\"xxxhost\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918939703311814400\"},\"ashleymadison\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918941401901814400\"},\"cougarspeeddate\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918941799991814400\"},\"couturelosangeles\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918942072071814400\"},\"meetup\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918943127551814400\"},\"blogspot\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918943548031814400\"},\"urbancougar\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918943789121814400\"},\"adultfriendfinder\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918947254591814400\"},\"thecougarconnection\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918947597331814400\"},\"amazon\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13919118186361814400\"},\"bleepingcomputer\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919121663351814400\"},\"eset\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919132267021814400\"},\"globaltechexpert\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919133121911814400\"},\"vimeo\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919149562991814400\"},\"mooji\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919182744511814400\"},\"metric-conversions\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13920867834221814400\"},\"lbreport\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13920882684871814400\"},\"bankofamerica\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921748721781814400\"},\"identity-protection\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921750659541811559\"},\"wikipedia\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921791526561814400\"},\"starfirereiki\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921792198031814400\"},\"didjshop\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921797645451814400\"},\"didgetherapy\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921798282861814400\"},\"crystal-cure\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921811147471814400\"},\"chopra\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921869371701814400\"},\"wordpress\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921954635601814400\"},\"adyashanti\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922559265951814400\"},\"jezebel\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922594469021814400\"},\"stern\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922630428761814400\"},\"toggl\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922724686981814400\"},\"xvideos\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923622800791814400\"},\"maturetubeporn\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923623803091814400\"},\"tubemature\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923624548441814400\"},\"megamaturesex\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923624783541814400\"},\"oldgrannylovers\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923626662301814400\"},\"hotpornshow\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923627231801814400\"},\"gizmodo\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923635453881814400\"},\"mylant\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923656701001814400\"},\"literotica\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924830463751814400\"},\"tube8\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924830606641814400\"},\"nudediana\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924831054311814400\"},\"only40\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924834184351814400\"},\"drunkporntube\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924834380641814400\"},\"69flv\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924834742911814400\"},\"roadtrippers\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924843833021814400\"},\"ramdass\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924845329401814400\"},\"themetapicture\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924848477661814400\"},\"edisproduction\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13925970340901814400\"},\"israelvideonetwork\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13925976120771814400\"},\"teohua\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926742359521814400\"},\"floweroflifestore\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926742494011814400\"},\"bukbesthotels\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926742592551814215\"},\"myorganogold\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926744845391814400\"},\"homedepot\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926818429611814400\"},\"websurveypanel\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926819638011814400\"},\"pnmag\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927559152871814400\"},\"glad\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927571825031814400\"},\"thekitchn\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927572187091814400\"},\"outbrain\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927572985881814400\"},\"oncenter\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927638368761814400\"},\"samplewords\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927642443821814400\"},\"bidclerk\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927645313681814400\"},\"sfgate\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927766260121814400\"},\"ehow\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13927768006291814400\"},\"lbtransit\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927779662531814400\"},\"adobe\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927785890971814400\"}}");), Replaced,[bda9c69bd1c8102635569877bd480ff1]
    PUP.Optional.Iminent, C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\prefs.js, Good: (), Bad: (_ok\",\"shown\":[\"antiadblock\"],\"downloadCount\":143}");
    user_pref("extensions.adblockpluspopupaddon.defaultAction", "block");), Replaced,[402677eac1d81d194f3cd33c17ee9d63]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  11. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ADW CLEANER Log

    # AdwCleaner v6.010 - Logfile created 08/09/2016 at 16:18:21
    # Updated on 12/08/2016 by ToolsLib
    # Database : 2016-08-24.2 [Local]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : pantahsharam - PANTAHSHARAM-HP
    # Running from : C:\Users\pantahsharam\Desktop\adwcleaner_6.010.exe
    # Mode: Clean
    # Support : https://toolslib.net/forum



    ***** [ Services ] *****



    ***** [ Folders ] *****



    ***** [ Files ] *****

    [-] File deleted: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
    [-] File deleted: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{F791D8AE-47E8-40A5-A913-EB2D2AF29602}]
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


    ***** [ Web browsers ] *****

    [-] Chrome preferences cleaned: "browser.search.param.yahoo-fr" - "chr-greentree_ff&ilc=12&type=714647"
    [-] Chrome preferences cleaned: "extensions.APN_TB.first-previous-keyword-url" - "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
    [-] Chrome preferences cleaned: "extensions.ORJ-V7.previous-keyword-url" - "\"hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=\""
    [-] Chrome preferences cleaned: "browser.search.defaultengine" - "Ask Search"
    [-] Chrome preferences cleaned: "browser.search.order.1" - "Ask Search"


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2266 Bytes] - [08/09/2016 16:18:21]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2853 Bytes] - [08/09/2016 16:17:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2412 Bytes] ##########
     
  12. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    JRT Log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by pantahsharam (Administrator) on Thu 09/08/2016 at 16:31:25.98
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 58

