Solved Assistance for PC Cleanup please

cederhigh

cederhigh

Posts: 61   +0
Hello, I have been using your help before and am very grateful for your time. My Laptop is running a bit slow and I assume there might be some dirty things responsible for it.

greetings,
Tom

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by pantahsharam (administrator) on PANTAHSHARAM-HP (07-09-2016 14:21:50)
Running from C:\Users\pantahsharam\Desktop
Loaded Profiles: pantahsharam (Available Profiles: pantahsharam & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\Scan64.Exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-03] (Intel(R) Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-06] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2012-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1925E23C-52D8-473A-98A4-A71281337318}: [NameServer] 213.162.69.2 213.162.69.170
Tcpip\..\Interfaces\{3C5C4C8E-0540-468D-85BD-E8E54443EB64}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7670DE11-D589-4090-8321-62C6C7B141BC}: [NameServer] 213.162.69.2 213.162.69.170
Tcpip\..\Interfaces\{E206ABF8-83E3-4929-97F3-74FD5A27A50A}: [NameServer] 213.162.69.2 213.162.69.170
Tcpip\..\Interfaces\{EB428A1F-D96E-4117-BACA-BF354E5871E4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140130001518.dll [2014-01-30] (McAfee, Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-06] (HP)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140130001519.dll [2014-01-30] (McAfee, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-06] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)

FireFox:
========
FF ProfilePath: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default
FF SelectedSearchEngine:
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-images.xml [2014-09-14]
FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-maps.xml [2014-09-14]
FF Extension: (WOT) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: (selectivecookiedelete) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\selectivecookiedelete@siju.mathew [2016-05-18]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-18]
FF Extension: (anonymoX) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\client@anonymox.net.xpi [2015-09-30]
FF Extension: (Firefox Hotfix) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-05]
FF Extension: (IPFlood) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\ip****@p4ul.info.xpi [2016-05-17]
FF Extension: (Adblock Plus) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-17]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-09-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-14] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2014-02-07] () [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2014-01-30] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2012-12-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2014-01-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-03] ()
S4 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-12] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.)
R3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [178840 2014-01-30] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [309400 2014-01-30] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2014-01-30] (McAfee, Inc.)
S3 mferkdet; C:\Windows\system32\drivers\mferkdet.sys [106112 2014-01-30] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2014-01-30] (McAfee, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-29] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 adf77b4n; C:\Windows\System32\Drivers\adf77b4n.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
U4 bdselfpr; no ImagePath
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S4 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S4 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 14:21 - 2016-09-07 14:21 - 00000000 ____D C:\QUARANTINE
2016-09-07 14:16 - 2016-09-07 14:21 - 00000000 ____D C:\FRST
2016-09-07 14:15 - 2016-09-07 14:15 - 02397696 _____ (Farbar) C:\Users\pantahsharam\Desktop\FRST64.exe
2016-09-06 22:49 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-06 22:49 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-06 22:49 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-06 22:49 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-06 22:49 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-06 22:49 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-06 22:49 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-06 22:49 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-06 22:49 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-06 22:49 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-06 22:49 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-06 22:49 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-06 22:49 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-06 22:49 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-06 22:49 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-06 22:49 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-06 22:49 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-06 22:49 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-06 22:49 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-06 22:49 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-06 22:49 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-06 22:49 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-06 22:49 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-06 22:49 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-06 22:49 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-06 22:49 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-06 22:49 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-06 22:49 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-06 22:49 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-06 22:49 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-06 22:49 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-06 22:49 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-06 22:49 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-06 22:49 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-06 22:49 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-06 22:49 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-06 22:49 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-06 22:49 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-06 22:49 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-06 22:49 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-06 22:49 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-06 22:49 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-06 22:49 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-06 22:49 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-06 22:49 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-06 22:49 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-06 22:49 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-06 22:49 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-06 22:49 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-06 22:49 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-06 22:49 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-06 22:49 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-06 22:49 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-06 22:49 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-06 22:49 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-06 22:49 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-06 22:49 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-06 22:49 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-06 22:49 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-06 22:49 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-06 22:49 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-06 22:49 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-06 21:49 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-06 21:49 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-06 21:49 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-06 21:49 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-06 21:49 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-06 21:49 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-06 21:49 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-06 21:49 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-06 21:49 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-06 21:49 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-06 21:49 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-06 21:49 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-06 21:44 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-05 22:15 - 2016-09-06 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-05 21:58 - 2016-09-05 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 14:14 - 2013-05-29 02:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-07 13:37 - 2013-05-29 02:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 12:43 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-07 12:43 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-07 12:39 - 2011-12-28 18:27 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C744B26-60FB-48D2-87E2-AE69436145DA}
2016-09-07 12:16 - 2013-05-29 02:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-07 12:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-07 12:14 - 2009-07-14 06:45 - 05114856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-06 23:01 - 2013-08-05 09:02 - 00000000 ____D C:\Windows\system32\MRT
2016-09-06 22:55 - 2012-01-21 07:37 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-06 22:51 - 2012-12-03 18:12 - 00000000 ____D C:\Users\pantahsharam\AppData\Roaming\vlc
2016-09-06 21:28 - 2011-12-28 18:26 - 00000000 ____D C:\Users\pantahsharam\AppData\LocalLow\AuthenTec
2016-09-06 16:36 - 2012-01-23 23:44 - 00000000 ____D C:\Users\pantahsharam\AppData\Local\CrashDumps
2016-09-06 12:42 - 2012-05-05 07:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-05 21:58 - 2016-06-09 19:19 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-09-05 21:58 - 2015-09-04 11:37 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-09-05 21:55 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-05 21:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-21 18:28 - 2015-12-05 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2014-02-28 02:48 - 2015-12-19 02:03 - 0099384 _____ () C:\Users\pantahsharam\AppData\Roaming\inst.exe
2014-02-28 02:48 - 2015-12-19 02:03 - 0007859 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat
2014-02-28 02:48 - 2015-12-19 02:03 - 0001167 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf
2014-02-28 02:48 - 2015-12-19 02:03 - 0000055 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.log
2014-02-28 02:48 - 2015-12-19 02:03 - 0082816 _____ (VSO Software) C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys
2014-02-25 06:23 - 2014-02-25 06:23 - 0000246 _____ () C:\Users\pantahsharam\AppData\Roaming\Recent.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0002242 _____ () C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt
2011-12-28 07:34 - 2011-12-28 07:34 - 0001547 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0000663 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0001247 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt
2013-03-05 07:13 - 2013-03-05 07:13 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\pantahsharam\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-06 17:06