    Successfully deleted: C:\ProgramData\esellerate (Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{00AF124E-E821-4855-9D41-A13E008D8367} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{1215B215-B43B-499C-BDFC-AFF3D21446BB} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{19A48680-34BC-4184-8DE1-582A3DB04228} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{1ECEF254-4A13-481D-BD4B-6CBAF04783E2} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{204CB972-5DA6-4D77-8CD5-640B39CCA9E1} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{2105BAAA-A665-474F-91D2-4FB201C34F38} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{225E7CD5-A725-4751-BCB3-0269B26E61D3} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{499EE3C2-44BB-4D9C-B5A7-D2DA596E04F2} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{6840B832-BFA0-4812-BDAE-B5C2F52D82F5} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{6A3FF985-781E-4225-8C14-ECBB6B35EE1F} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{6C81BEF7-F04D-45F6-88B5-9E605EBCC60A} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{853F4EED-E066-42E2-9446-38ABD1022950} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{862793D7-3788-43E6-A2B7-4B4B23751AFD} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{8D1CFBEC-25D1-4EDE-A7C3-D22CA76E155C} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{9004E390-6184-4B0E-B431-6FE09CFBA1DB} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{96511885-2B34-4D55-81BC-CEAEDA58699F} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{AA520B7B-8080-47FF-A600-80FA33B3F337} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{B2E5CD29-E24E-4746-9AB0-B9CF96BB4C79} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{C1F53CB7-7C18-4D90-A200-458C8C258ED2} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{C6071F6C-EAFA-4D49-9E27-A3B17D96A663} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{D716E09A-FA75-4E7B-B751-086FEB8136E0} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{EB593DC8-DB81-4A39-A9E4-EC1D28C067F8} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{EF357285-C610-4952-A600-BA5A08B6CC25} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\{EF9EE58B-8F34-4860-BD72-820E11CE28A4} (Empty Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Invalidprefs.js (File)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IRJCQ8H (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZCWSAHQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\598AH9QG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O3J0R5Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6S1U4O6Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XZ99FAE (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FTCAY0B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Y5LB8I (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUR3MLEV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPF5XUSY (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOCI55DI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNWCJNMA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM1KGWH3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWL7F15U (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMOI38T4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZS9U65N5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IRJCQ8H (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZCWSAHQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\598AH9QG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O3J0R5Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6S1U4O6Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XZ99FAE (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FTCAY0B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Y5LB8I (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUR3MLEV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPF5XUSY (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOCI55DI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNWCJNMA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM1KGWH3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWL7F15U (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMOI38T4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZS9U65N5 (Temporary Internet Files Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 09/08/2016 at 16:34:59.20
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ComboFix 16-09-05.01 - pantahsharam 09/09/2016 10:19:07.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3753 [GMT 2:00]
    Running from: c:\users\pantahsharam\Desktop\ComboFix.exe
    AV: McAfee VirusScan Enterprise *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-08-09 to 2016-09-09 )))))))))))))))))))))))))))))))
    .
    .
    2016-09-08 14:11 . 2016-09-08 14:18 -------- d-----w- C:\AdwCleaner
    2016-09-08 13:04 . 2016-09-08 14:05 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-09-08 13:03 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
    2016-09-08 13:03 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2016-09-08 13:03 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
    2016-09-08 13:03 . 2016-09-08 13:03 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2016-09-08 09:38 . 2016-09-08 09:38 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-09-08 09:37 . 2016-09-08 09:37 -------- d-----w- c:\program files\RogueKiller
    2016-09-08 09:37 . 2016-09-08 09:37 -------- d-----w- c:\programdata\RogueKiller
    2016-09-07 12:21 . 2016-09-07 12:21 -------- d-----w- C:\QUARANTINE
    2016-09-07 12:16 . 2016-09-07 12:29 -------- d-----w- C:\FRST
    2016-09-06 19:49 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2016-09-06 19:44 . 2016-07-08 15:01 3218944 ----a-w- c:\windows\system32\win32k.sys
    2016-09-06 19:35 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21B483F8-8E43-4CDF-ABDA-313CB1994E57}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-09-06 20:55 . 2012-01-21 05:37 147640136 -c--a-w- c:\windows\system32\MRT.exe
    2016-07-26 12:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe