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by pantahsharam (07-09-2016 14:23:37)
Running from C:\Users\pantahsharam\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-28 16:25:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3255573426-2543451188-2402224606-500 - Administrator - Disabled)
Guest (S-1-5-21-3255573426-2543451188-2402224606-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3255573426-2543451188-2402224606-1004 - Limited - Enabled)
pantahsharam (S-1-5-21-3255573426-2543451188-2402224606-1000 - Administrator - Enabled) => C:\Users\pantahsharam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DidjImp (HKLM-x32\...\{BB80F384-B770-4D15-A420-DA1A6853A85B}) (Version: 0.5.0 - JesusFreke)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D8B3696-E52D-4291-B833-9F6AEB1CC4AB}) (Version: 2.1.0 - Hewlett-Packard Company)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}) (Version: 2.4.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.06.123 - Huawei Technologies Co.,Ltd)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 3.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.9.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.03000 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Creator LE 5.0.6 (HKLM-x32\...\Music Creator LE_is1) (Version: 17.0 - Cakewalk Music Software)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NowSmart Cut (HKLM-x32\...\NowSmart Cut) (Version: 1.2 - NowSmart)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Search Protection (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\Search Protection) (Version: 8.5.0.1 - Spigot, Inc.) <==== ATTENTION
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.77 - NCH Software)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.79.0 - Verizon)
WinDirStat 1.1.2 (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Words of Dhamma (HKLM-x32\...\Words_of_Dhamma) (Version: - )
Zoomquilt Screensaver (HKLM-x32\...\Zoomquilt Screensaver.scr) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17EB695A-4DAC-41B5-99B4-2B7AC6990054} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2914A811-3409-4660-A0ED-A63169E2436D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-22] (Hewlett-Packard Company)
Task: {2B44E91C-B44A-4B5A-802B-D3A208DB7720} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {4D7DD924-23DE-4B88-A807-FB0B3257CE4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {6C96C7AD-41E2-42E6-8D43-B1474446A4F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {71E4D199-61A8-4A08-8872-C9EC4012149C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)
Task: {7A58F646-E121-433B-951A-952ECCDE8805} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8AF82163-C34D-4C69-A0EE-BF4EA497EAA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {8C76AEB1-6694-494D-8C1A-EF039AE99464} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
Task: {9174BB03-1929-405D-8466-C72F5F6C357C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)
Task: {9B5F4A6D-7591-4DB5-95E5-B5155A5E5642} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {9D33B6D0-AEFE-4FF8-ACEF-01AAC3F4BE6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C02241B9-B7E9-48CB-900B-607B6866A7D4} - System32\Tasks\{534BBE50-E4CD-4D06-B33A-278EFEE2EECB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {E5C3DB6E-494C-4AFD-ACE5-7BC55CFA5FE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E6ED4F78-0B44-49D3-9ABC-BF8C1EA58529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-10-28 04:02 - 2013-10-28 04:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-12-14 19:47 - 2014-02-07 05:59 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2012-03-18 01:18 - 2011-03-02 21:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-04-15 20:16 - 2011-04-15 20:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-12-14 19:40 - 2014-03-04 10:14 - 00088144 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
2015-12-14 20:11 - 2014-02-07 05:59 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2015-12-14 19:47 - 2014-02-07 05:59 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2015-12-14 19:47 - 2014-02-07 05:59 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2015-12-14 19:47 - 2014-03-04 07:54 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2015-12-14 19:47 - 2014-03-04 07:54 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2007-04-19 05:30 - 2007-04-19 05:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-19 05:30 - 2007-04-19 05:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2016-05-24 12:20 - 2016-05-24 12:20 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f91bd970f20123a46b575cf6e92bc441\IsdiInterop.ni.dll
2011-11-17 00:37 - 2011-04-30 10:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-12-14 19:40 - 2014-03-05 16:47 - 00425984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\core.dll
2015-12-14 19:40 - 2014-03-05 16:47 - 00275968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\sdk.dll
2015-12-14 19:41 - 2014-02-07 05:59 - 00011362 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\mingwm10.dll
2015-12-14 19:41 - 2014-02-07 05:59 - 00043008 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 02416640 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 09559040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtGui4.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00390656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Proxy.DLL
2015-12-14 19:40 - 2014-03-05 16:44 - 00243712 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Common.dll
2015-12-14 19:40 - 2014-03-05 16:44 - 00157696 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Trace.dll
2015-12-14 19:40 - 2014-03-05 16:44 - 00546304 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\PluginContainer.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00260608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AtCodec.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00322560 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00237056 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00156160 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSDialup.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00190464 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XCodec.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00154624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DataServicePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00284672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00219136 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00142336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00339968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceAppPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00065536 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSPowerMgr.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00120192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Win7Support.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00167936 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ATR2SMgr.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 01088512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00708608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsAppPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00158720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00233984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialUpPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00102400 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSAdapt.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00200192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00131584 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSNDIS.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 01146880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISAPI.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00317952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:50 - 00560128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00304128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XFramePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:52 - 00831488 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MiniFramePlugin.dll
2015-12-14 19:41 - 2014-02-10 08:37 - 15675904 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtWebKit4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 01148416 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtNetwork4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 03962368 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXmlPatterns4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 00306176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\phonon4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 00398336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXml4.dll
2015-12-14 19:40 - 2014-03-05 16:49 - 00097280 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NotifyServicePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:52 - 00331776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:47 - 00419328 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialupUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00318976 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:52 - 00274944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MenuMgrPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:53 - 00412672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DiagnosisPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00117248 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LayoutPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00309760 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SettingUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:50 - 00502784 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSettingPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:53 - 00308736 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00100352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\CompressRatePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:53 - 00518656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:49 - 00841216 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SMSUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00110080 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ServiceUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00139776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\HelpUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00434688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:49 - 00808448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00082944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00081920 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00192000 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qjpeg4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00350720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qmng4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00370176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qtiff4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00712192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LiveUpdateInterface.dll
2015-12-14 19:47 - 2014-03-04 07:54 - 09559040 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2015-12-14 20:11 - 2014-02-07 05:59 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2015-12-14 20:11 - 2014-02-07 05:59 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
 
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-09-05 21:58 - 00000068 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.162.69.2 - 213.162.69.170
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: QBVSS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\pantahsharam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: uTorrent => "C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Viber => "C:\Users\pantahsharam\AppData\Local\Viber\Viber.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{535DEF20-967B-4CBC-BABB-A2D5B36F7659}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{11954BBB-9A3A-4691-BE4C-D945442D0F3E}] => (Allow) LPort=2869
FirewallRules: [{7F4C500E-050C-4827-87F4-1A3820AE5B9B}] => (Allow) LPort=1900
FirewallRules: [{24BFCB71-A0D2-4745-A1F4-54A067990CCD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3BAD2048-FA8F-47C9-9FC8-D6B6AE76B6EB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{73A1D281-F742-4E18-B135-48AB589E0C49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{28C1B73D-04CF-4576-A8BF-60A6003529A2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{6C6DCD9D-00D7-426E-9BC6-D18AA2DBE924}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{68C4C460-542C-4785-ABF0-4A1BC72E04CC}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [TCP Query User{99601ED0-07B8-4084-A8E5-C8508C99EF3A}G:\techwizard.exe] => (Allow) G:\techwizard.exe
FirewallRules: [UDP Query User{EF85F817-C314-4E16-9EB0-9E64B786F4E5}G:\techwizard.exe] => (Allow) G:\techwizard.exe
FirewallRules: [{0FA71815-F6E0-42EA-A876-F4F7D52EF595}] => (Allow) LPort=50000
FirewallRules: [TCP Query User{916BABC6-8034-4878-B795-CD85F5665E94}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [UDP Query User{B658BC1B-AA90-4C6F-8D7E-DD08E6E3861D}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [TCP Query User{593A0817-3C58-4BBD-B361-4E046113DB09}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{4104E552-16A0-4C2F-9281-90BF9A0728DC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{78574185-550B-4F9C-A860-732C799B2036}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{9D66C94F-DAB9-4AEB-B5B9-9ACCDD2F5579}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [TCP Query User{83A79043-78A5-4E56-9F03-0D240D2C6EE6}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [UDP Query User{1CDEC6E3-72C8-49F6-A43C-20A8FFC33A45}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [{3924264D-AD69-4ADB-B243-3333C4FA357E}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{84CF44A7-1E40-4496-A0D1-0163B4AF9FF6}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{58445CF4-3C08-444F-88E1-5C2C405A0536}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{29610B48-BAD4-4617-8378-00E06C7CC2E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E74920FF-B27E-4346-A994-DC653DD158E5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{9E07CA32-6550-4F8F-8259-1267522CA233}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{F0514ED8-BD2A-4818-A79E-E35DE7949D4E}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{6CA9A441-1FD9-4FA9-9939-EB246EAA3704}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{D9DD1928-A10E-47A1-9399-C9920ECCC805}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{C479B4E4-9BA6-463B-B67B-AF0B84A1C833}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{30DB3936-93C9-4BF0-83B3-DEC0B1BC697E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{9A02EEDF-E1D3-4D7F-8B51-681AB1075DA5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{FA8A9F26-A6F0-424C-9BAA-7DBD08D2DF12}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{039BFBD6-C911-4A59-9676-434D7F2F46AC}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{22AD8305-286E-4E68-A6C1-79FF9070FE8D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{0DA12083-73B1-490E-9B4A-9ABEF7A1DDC7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{3B94BECC-F0D8-429E-B038-C93C66567D3F}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB88D875-CE11-4099-8442-F43D3633D157}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7BFEA746-E17F-4668-ADB3-E3D4EF3A1109}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{1E30D33A-2675-4589-88CD-5CDE358154FE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{70227428-859C-4844-819E-0CC521DCA13F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{82825B69-BEA8-4106-8D0D-F04F57DBB3CA}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [UDP Query User{0016BA01-0B6D-4D17-865C-5043C8DF24B9}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [TCP Query User{9240AD9E-9E1E-45A0-BCA7-DD742D69D92C}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [UDP Query User{DB255704-E3E8-47A7-A14E-343570C8581F}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [TCP Query User{A2516549-1AE6-4D71-BA84-D40CABB3C327}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{7D365DD6-6951-4353-875C-E425CA3CF0B4}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{B1D8E745-BF1A-443E-9BD1-BC1ABE3B3C11}] => (Allow) LPort=50001
FirewallRules: [{6726D298-C5FE-44B0-8E42-00F2694AE42E}] => (Allow) LPort=50001
FirewallRules: [{1332FD5B-DACC-42E1-B04F-439F9692926E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01D516F0-58DD-4CAD-9E05-EE3DD68D17B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8EF2F46F-4D1F-4C0E-92DC-EE0C919EDA31}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{54F68F5E-6F72-4802-ACA2-AA751451FB66}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{ECB69B30-6A9C-48B9-B5E4-2F782999329D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81AAE72F-1E77-4655-9175-67AAED8F1131}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4D49ED8-22CB-4809-B47E-4E8D04D0D8DD}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{D0A9D3FE-D619-4C35-847D-D2C086BF81F5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{AA4F7797-A07A-43DD-9043-4C653F9D8DF8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{06CE6878-FAB9-4739-83B7-092129856B68}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{89A586C3-E625-40DC-8BC1-05759382B83A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServices.exe