    2016-07-14 18:15 . 2012-05-03 22:55 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-07-14 18:15 . 2011-10-12 23:42 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-06-26 00:35 . 2016-07-14 17:00 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2016-06-26 00:27 . 2016-07-14 17:00 756736 ----a-w- c:\windows\system32\win32spl.dll
    2016-06-26 00:27 . 2016-07-14 17:00 344576 ----a-w- c:\windows\system32\ntprint.dll
    2016-06-26 00:27 . 2016-07-14 17:00 970240 ----a-w- c:\windows\system32\localspl.dll
    2016-06-26 00:27 . 2016-07-14 17:00 22528 ----a-w- c:\windows\system32\inetppui.dll
    2016-06-26 00:27 . 2016-07-14 17:00 166400 ----a-w- c:\windows\system32\inetpp.dll
    2016-06-26 00:27 . 2016-07-14 17:00 1208320 ----a-w- c:\windows\system32\aeinv.dll
    2016-06-25 19:54 . 2016-07-14 17:00 497152 ----a-w- c:\windows\SysWow64\win32spl.dll
    2016-06-25 19:53 . 2016-07-14 17:00 297472 ----a-w- c:\windows\SysWow64\ntprint.dll
    2016-06-25 19:53 . 2016-07-14 17:00 48640 ----a-w- c:\windows\system32\wpnpinst.exe
    2016-06-25 19:53 . 2016-07-14 17:00 61952 ----a-w- c:\windows\system32\ntprint.exe
    2016-06-25 19:41 . 2016-07-14 17:00 61952 ----a-w- c:\windows\SysWow64\ntprint.exe
    2016-06-22 13:06 . 2016-07-14 17:00 268800 ----a-w- c:\windows\system32\centel.dll
    2016-06-17 18:24 . 2016-07-14 17:00 544256 ----a-w- c:\windows\system32\devinv.dll
    2016-06-17 18:24 . 2016-07-14 17:00 571904 ----a-w- c:\windows\system32\generaltel.dll
    2016-06-17 18:24 . 2016-07-14 17:00 294912 ----a-w- c:\windows\system32\invagent.dll
    2016-06-17 18:24 . 2016-07-14 17:00 219136 ----a-w- c:\windows\system32\aepic.dll
    2016-06-17 18:24 . 2016-07-14 17:00 1490432 ----a-w- c:\windows\system32\appraiser.dll
    2016-06-17 18:24 . 2016-07-14 17:00 76800 ----a-w- c:\windows\system32\acmigration.dll
    2016-06-14 15:21 . 2016-07-14 17:00 2560 ----a-w- c:\windows\apppatch\AcRes.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
    "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-09-05 333416]
    "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-12-04 242792]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
    .
    c:\users\pantahsharam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-27 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.376\SSScheduler.exe [2016-7-19 407816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableSecureUIAPath"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
    R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
    R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
    R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
    R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
    R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
    R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.376\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.376\McCHSvc.exe [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
    R4 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
    R4 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
    R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    R4 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
    S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
    S2 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
    2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 18:15]
    .
    2016-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 08:29]
    .
    2016-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 08:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: Interfaces\{1925E23C-52D8-473A-98A4-A71281337318}: NameServer = 213.162.69.2 213.162.69.170
    TCP: Interfaces\{7670DE11-D589-4090-8321-62C6C7B141BC}: NameServer = 213.162.69.2 213.162.69.170
    TCP: Interfaces\{E206ABF8-83E3-4929-97F3-74FD5A27A50A}: NameServer = 213.162.69.2 213.162.69.170
    TCP: Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}\6427565677166756: NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}\75C414E402743C4A374756: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\
    FF - prefs.js: browser.search.selectedEngine -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE -silent
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,98,ed,2f,ee,00,ae,4c,a1,cf,c6,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,98,ed,2f,ee,00,ae,4c,a1,cf,c6,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.22"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-09-09 10:35:52
    ComboFix-quarantined-files.txt 2016-09-09 08:35
    .
    Pre-Run: 241,023,524,864 bytes free
    Post-Run: 241,694,130,176 bytes free
    .
    - - End Of File - - F2C8A209CD1B7114FDD98FB471E6CA8C
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  16. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
    Ran by pantahsharam (administrator) on PANTAHSHARAM-HP (10-09-2016 09:07:57)
    Running from C:\Users\pantahsharam\Desktop
    Loaded Profiles: pantahsharam (Available Profiles: pantahsharam & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
    () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-03] (Intel(R) Corporation)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-19] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-28] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-14] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-06] (McAfee, Inc.)
    HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2012-12-04] (McAfee, Inc.)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-09-09] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-05]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-01] ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{1925E23C-52D8-473A-98A4-A71281337318}: [NameServer] 213.162.69.2 213.162.69.170
    Tcpip\..\Interfaces\{3C5C4C8E-0540-468D-85BD-E8E54443EB64}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{7670DE11-D589-4090-8321-62C6C7B141BC}: [NameServer] 213.162.69.2 213.162.69.170
    Tcpip\..\Interfaces\{E206ABF8-83E3-4929-97F3-74FD5A27A50A}: [NameServer] 213.162.69.2 213.162.69.170
    Tcpip\..\Interfaces\{EB428A1F-D96E-4117-BACA-BF354E5871E4}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: [NameServer] 208.67.222.222,208.67.220.220