==================== Restore Points =========================

23-06-2016 09:14:41 Windows Update
01-07-2016 23:10:21 Windows Update
07-07-2016 19:30:12 Windows Update
12-07-2016 00:50:45 Windows Update
15-07-2016 01:21:18 Windows Update
23-07-2016 20:00:25 Scheduled Checkpoint
24-07-2016 19:03:28 Windows Update
01-08-2016 10:11:52 Windows Update
06-09-2016 17:13:23 Scheduled Checkpoint
06-09-2016 21:34:31 Windows Update
06-09-2016 22:52:30 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2016 02:21:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 31.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1480

Start Time: 01d20901add387a6

Termination Time: 20

Application Path: C:\Users\pantahsharam\Desktop\FRST64.exe

Report Id: 596351f9-74f5-11e6-bbe2-101f74fef953

Error: (09/07/2016 12:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
Exception code: 0xc0000417
Fault offset: 0x0001275a
Faulting process id: 0x34c
Faulting application start time: 0x01d208f08e0932a7
Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Report Id: d9eea56a-74e3-11e6-bbe2-101f74fef953

Error: (09/06/2016 04:36:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0xca8
Faulting application start time: 0x01d2082af7336d56
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 533b5b62-743f-11e6-9a46-101f74fef953

Error: (08/01/2016 10:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x1c28
Faulting application start time: 0x01d1ebe8d3fbf62d
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: a3f2e763-5822-11e6-b5be-101f74fef953

Error: (08/01/2016 11:42:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0xc8c
Faulting application start time: 0x01d1ebca9f5fee81
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 40f9db8c-57cc-11e6-b5be-101f74fef953

Error: (07/31/2016 05:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x1500
Faulting application start time: 0x01d1eb3f9fcc7b3b
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: f3520c9c-5732-11e6-b5be-101f74fef953

Error: (07/31/2016 03:34:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x17e4
Faulting application start time: 0x01d1eb2e8ba97f5a
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 8525e054-5723-11e6-b5be-101f74fef953

Error: (07/31/2016 11:08:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 868

Start Time: 01d1eb0aa1f3a68d

Termination Time: 78

Application Path: C:\Windows\Explorer.EXE

Report Id: 3e5b74f7-56fe-11e6-b5be-101f74fef953

Error: (07/30/2016 11:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x3b0
Faulting application start time: 0x01d1ea5bc95c5061
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 6337f155-569e-11e6-bbc9-101f74fef953

Error: (07/25/2016 10:20:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0xc04
Faulting application start time: 0x01d1e64c9a00da3e
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: b5ed7691-5240-11e6-814a-101f74fef953


System errors:
=============
Error: (09/07/2016 02:26:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 02:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:35:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:31:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:18:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:15:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Internet Manager. OUC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Internet Manager. OUC service to connect.

Error: (09/07/2016 12:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/06/2016 09:40:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2014-01-29 08:57:45.903
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-29 08:57:45.823
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 6091.86 MB
Available physical RAM: 3007.3 MB
Total Virtual: 12181.9 MB
Available Virtual: 9227.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:571.05 GB) (Free:220.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.96 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
Drive I: (Internet Manager) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive l: () (Removable) (Total:1.89 GB) (Free:0.97 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 72185642)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=571.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

redtarget.gif
Uninstall following unwanted program:

Search Protection

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
ROGUE KILLER Report

RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : pantahsharam [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/08/2016 12:40:19 (Duration : 00:42:02)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} (C:\Program Files (x86)\Coupon Alerts\FrameworkBHO64.dll) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Iminent -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Bench -> Deleted
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\AskPartnerNetwork -> Deleted
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\AskPartnerNetwork -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\OCS -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\OCS -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\AskPartnerNetwork -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\AskPartnerNetwork -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E} | DhcpNameServer : 10.0.0.138 ([]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E} | DhcpNameServer : 10.0.0.138 ([]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E} | DhcpNameServer : 10.0.0.138 ([]) -> Replaced ()

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \SomotoUpdateCheckerAutoStart -- C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe (/auto) -> ERROR [1]

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6476GSX +++++
--- User ---
[MBR] 0e6a7130843af732cbf514f7289610a5
[BSP] 2e30d28c3e9506cef08621c24776334f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 584757 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1197991936 | Size: 21459 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SDHC Card +++++
--- User ---
[MBR] 9316104665a782f81734208e2c0e3e52
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 30432 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: HUAWEI TF CARD Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
ROGUE KILLER ChangeLog (from C:/Program Files/RogueKiller)

=========================================================
=== ===
=== RogueKiller Changelog ===
=== ===
=========================================================
-------------------
- Adlice Software -
-------------------

V12.6.1 09/06/2016
=================
- Fixed missing resources (leading to a crash)

V12.6.0 09/05/2016
=================
- Added detections
- Updated translations
- Fixed a bug where patched files were not fixed on removal
- Added warning when license is expired or about to expire
- NEW! WMI Scanner

V12.5.2 08/29/2016
=================
- Added detections
- Updated translations

V12.5.1 08/22/2016
=================
- Fixed a bug in Yara module

V12.5.0 08/22/2016
=================
- Added detections
- Added file exclusion for forged files
- Fixed a bug where big files were detected as VT.Unknown
- Updated scanner to use Yara 3.5: https://github.com/VirusTotal/yara/releases/tag/v3.5.0
- Fixed (Yara 3.5): Processes scan doesn't use all memory/cpu
- Improvements (Yara 3.5): Scan is faster

V12.4.4 08/16/2016
=================
- Added detections
- Updated translations

V12.4.3 08/08/2016
=================
- Added detections

V12.4.2 08/01/2016
=================
- Added detections

V12.4.1 07/28/2016
=================
- Added detections
- Shortcuts scanner now cleans them instead of removing

V12.4.0 07/18/2016
=================
- Added detections
- Added Feed fallback (no more blank thing when website is slow)
- Added Shortcuts scanner
- Added Tasks scanner (by name/path)
- Updated translations
- Moved IRP scan to expert mode
- Fixed a bug where LNK pointed by tasks where not resolved
- Added registry Classes scanner
- (Premium) Added -noremove switch, to ignore detections

V12.3.8 07/11/2016
=================
- Added detections
- New feed version, with licensing filtering
- Registry scanner enhancement: Now stops the service before removing a service key
- Fixed a bug where Processes files were marked as missing
- Fixed VT score display

V12.3.7 07/04/2016
=================
- Added detections
- Updated internal links
- Updated translations

V12.3.6 06/27/2016
=================
- Fixed a bug leading to app being quit when a message is closed while in tray.
- Now displaying warnings on "Expert settings" turned on.

V12.3.5 06/22/2016
=================
- Fixed all links, now using a file provider API.

V12.3.4 06/20/2016
=================
- Added detections
- Added folder children exclusion scanner rule
- Signatures normlization
- Fixed a bug leading to hosts file not being scanned

V12.3.3 06/13/2016
=================
- Added detections
- Updated translations
- Fixed a bug where HTML reports were'nt readable on Chrome

V12.3.2 06/06/2016
=================
- Added detections
- Fixed possible crash on Intel files scan
- Refactor of marketing page
- Fixed a bug in VirusTotal upload leading to files not being sent for analysis
- Minor UI improvments

V12.3.1 05/30/2016
=================
- Added detections
- Updated translations

V12.3.0 05/22/2016
=================
- Added detections
- NEW! (Premium) Themes
- NEW! Clear theme
- NEW! Naked theme
- NEW! Dark theme
- Modified stats payload
- Update form: Now displays a warning when Updater is not present
- Update form: Now opens direct link to setup for Premium user in case Updater not present

V12.2.1 05/16/2016
=================
- Added detections
- Fixed transfer progress reset
- Updated translations
- Fixed UI hangs bug in old GUI

V12.2.0 05/10/2016
=================
- Added detections
- Updated translations
- Fixed a bug preventing from starting the scan on machines with 1 CPU
- Added a Quit button (useful when you want to skip close to tray)
- Fixed links in About tab
- Fixed check for updates (was not showing outdated when update arrives after the program is started)

V12.1.6 05/09/2016
=================
- Added detections
- Updated translations
- Improvement of path parsing module, added "cmd start x" method.

V12.1.5 05/02/2016
=================
- Added detections
- Update form now shows changelog
- Fixed RKAdmin link in updater

V12.1.4 04/25/2016
=================
- Added detections
- Fixed forged files dump to VT
- Now displays a warning when using wrong bits version
- Now shows GeoIP results
- Fixed an issue in updater where RogueKillerCMD wasn't recognized

V12.1.3 04/18/2016
=================
- Added detections
- Updated translations
- Fixed default check state in installer
- Fixed a bug that allowed check state modification of non-removable items
- Updater now uses cloud link
- Feed now uses cloud link
- Fixed a bug in GeoIP module
- Fixed a potential crash in MBR reading

V12.1.2 04/11/2016
=================
- Added detections
- Updated translations

V12.1.1 04/04/2016
=================
- Added detections
- Updated translations
- Now file replacements are made with sfc.exe on Vista+
- Added button to remove trial
- Fixed a bug in Chrome scanner preventing the scan from starting

V12.1.0 03/29/2016
=================
- Added detections
- NEW! Tools menu
- NEW! Hosts File Tools menu (Premium)
- Updated translations
- Fixed a bug in context menu actions

V12.0.3 03/21/2016
=================
- Added detections
- Added indonesian language
- Added more translators names
- Fixed a bug in AutoStart/AutoDelete
- Fixed a bug preventing to quit on Update
- Added a link to Lost license form

V12.0.2 03/14/2016
=================
- Added detections
- Added crash dump form
- Fixed a bug that showed steps not supposed to run
- Updated translations / Fixed typos
- Added Data column in scan results
- Fixed Autoscan
- Fixed Autoremove
- Now scan progress live detection shows in red when an item is detected
- Fixed a bug that led to driver state being wrong in reports

V12.0.1 03/07/2016
=================
- New user interface
- Added detections

V11.0.14 02/29/2016
=================
- moved driver loading at the beginning of the scan
- introducing expert mode
- processes no longer killed during scan (killed at removal, on demand)
- moved IAT scanning into expert mode
- core preparation for V12
- Added detections