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140130001518.dll [2014-01-30] (McAfee, Inc.)
    BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-06] (HP)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
    BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140130001519.dll [2014-01-30] (McAfee, Inc.)
    BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-06] (HP)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
    Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)

    FireFox:
    ========
    FF ProfilePath: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default
    FF SelectedSearchEngine:
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-images.xml [2014-09-14]
    FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-maps.xml [2014-09-14]
    FF Extension: (WOT) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
    FF Extension: (selectivecookiedelete) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\selectivecookiedelete@siju.mathew [2016-05-18]
    FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-18]
    FF Extension: (anonymoX) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\client@anonymox.net.xpi [2015-09-30]
    FF Extension: (Firefox Hotfix) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-05]
    FF Extension: (IPFlood) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\ip****@p4ul.info.xpi [2016-05-17]
    FF Extension: (Adblock Plus) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-17]
    FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-09-07] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
    FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-14] [not signed]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
    S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
    R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
    S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2014-02-07] () [File not signed]
    R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-06] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2014-01-30] (McAfee, Inc.)
    R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2012-12-04] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2014-01-30] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-03] ()
    S4 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.) [File not signed]
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
    R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-12] (Mobile Stream)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.)
    R3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.)
    R3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [178840 2014-01-30] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [309400 2014-01-30] (McAfee, Inc.)
    U3 mfeavfk01; no ImagePath
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2014-01-30] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\system32\drivers\mferkdet.sys [106112 2014-01-30] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2014-01-30] (McAfee, Inc.)
    S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-07] ()
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-29] () [File not signed]
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-08] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    U3 a3wlaqta; C:\Windows\System32\Drivers\a3wlaqta.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
    U4 bdselfpr; no ImagePath
    S4 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
    S4 iwdbus; system32\DRIVERS\iwdbus.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-09 10:35 - 2016-09-09 10:35 - 00026258 _____ C:\ComboFix.txt
    2016-09-09 10:15 - 2016-09-09 10:35 - 00000000 ____D C:\Qoobox
    2016-09-09 10:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-09-09 10:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-09-09 10:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-09-09 10:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-09-09 10:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-09-09 10:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2016-09-09 10:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2016-09-09 10:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2016-09-09 09:03 - 2016-09-09 09:09 - 05658674 ____R (Swearware) C:\Users\pantahsharam\Desktop\ComboFix.exe
    2016-09-08 16:34 - 2016-09-08 16:34 - 00008828 _____ C:\Users\pantahsharam\Desktop\JRT.txt
    2016-09-08 16:11 - 2016-09-08 16:18 - 00000000 ____D C:\AdwCleaner
    2016-09-08 16:10 - 2016-09-08 16:12 - 01610560 _____ (Malwarebytes) C:\Users\pantahsharam\Desktop\JRT.exe
    2016-09-08 16:08 - 2016-09-08 16:11 - 03826240 _____ C:\Users\pantahsharam\Desktop\adwcleaner_6.010.exe
    2016-09-08 16:04 - 2016-09-08 16:04 - 00012773 _____ C:\Users\pantahsharam\Desktop\Mbam log.txt
    2016-09-08 15:04 - 2016-09-08 16:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-09-08 15:04 - 2016-09-08 15:04 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-08 15:03 - 2016-09-08 15:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-09-08 15:03 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-09-08 15:03 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-09-08 15:03 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-09-08 13:45 - 2016-09-08 14:02 - 22851472 _____ (Malwarebytes ) C:\Users\pantahsharam\Desktop\mbam-setup-2.2.1.1043.exe
    2016-09-08 11:38 - 2016-09-08 11:38 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-09-08 11:37 - 2016-09-08 11:37 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-09-08 11:37 - 2016-09-08 11:37 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-09-08 11:37 - 2016-09-08 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-09-08 11:37 - 2016-09-08 11:37 - 00000000 ____D C:\Program Files\RogueKiller
    2016-09-08 11:35 - 2016-09-08 11:36 - 33106704 _____ (Adlice Software ) C:\Users\pantahsharam\Desktop\setup.exe
    2016-09-07 20:10 - 2016-09-07 20:20 - 00000318 _____ C:\Users\pantahsharam\Desktop\shodo.txt
    2016-09-07 14:29 - 2016-09-10 09:07 - 00020295 _____ C:\Users\pantahsharam\Desktop\FRST.txt
    2016-09-07 14:23 - 2016-09-07 14:29 - 00054055 _____ C:\Users\pantahsharam\Desktop\Addition.txt
    2016-09-07 14:21 - 2016-09-07 14:21 - 00000000 ____D C:\QUARANTINE
    2016-09-07 14:17 - 2016-09-07 14:41 - 00038117 _____ C:\Users\pantahsharam\Desktop\FRST (2).txt
    2016-09-07 14:16 - 2016-09-10 09:07 - 00000000 ____D C:\FRST
    2016-09-07 14:15 - 2016-09-07 14:15 - 02397696 _____ (Farbar) C:\Users\pantahsharam\Desktop\FRST64.exe
    2016-09-06 22:49 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-09-06 22:49 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-09-06 22:49 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-09-06 22:49 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-09-06 22:49 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-09-06 22:49 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-09-06 22:49 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-09-06 22:49 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-09-06 22:49 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-09-06 22:49 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-09-06 22:49 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-09-06 22:49 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-09-06 22:49 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-09-06 22:49 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-09-06 22:49 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-09-06 22:49 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-09-06 22:49 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-09-06 22:49 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-09-06 22:49 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-09-06 22:49 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-09-06 22:49 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-09-06 22:49 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-09-06 22:49 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-09-06 22:49 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-09-06 22:49 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-09-06 22:49 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-09-06 22:49 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-09-06 22:49 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-09-06 22:49 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-09-06 22:49 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-09-06 22:49 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-09-06 22:49 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-09-06 22:49 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-09-06 22:49 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-09-06 22:49 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-09-06 22:49 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-09-06 22:49 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-09-06 22:49 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-09-06 22:49 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-09-06 22:49 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-09-06 22:49 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-09-06 22:49 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-09-06 22:49 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-09-06 22:49 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-09-06 22:49 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-09-06 22:49 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-09-06 22:49 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-09-06 22:49 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-09-06 22:49 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-09-06 22:49 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-09-06 22:49 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-09-06 22:49 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-09-06 22:49 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-09-06 22:49 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-09-06 22:49 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-09-06 22:49 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-09-06 22:49 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-09-06 22:49 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-09-06 22:49 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-09-06 22:49 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-09-06 22:49 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-09-06 22:49 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-09-06 22:49 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-09-06 21:49 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-09-06 21:49 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-09-06 21:49 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-09-06 21:49 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-09-06 21:49 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-09-06 21:49 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-09-06 21:49 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-09-06 21:49 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-09-06 21:49 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-09-06 21:49 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-09-06 21:49 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-09-06 21:49 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-09-06 21:49 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-09-06 21:49 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-09-06 21:44 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-09-05 22:15 - 2016-09-06 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-09-05 21:58 - 2016-09-05 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-10 09:07 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-09-10 09:07 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-09-10 08:59 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-09-10 08:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
    2016-09-10 08:52 - 2013-05-29 02:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-10 08:52 - 2011-12-28 18:26 - 00000000 ____D C:\Users\pantahsharam\AppData\LocalLow\AuthenTec
    2016-09-10 08:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-09-09 23:10 - 2012-12-03 18:12 - 00000000 ____D C:\Users\pantahsharam\AppData\Roaming\vlc
    2016-09-09 22:53 - 2012-01-23 23:44 - 00000000 ____D C:\Users\pantahsharam\AppData\Local\CrashDumps
    2016-09-09 22:38 - 2013-05-29 02:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-09 22:14 - 2013-05-29 02:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-09-09 21:21 - 2015-12-15 21:03 - 00376832 ___SH C:\Users\pantahsharam\Desktop\Thumbs.db
    2016-09-09 21:20 - 2011-12-28 18:27 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C744B26-60FB-48D2-87E2-AE69436145DA}
    2016-09-09 10:30 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
    2016-09-08 14:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
    2016-09-07 12:14 - 2009-07-14 06:45 - 05114856 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-09-06 23:01 - 2013-08-05 09:02 - 00000000 ____D C:\Windows\system32\MRT
    2016-09-06 22:55 - 2012-01-21 07:37 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-09-06 12:42 - 2012-05-05 07:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-09-05 21:58 - 2016-06-09 19:19 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-09-05 21:58 - 2015-09-04 11:37 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-08-21 18:28 - 2015-12-05 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