V11.0.13 02/22/2016
=================
- moved signatures loading at the beginning of the scan
- core preparation for V12
- Added detections

V11.0.12 02/15/2016
=================
- Added detections
- Fixed a bug in Files module
- Fixed a bug in Web module

V11.0.11 02/08/2016
=================
- Added detections

V11.0.10 02/01/2016
=================
- Added detections
- Updated translations

V11.0.9 01/25/2016
=================
- Added detections
- Updater 2.1
- Updater can now serves installable version
- Updater can now skip licensing page if already registered

V11.0.8 01/19/2016
=================
- Added detections
- TrueSight v2.0.2 (fixed digital certificate for SHA1)
- Added Turkish language
- Updated translations

V11.0.7 01/11/2016
=================
- Added detections
- Added ADS whitelisting/blacklisting

V11.0.6 01/04/2016
=================
- Added detections
- Using new licensing API

V11.0.5 12/28/2015
=================
- Added detections
- Now setup will verify license key when entered

V11.0.4 12/20/2015
=================
- Added detections

V11.0.3 12/14/2015
=================
- Added detections
- Added translations in setup
- Updated translations

V11.0.2 12/07/2015
=================
- Fixed a bug in Buffer search

V11.0.1 12/07/2015
=================
- Added detections
- Fixed a possible bug in scanner
- Fixed a possible issue in COM module

V11.0.0 11/30/2015
=================
- Added rating link in marketing window
- Now detects ADS (Alternate Data Streams)
- Qt 5.5
- Moved Prescan into Scan
- Now IAT scan is able to scan Microsoft Edge
- Better hooks report for kernel hooks
- Truesight v2
- Now kernel hooks are scanned on userland
- Fixed a bug in COM module
- Added software keys detection
- Added registry path signatures
- Added detections

V10.11.7 11/23/2015
=================
- Added detections
- Fixed a possible hang issue on HTTP calls (timeout broken)
- setup improvments, ability to deploy both version (32/64 bits)
- setup improvments, banner and translations
- fixed a possible crash in junctions data parsing

V10.11.6 11/16/2015
=================
- Added detections
- Fixed a bug that closed the app when closing child window when minimized in tray
- added -reportpath command line parameter
- UI tweaks

V10.11.5 11/09/2015
=================
- Added detections

V10.11.4 11/02/2015
=================
- Added detections
- Fixed a bug in licensing engine, leading to a lost of configuration sometimes.
- Fixed a bug in processes module where main module was not good
- Fixed a bug in processes module where Updater was crashing if a very long command line was passed

V10.11.3 10/26/2015
=================
- Added detections
- Added warning when driver is not loaded
- Fixed Microsoft Security Client as legit parent for svchost
- (Premium) Added Premium label in reports
- Updated translations
- (Premium) Added information for external scanner (tab in settings)
- (Premium) Now application closes in tray and persist
- (Premium) Now able to start a scan from the tray icon
- Fixed a bug where services/windows were not scanned
- Fixed a bug where filesystem was not properly scanned

V10.11.2 10/20/2015
=================
- Fixed a crash in Buffer module
- Moved rebranding to Premium Technician

V10.11.1 10/19/2015
=================
- Added detections
- Moved rebranding to Premium documented features
- Fixed an issue with IAT scan progress (progress reset after process scan)
- Updated translations
- NEW! (Premium Technician) Added an option to limit time validity of portable config files
- Improved performance of filesystem scanner (scan is now much faster)
- Whitelisted Chrome sandbox IAT hooks
- Added timeout for file shortcut resolution (improves performance of filesystem scanner)

V10.11.0 10/12/2015
=================
- Added detections
- Added filter on VirusTotal internal submit (no user file)
- Improved shellcode module detection in inline hooks module
- Fixed memory growth while scanning filesystem
- IAT scan is now much faster because only scanning windows DLLs table
- Table-based hooks have cleaner display in logs (module!export)
- Fixed a bug in modules enumeration on 64 bits
- Excluded wow64cpu enter from inline hooks detection
- Now inline hooks architecture detection relies on import module architecture instead of process
- RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions)

V10.10.9 10/05/2015
=================
- Fixed bug in Disk module
- Fixed bug in IAT parser

V10.10.8 10/05/2015
=================
- Added detections
- Now Updater restarts application using same command line parameters

V10.10.7 09/28/2015
=================
- Added detections

V10.10.6 09/21/2015
=================
- Added detections
- Fixed bug in Disk module
- New social icons
- RogueKillerCMD: Added build number, licensing state

V10.10.5 09/14/2015
=================
- Added detections

V10.10.4 09/04/2015
=================
- Added detections
- Updated links
- (Premium) Added notification when license is about to expire
- Fixed bug in Disks module

V10.10.3 08/31/2015
=================
- Added detections
- Now all legit antirootkit entries are hidden
- fixed a bug in Process module
- internal reorganization

V10.10.2 08/24/2015
=================
- Added Detections
- NEW! Added Processes list to json report
- NEW! (Premium) Added -vtupload yes/no command line parameter
- Updated EULA to reflect licensing terms
- Updated translations
- Added help button in "?" menu
- Fixed way of reading disk serial
- Fixed a bug in VT scanner

V10.10.1 08/17/2015
=================
- Added detections
- (Premium) Added message when Updater is not present and program is outdated
- Updated translations
- Added link to public Trello board
- Added version check in about form
- NEW! VirusTotal choice for upload
- NEW! (Premium) VirusTotal choice setting
- Fixed automatic updates when Updater is not present
- NEW! EULA will show up again if a new version is present
- Extended injection signature search to 4 sections (instead of 1), to better identify injection code.
- Now infection urls for antirootkit point to non technical posts
- Resized main and about forms
- (Premium) Added more information in licensing server check
- (Premium) Prepared for annual subscription switch

V10.10.0 08/11/2015
=================
- Added detections
- Compatibility with Windows10
- Added error message when key has wrong pattern
- Updated translations
- NEW! File Scanner is more aggressive, and will search in a lot more locations
- Fixed a bug in honey module
- Fixed a bug in logging module

V10.9.4 07/30/2015
=================
- Added detections
- Fixed file scan when path contains unicode characters
- Fixed offline licensing issue (License was not recognized when no internet available). Now once registered (with internet on) it works offline.
- NEW! (Premium) Tray icon phase 1.