    ==================== Files in the root of some directories =======

    2014-02-28 02:48 - 2015-12-19 02:03 - 0099384 _____ () C:\Users\pantahsharam\AppData\Roaming\inst.exe
    2014-02-28 02:48 - 2015-12-19 02:03 - 0007859 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat
    2014-02-28 02:48 - 2015-12-19 02:03 - 0001167 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf
    2014-02-28 02:48 - 2015-12-19 02:03 - 0000055 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.log
    2014-02-28 02:48 - 2015-12-19 02:03 - 0082816 _____ (VSO Software) C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys
    2014-02-25 06:23 - 2014-02-25 06:23 - 0000246 _____ () C:\Users\pantahsharam\AppData\Roaming\Recent.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0002242 _____ () C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt
    2011-12-28 07:34 - 2011-12-28 07:34 - 0001547 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0000663 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0001247 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt
    2013-03-05 07:13 - 2013-03-05 07:13 - 0000057 _____ () C:\ProgramData\Ament.ini

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-06 17:06

    ==================== End of FRST.txt ============================
     
  17. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by pantahsharam (07-09-2016 14:23:37)
    Running from C:\Users\pantahsharam\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-28 16:25:55)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3255573426-2543451188-2402224606-500 - Administrator - Disabled)
    Guest (S-1-5-21-3255573426-2543451188-2402224606-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-3255573426-2543451188-2402224606-1004 - Limited - Enabled)
    pantahsharam (S-1-5-21-3255573426-2543451188-2402224606-1000 - Administrator - Enabled) => C:\Users\pantahsharam

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
    AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
    Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
    ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
    AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DidjImp (HKLM-x32\...\{BB80F384-B770-4D15-A420-DA1A6853A85B}) (Version: 0.5.0 - JesusFreke)
    doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
    EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
    EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
    EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
    ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
    FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
    Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{0D8B3696-E52D-4291-B833-9F6AEB1CC4AB}) (Version: 2.1.0 - Hewlett-Packard Company)
    HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
    HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
    HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}) (Version: 2.4.3 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
    HP SimplePass 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
    IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
    Intel PROSet Wireless (x32 Version: - ) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
    Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.06.123 - Huawei Technologies Co.,Ltd)
    Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    K-Lite Mega Codec Pack 3.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.9.0 - )
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
    McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.03000 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    Music Creator LE 5.0.6 (HKLM-x32\...\Music Creator LE_is1) (Version: 17.0 - Cakewalk Music Software)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
    Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
    NowSmart Cut (HKLM-x32\...\NowSmart Cut) (Version: 1.2 - NowSmart)
    PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
    Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    Search Protection (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\Search Protection) (Version: 8.5.0.1 - Spigot, Inc.) <==== ATTENTION
    Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
    SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
    SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
    SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
    Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.77 - NCH Software)
    Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
    VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
    Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.79.0 - Verizon)
    WinDirStat 1.1.2 (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\WinDirStat) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    Words of Dhamma (HKLM-x32\...\Words_of_Dhamma) (Version: - )
    Zoomquilt Screensaver (HKLM-x32\...\Zoomquilt Screensaver.scr) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {17EB695A-4DAC-41B5-99B4-2B7AC6990054} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {2914A811-3409-4660-A0ED-A63169E2436D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-22] (Hewlett-Packard Company)
    Task: {2B44E91C-B44A-4B5A-802B-D3A208DB7720} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
    Task: {4D7DD924-23DE-4B88-A807-FB0B3257CE4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
    Task: {6C96C7AD-41E2-42E6-8D43-B1474446A4F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {71E4D199-61A8-4A08-8872-C9EC4012149C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)
    Task: {7A58F646-E121-433B-951A-952ECCDE8805} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {8AF82163-C34D-4C69-A0EE-BF4EA497EAA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
    Task: {8C76AEB1-6694-494D-8C1A-EF039AE99464} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
    Task: {9174BB03-1929-405D-8466-C72F5F6C357C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)
    Task: {9B5F4A6D-7591-4DB5-95E5-B5155A5E5642} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
    Task: {9D33B6D0-AEFE-4FF8-ACEF-01AAC3F4BE6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
    Task: {C02241B9-B7E9-48CB-900B-607B6866A7D4} - System32\Tasks\{534BBE50-E4CD-4D06-B33A-278EFEE2EECB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
    Task: {E5C3DB6E-494C-4AFD-ACE5-7BC55CFA5FE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {E6ED4F78-0B44-49D3-9ABC-BF8C1EA58529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2013-10-28 04:02 - 2013-10-28 04:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
    2015-12-14 19:47 - 2014-02-07 05:59 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
    2012-03-18 01:18 - 2011-03-02 21:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2011-04-15 20:16 - 2011-04-15 20:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2015-12-14 19:40 - 2014-03-04 10:14 - 00088144 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    2015-12-14 20:11 - 2014-02-07 05:59 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
    2015-12-14 19:47 - 2014-02-07 05:59 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
    2015-12-14 19:47 - 2014-02-07 05:59 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
    2015-12-14 19:47 - 2014-03-04 07:54 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
    2015-12-14 19:47 - 2014-03-04 07:54 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
    2007-04-19 05:30 - 2007-04-19 05:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
    2007-04-19 05:30 - 2007-04-19 05:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
    2016-05-24 12:20 - 2016-05-24 12:20 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f91bd970f20123a46b575cf6e92bc441\IsdiInterop.ni.dll
    2011-11-17 00:37 - 2011-04-30 10:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-12-14 19:40 - 2014-03-05 16:47 - 00425984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\core.dll
    2015-12-14 19:40 - 2014-03-05 16:47 - 00275968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\sdk.dll
    2015-12-14 19:41 - 2014-02-07 05:59 - 00011362 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\mingwm10.dll
    2015-12-14 19:41 - 2014-02-07 05:59 - 00043008 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 02416640 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 09559040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtGui4.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00390656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Proxy.DLL
    2015-12-14 19:40 - 2014-03-05 16:44 - 00243712 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Common.dll
    2015-12-14 19:40 - 2014-03-05 16:44 - 00157696 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Trace.dll
    2015-12-14 19:40 - 2014-03-05 16:44 - 00546304 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\PluginContainer.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00260608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AtCodec.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00322560 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00237056 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00156160 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSDialup.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00190464 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XCodec.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00154624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DataServicePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00284672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00219136 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00142336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00339968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceAppPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00065536 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSPowerMgr.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00120192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Win7Support.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00167936 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ATR2SMgr.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 01088512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00708608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsAppPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00158720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00233984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialUpPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00102400 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSAdapt.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00200192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:45 - 00131584 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSNDIS.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 01146880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISAPI.dll
    2015-12-14 19:40 - 2014-03-05 16:46 - 00317952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:50 - 00560128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00304128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XFramePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:52 - 00831488 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MiniFramePlugin.dll
    2015-12-14 19:41 - 2014-02-10 08:37 - 15675904 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtWebKit4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 01148416 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtNetwork4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 03962368 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXmlPatterns4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 00306176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\phonon4.dll
    2015-12-14 19:41 - 2014-03-04 07:54 - 00398336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXml4.dll
    2015-12-14 19:40 - 2014-03-05 16:49 - 00097280 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NotifyServicePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:52 - 00331776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:47 - 00419328 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialupUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00318976 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:52 - 00274944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MenuMgrPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:53 - 00412672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DiagnosisPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00117248 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LayoutPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:51 - 00309760 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SettingUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:50 - 00502784 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSettingPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:53 - 00308736 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00100352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\CompressRatePlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:53 - 00518656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:49 - 00841216 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SMSUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00110080 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ServiceUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00139776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\HelpUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:54 - 00434688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDUIPlugin.dll
    2015-12-14 19:40 - 2014-03-05 16:49 - 00808448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00082944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00081920 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00192000 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qjpeg4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00350720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qmng4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00370176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qtiff4.dll
    2015-12-14 19:40 - 2014-02-07 05:59 - 00712192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LiveUpdateInterface.dll
    2015-12-14 19:47 - 2014-03-04 07:54 - 09559040 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
    2015-12-14 20:11 - 2014-02-07 05:59 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
    2015-12-14 20:11 - 2014-02-07 05:59 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)
     