V10.9.3 07/21/2015
=================
- Fixed a crash when scanning Digital Certificate of some files
- Fixed a FP when LNK files have unicode characters in path (OneNote 2010 - Capture d??cran et lancement.lnk)

V10.9.2 07/20/2015
=================
- Added detections
- NEW! HTML reports
- NEW! HTML Open button
- NEW! TXT Open button
- NEW! HTML log setting + command line parameter
- Fixed timeout for Curl operations (max 5 seconds)
- NEW! signature database is now pre-compiled, will load much faster
- Updated Yara engine to 3.4
- Refactored Digisig engine, better performances
- Added more information in Json log for killed processes
- Fixed a bug where x64 processes names are not found when using x86 version
- Fixed path whitelist priority on VT blacklist (processes scanner)
- Updated translations
- Fixed an issue where Floppy drives become very noisy during scan

V10.9.1 07/09/2015
=================
- Added detections
- NEW! Added Open Text button in Json log viewer.
- NEW! Korean language
- Updated translations
- Fixed Scan randomly performed.
- NEW! Command line parameter: -reportformat [txt|json]
- NEW! Report format setting
- Merged Txt report generation with Txt export

V10.9.0 07/06/2015
=================
- Separate database for RogueKillerCMD / Updater
- NEW! Updater is now generic (cannot be used by double click anymore, takes command line)
- NEW! RogueKillerCMD can now use automatic updates
- NEW! RogueKillerCMD has now a version check
- NEW! RogueKiller has now accessibility (JAWS compatibility)
- Added detections
- -autodelete implicit has been removed from -hide
- Fixed a bug in RogueKillerCMD where command line isn't handled correctly
- NEW! RogueKiller now uses JSON as root format for reporting
- NEW! RogueKiller can open JSON logs into a new window
- NEW! JSON logs can be exported in RAW text format
- Updated translations
- NEW! setup now embeds RogueKillerCMD
- Fixed a bug in tasks scanner
- Fixed certificate timestamp

V10.8.7 06/29/2015
=================
- Removed AV.Killer definition (too many FPs)
- Fixed a bug in mstring module, leading to infinite loop in certain circumstances
- Now tasks scanner scans arguments too
- Added detections

V10.8.6 06/22/2015
=================
- Adjusted AV.Killer definition

V10.8.5 06/22/2015
=================
- Added detections
- NEW! External Scanner
- Fixed a bug in Process Scanner
- Fixed a bug in File Search
- Fixed a bug in Registry Scanner
- Now process paths are expanded
- Fixed a bug in VT module
- Fixed a bug in -autoscan

V10.8.4 06/16/2015
=================
- Added Skype to exclusions for RunPE detections

V10.8.3 06/15/2015
=================
- Added detections
- NEW! RunPE heuristic detection
- (Premium) Removed Paypal/Premium images
- Refactored settings form
- NEW! (Premium) -autoupdate command line parameter + setting
- Updated translations
- Fixed a bug in VT module
- Fixed a bug in WebServer (Not starting sometimes)

V10.8.2 06/09/2015
=================
- Using Licensing 2.0
- Added detections

V10.8.1 06/03/2015
=================
- Fixed a bug in Licensing
- Fixed a bug in VirusTotal module
- Now portable license generated file is read-only
- Added GUI indicators when using portable license
- Added detections
- Extension checker optimizations

V10.8.0 06/01/2015
=================
- Updated database
- Fixed a bug in reporting
- Disabled PUM.DesktopIcons (too confusing, and not critical)
- Disabled PUM.Orphan (too confusing, not critical)
- Better unit testing
- Initialization optimizations
- Updated translations
- NEW! (Premium) Web service
- NEW! Web service /info url (get version info)
- NEW! Web service /scan/new url (start new scan)
- NEW! Web service /scan/status url (get scan status)
- NEW! Web service /report/last url (get last report)
- NEW! (Premium) -pupismalware command line parameter + setting
- NEW! (Premium) -pumismalware command line parameter + setting
- Reverted portable fixed location in rk_config.ini
- Fixed error message when too many instances
- Setup now adds RogueKiller bin folder to %PATH%
- Updated userland certificate
- NEW! Promotional nag.

V10.7.0 05/25/2015
=================
- New configuration module, not compatible with old one. Able to use read-only medium for portable license.
- NEW! no more rk_config.ini for technician license.
- NEW! command line parameter: -portable-license
- Updated languages

V10.6.5 05/20/2015
=================
- Fixed a bug with KnownDLLs detection when value name starts with underscore (_)

V10.6.4 05/18/2015
=================
- NEW! Preferred language is now saved
- Added detections
- Fixed processes scan aggressiveness
- NEW! Logo can now be rebranded (Please contact us)
- Fixed a bug in Extensions Checked
- Fixed a bug in CLSID scanner
- Fixed Orphan detection level + vendor name => PUM.Orphan
- Fixed License fallback state
- Added new autostart locations
- Added Transfert progressbar

V10.6.3 05/11/2015
=================
- Added detections
- Fixed a bug in File Search module
- Increased feed rotation time
- Better UI information
- Deactivated VT IP scan (too many FPs)