  18. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2016-09-05 21:58 - 00000068 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 213.162.69.2 - 213.162.69.170
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: IHA_MessageCenter => 2
    MSCONFIG\Services: NAUpdate => 2
    MSCONFIG\Services: QBCFMonitorService => 2
    MSCONFIG\Services: QBFCService => 3
    MSCONFIG\Services: QBVSS => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: Facebook Update => "C:\Users\pantahsharam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: uTorrent => "C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: Viber => "C:\Users\pantahsharam\AppData\Local\Viber\Viber.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{535DEF20-967B-4CBC-BABB-A2D5B36F7659}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{11954BBB-9A3A-4691-BE4C-D945442D0F3E}] => (Allow) LPort=2869
    FirewallRules: [{7F4C500E-050C-4827-87F4-1A3820AE5B9B}] => (Allow) LPort=1900
    FirewallRules: [{24BFCB71-A0D2-4745-A1F4-54A067990CCD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{3BAD2048-FA8F-47C9-9FC8-D6B6AE76B6EB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{73A1D281-F742-4E18-B135-48AB589E0C49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{28C1B73D-04CF-4576-A8BF-60A6003529A2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [TCP Query User{6C6DCD9D-00D7-426E-9BC6-D18AA2DBE924}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{68C4C460-542C-4785-ABF0-4A1BC72E04CC}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{99601ED0-07B8-4084-A8E5-C8508C99EF3A}G:\techwizard.exe] => (Allow) G:\techwizard.exe
    FirewallRules: [UDP Query User{EF85F817-C314-4E16-9EB0-9E64B786F4E5}G:\techwizard.exe] => (Allow) G:\techwizard.exe
    FirewallRules: [{0FA71815-F6E0-42EA-A876-F4F7D52EF595}] => (Allow) LPort=50000
    FirewallRules: [TCP Query User{916BABC6-8034-4878-B795-CD85F5665E94}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [UDP Query User{B658BC1B-AA90-4C6F-8D7E-DD08E6E3861D}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [TCP Query User{593A0817-3C58-4BBD-B361-4E046113DB09}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{4104E552-16A0-4C2F-9281-90BF9A0728DC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [TCP Query User{78574185-550B-4F9C-A860-732C799B2036}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [UDP Query User{9D66C94F-DAB9-4AEB-B5B9-9ACCDD2F5579}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
    FirewallRules: [TCP Query User{83A79043-78A5-4E56-9F03-0D240D2C6EE6}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [UDP Query User{1CDEC6E3-72C8-49F6-A43C-20A8FFC33A45}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
    FirewallRules: [{3924264D-AD69-4ADB-B243-3333C4FA357E}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{84CF44A7-1E40-4496-A0D1-0163B4AF9FF6}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{58445CF4-3C08-444F-88E1-5C2C405A0536}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{29610B48-BAD4-4617-8378-00E06C7CC2E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{E74920FF-B27E-4346-A994-DC653DD158E5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{9E07CA32-6550-4F8F-8259-1267522CA233}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{F0514ED8-BD2A-4818-A79E-E35DE7949D4E}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{6CA9A441-1FD9-4FA9-9939-EB246EAA3704}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{D9DD1928-A10E-47A1-9399-C9920ECCC805}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{C479B4E4-9BA6-463B-B67B-AF0B84A1C833}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{30DB3936-93C9-4BF0-83B3-DEC0B1BC697E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{9A02EEDF-E1D3-4D7F-8B51-681AB1075DA5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{FA8A9F26-A6F0-424C-9BAA-7DBD08D2DF12}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{039BFBD6-C911-4A59-9676-434D7F2F46AC}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{22AD8305-286E-4E68-A6C1-79FF9070FE8D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{0DA12083-73B1-490E-9B4A-9ABEF7A1DDC7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
    FirewallRules: [{3B94BECC-F0D8-429E-B038-C93C66567D3F}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DB88D875-CE11-4099-8442-F43D3633D157}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{7BFEA746-E17F-4668-ADB3-E3D4EF3A1109}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{1E30D33A-2675-4589-88CD-5CDE358154FE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [{70227428-859C-4844-819E-0CC521DCA13F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [TCP Query User{82825B69-BEA8-4106-8D0D-F04F57DBB3CA}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [UDP Query User{0016BA01-0B6D-4D17-865C-5043C8DF24B9}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [TCP Query User{9240AD9E-9E1E-45A0-BCA7-DD742D69D92C}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [UDP Query User{DB255704-E3E8-47A7-A14E-343570C8581F}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
    FirewallRules: [TCP Query User{A2516549-1AE6-4D71-BA84-D40CABB3C327}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [UDP Query User{7D365DD6-6951-4353-875C-E425CA3CF0B4}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
    FirewallRules: [{B1D8E745-BF1A-443E-9BD1-BC1ABE3B3C11}] => (Allow) LPort=50001
    FirewallRules: [{6726D298-C5FE-44B0-8E42-00F2694AE42E}] => (Allow) LPort=50001
    FirewallRules: [{1332FD5B-DACC-42E1-B04F-439F9692926E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{01D516F0-58DD-4CAD-9E05-EE3DD68D17B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{8EF2F46F-4D1F-4C0E-92DC-EE0C919EDA31}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{54F68F5E-6F72-4802-ACA2-AA751451FB66}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{ECB69B30-6A9C-48B9-B5E4-2F782999329D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{81AAE72F-1E77-4655-9175-67AAED8F1131}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B4D49ED8-22CB-4809-B47E-4E8D04D0D8DD}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{D0A9D3FE-D619-4C35-847D-D2C086BF81F5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
    FirewallRules: [{AA4F7797-A07A-43DD-9043-4C653F9D8DF8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{06CE6878-FAB9-4739-83B7-092129856B68}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
    FirewallRules: [{89A586C3-E625-40DC-8BC1-05759382B83A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServices.exe

    ==================== Restore Points =========================

    23-06-2016 09:14:41 Windows Update
    01-07-2016 23:10:21 Windows Update
    07-07-2016 19:30:12 Windows Update
    12-07-2016 00:50:45 Windows Update
    15-07-2016 01:21:18 Windows Update
    23-07-2016 20:00:25 Scheduled Checkpoint
    24-07-2016 19:03:28 Windows Update
    01-08-2016 10:11:52 Windows Update
    06-09-2016 17:13:23 Scheduled Checkpoint
    06-09-2016 21:34:31 Windows Update
    06-09-2016 22:52:30 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/07/2016 02:21:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 31.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1480

    Start Time: 01d20901add387a6

    Termination Time: 20

    Application Path: C:\Users\pantahsharam\Desktop\FRST64.exe

    Report Id: 596351f9-74f5-11e6-bbe2-101f74fef953

    Error: (09/07/2016 12:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
    Exception code: 0xc0000417
    Fault offset: 0x0001275a
    Faulting process id: 0x34c
    Faulting application start time: 0x01d208f08e0932a7
    Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
    Report Id: d9eea56a-74e3-11e6-bbe2-101f74fef953

    Error: (09/06/2016 04:36:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0xca8
    Faulting application start time: 0x01d2082af7336d56
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 533b5b62-743f-11e6-9a46-101f74fef953

    Error: (08/01/2016 10:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x1c28
    Faulting application start time: 0x01d1ebe8d3fbf62d
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: a3f2e763-5822-11e6-b5be-101f74fef953

    Error: (08/01/2016 11:42:26 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0xc8c
    Faulting application start time: 0x01d1ebca9f5fee81
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 40f9db8c-57cc-11e6-b5be-101f74fef953

    Error: (07/31/2016 05:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x1500
    Faulting application start time: 0x01d1eb3f9fcc7b3b
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: f3520c9c-5732-11e6-b5be-101f74fef953

    Error: (07/31/2016 03:34:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x17e4
    Faulting application start time: 0x01d1eb2e8ba97f5a
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 8525e054-5723-11e6-b5be-101f74fef953

    Error: (07/31/2016 11:08:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.1.7601.23418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 868

    Start Time: 01d1eb0aa1f3a68d

    Termination Time: 78

    Application Path: C:\Windows\Explorer.EXE

    Report Id: 3e5b74f7-56fe-11e6-b5be-101f74fef953

    Error: (07/30/2016 11:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0x3b0
    Faulting application start time: 0x01d1ea5bc95c5061
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: 6337f155-569e-11e6-bbc9-101f74fef953

    Error: (07/25/2016 10:20:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
    Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
    Exception code: 0xc0000005
    Fault offset: 0x00100217
    Faulting process id: 0xc04
    Faulting application start time: 0x01d1e64c9a00da3e
    Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
    Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
    Report Id: b5ed7691-5240-11e6-814a-101f74fef953


    System errors:
    =============
    Error: (09/07/2016 02:26:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 02:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:35:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:31:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:18:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (09/07/2016 12:15:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Internet Manager. OUC service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Internet Manager. OUC service to connect.

    Error: (09/07/2016 12:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Service Installer TrueKey service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (09/06/2016 09:40:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    and APPID
    {06622D85-6856-4460-8DE1-A81921B41C4B}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2014-01-29 08:57:45.903
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-29 08:57:45.823
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
    Percentage of memory in use: 50%
    Total physical RAM: 6091.86 MB
    Available physical RAM: 3007.3 MB
    Total Virtual: 12181.9 MB
    Available Virtual: 9227.27 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:571.05 GB) (Free:220.47 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (Recovery) (Fixed) (Total:20.96 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
    Drive I: (Internet Manager) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
    Drive l: () (Removable) (Total:1.89 GB) (Free:0.97 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 72185642)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=571.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

    ========================================================
    Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    In my first reply I asked you to uninstall Search Protection.
    It seems to still be there.
    What happened?
     
  20. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    Right after I read your reply, I uninstalled Search Protection in the Control Panel.
    I can't find it anywhere now, look progr.JPG
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OK.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  22. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    After I ran the fix it rebooted the machine and first thing it gave me the log and then asked if I want to allow "MAsetup..." to make changes to my computer and I said NO. wasnt sure what it was. Was it part of the fix?




    Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by pantahsharam (11-09-2016 18:50:55) Run:1
    Running from C:\Users\pantahsharam\Desktop
    Loaded Profiles: pantahsharam (Available Profiles: pantahsharam & Guest)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
    U3 mfeavfk01; no ImagePath
    U3 a3wlaqta; C:\Windows\System32\Drivers\a3wlaqta.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
    U4 bdselfpr; no ImagePath
    S4 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
    S4 iwdbus; system32\DRIVERS\iwdbus.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    C:\Windows\System32\Drivers\a3wlaqta.sys
    2014-02-28 02:48 - 2015-12-19 02:03 - 0099384 _____ () C:\Users\pantahsharam\AppData\Roaming\inst.exe
    2014-02-28 02:48 - 2015-12-19 02:03 - 0007859 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat
    2014-02-28 02:48 - 2015-12-19 02:03 - 0001167 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf
    2014-02-28 02:48 - 2015-12-19 02:03 - 0000055 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.log
    2014-02-28 02:48 - 2015-12-19 02:03 - 0082816 _____ (VSO Software) C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys
    2014-02-25 06:23 - 2014-02-25 06:23 - 0000246 _____ () C:\Users\pantahsharam\AppData\Roaming\Recent.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0002242 _____ () C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt
    2011-12-28 07:34 - 2011-12-28 07:34 - 0001547 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0000663 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt
    2011-12-28 07:36 - 2011-12-28 07:36 - 0001247 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt
    2013-03-05 07:13 - 2013-03-05 07:13 - 0000057 _____ () C:\ProgramData\Ament.ini
    CustomCLSID: HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
    Task: {9B5F4A6D-7591-4DB5-95E5-B5155A5E5642} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
    C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
    HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
    HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
    InstallerService => service removed successfully
    mfeavfk01 => service removed successfully
    a3wlaqta => service removed successfully
    andnetadb => service removed successfully
    AndNetDiag => service removed successfully
    ANDNetModem => service removed successfully
    andnetndis => service removed successfully
    bdselfpr => service removed successfully
    catchme => service removed successfully
    intaud_WaveExtensible => service removed successfully
    iwdbus => service removed successfully
    massfilter => service removed successfully
    usbbus => service removed successfully
    UsbDiag => service removed successfully
    USBModem => service removed successfully
    ZTEusbmdm6k => service removed successfully
    ZTEusbnmea => service removed successfully
    ZTEusbser6k => service removed successfully
    Could not move "C:\Windows\System32\Drivers\a3wlaqta.sys" => Scheduled to move on reboot.
    C:\Users\pantahsharam\AppData\Roaming\inst.exe => moved successfully
    C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat => moved successfully
    C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf => moved successfully
    C:\Users\pantahsharam\AppData\Roaming\pcouffin.log => moved successfully
    C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys => moved successfully
    C:\Users\pantahsharam\AppData\Roaming\Recent.txt => moved successfully
    C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt => moved successfully
    C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt => moved successfully
    C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt => moved successfully
    C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt => moved successfully
    C:\ProgramData\Ament.ini => moved successfully
    "HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B5F4A6D-7591-4DB5-95E5-B5155A5E5642}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5F4A6D-7591-4DB5-95E5-B5155A5E5642}" => key removed successfully
    C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => key not found.
    "C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker" => not found.

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-09-2016 18:53:50)

    C:\Windows\System32\Drivers\a3wlaqta.sys => Is moved successfully

    ==== End of Fixlog 18:53:50 ====
     
  23. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    It was "MASetupCleaner.exe"
    ( I did a google search and it has something to do with the Samsung Kies Program which I uninstalled a few hours ago cos I never use it. )
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  25. cederhigh

    cederhigh TS Enthusiast Topic Starter Posts: 61

    Results of screen317's Security Check version 1.014 --- 12/23/15
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee VirusScan Enterprise
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 40
    Java version 32-bit out of Date!
    Adobe Flash Player 22.0.0.209
    Mozilla Firefox (47.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    McAfee VirusScan Enterprise VsTskMgr.exe
    McAfee VirusScan Enterprise mfeann.exe
    McAfee VirusScan Enterprise SHSTAT.EXE
    Internet Manager OnlineUpdate ouc.exe
    Internet Manager OnlineUpdate LiveUpd.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...