V10.6.2 05/04/2015
=================
- NEW! Breaking news banner
- External libs update + optimizations (Zlib, SQLite, udis86)
- Fixed a bug in Tab navigation

V10.6.1 04/27/2015
=================
- Now VT file scan has minimum/maximum size
- Refactored PUP/PUM classification to be clearer and more consistent
- Fixed VT file scanner scanning LNK files instead of target
- Now VT unknown s classified as PUP
- Now VT cache has outdated date (fixed to 5 days)
- Now VT scanner rescans pending items at initialization
- Added detections

V10.6.0 04/20/2015
=================
- Added detections
- Moved version check before Prescan
- Fixed a bug in IAT scanner, where call stack was not recorded correctly
- Fixed a bug in IAT scanner, where unknown module was not displayed
- Fixed a bug in RogueKiller OLD GUI, where config file was not read properly
- Fixed ShowLegitHooks command/setting
- Fixed slow UI when a lot of entries are added to a table
- Fixed a bad items insertion when sorting was enabled
- Fixed a bug in MBR (GPT) module
- Fixed missing Premium info when internet access is broken
- Fixed a bug in libcurl library (X64)
- Added new method to detect IAT inline hooks
- NEW! VT Scan on registry, tasks, files, mbr, web browsers and antirootkit scans.
- NEW! VT scan no more in beta
- NEW! VT scan now scans all processes
- NEW! VT scan has local caching

V10.5.10 04/13/2015
=================
- Added detections
- Now can register Premium with command line parameter: -register <email> <key>
- Now displays remaining activations for Premium
- All communications are now using SSL (HTTPS)
- RogueKillerCMD: Added better colors
- RogueKillerCMD: Now can recognize RogueKiller's command line parameters

V10.5.9 04/07/2015
=================
- Added detections
- Now logs are sorted by date
- Now can attach last log even if a scan was not performed in the same session
- Fixed a bug where registration form cannot upload last report
- Removed Post Delete message asking for Premium buying when a user is already registered
- Now file scanner shows unscanned files (for progression), so that software doesn't give an impress of being stuck

V10.5.8 03/30/2015
=================
- Added detections
- Fixed a bug where config isn't reset after removing the license.
- Fixed NoPop configuration bug
- Added all command line parameters in Settings
- Updated translations
- Now registration Id/Key are trimmed to avoid copying/writing spaces before/after them (and have wrong key error message)
- Fixed updater now recognizing License on Windows 8 (now needs admin rights to be launched).
- Updated EULA to reflect VirusTotal integration rules.

V10.5.7 03/22/2015
=================
- Fixed a crash when starting the application

V10.5.6 03/21/2015
=================
- Added detections
- Fixed bug forbidding technician licenses to use command line
- Added Persian translation
- Fixed a possible hang on service termination
- Added progress text on progressbar during the scan
- NEW! VT scan on Processes (beta, only premium, disabled by default)
- NEW! VT scan on Services (beta, only premium, disabled by default)
- RogueKillerCMD : removed tutorial opening in case of an infection

V10.5.5 03/16/2015
=================
- Added detections
- PREMIUM: Added more settings options
- Unhidden premium options, added Nag message
- Updated translations
- Moved Scan choices to settings

V10.5.4 03/12/2015
=================
- Added detections
- Added credits for translators (About)
- Now service scanner is aware of ServiceDll path
- Updated translations
- Now Premium registration email is trimmed (remove spaces before and after the email)

V10.5.3 03/10/2015
=================
- Fixed a bug in Path module where all shortened path were not properly expanded (Ex: LogMe~ => LogMeIn Rescue Applet)

V10.5.2 03/09/2015
=================
- PREMIUM: Technician License can now use portable config file
- Added Premium logo
- Fixed a bug when opening website

V10.5.1 03/05/2015
=================
- Using new licensing system
- Added detections

V10.5.0 03/01/2015
=================
- NEW! Now RogueKiller is available with an installer
- PREMIUM: Separate updater
- PREMIUM: Trial of 30 days per machine
- Added detections
- Fixed a crash in jansson library

V10.4.3 02/23/2015
=================
- Added detections

V10.4.2 02/23/2015
=================
- Added detections

V10.4.1 02/19/2015
=================
- Added detections

V10.4.0 02/18/2015
=================
- Uniformization of whitelists/blacklists (we dropped a lot of detections, this can lead to false positives...
...but they will be fixed as people report them)
- Fixed a bug in LNK signature detection
- Fixed a buf in Time module
- NEW! Better CLSID scanner
- NEW! Now MBR scanner is EFI compatible
- Updated italian translation
- Fixed a bug in Path module

V10.3.0 02/16/2015
=================
- Added detections
- New command line flag: -showlegithooks (Shows legit hooks that are normally hidden)
- Big improvements in the IAT hooks engine; Preparation of refactoring for the kernel hooks.
- Big improvements in Extension Checker module
- NEW! Arabic translation
- Updated translations
- Updated Yara engine to 3.3

V10.2.0 01/19/2015
=================
- Added detections
- Updated Italian translation
- Added German translation
- Added Chinese traditional translation
- Fixed a bug in Registry scanner where .DEFAULT hive is not scanned
- Added MBR signature for FinFisher
- Added MBR signature for TDL4
- Added MBR signature for Rovnix
- Fixed some bugs in MBR scanner
- Improved low level disk access library
- Added VBR (Volume Boot Record) scanner

V10.1.2 01/06/2015
=================
- Added detections
- Updated Spanish translation
- Added Italian translation
- Added hook signatures engine

V10.1.1 12/23/2014
=================
- Added detections
- PREMIUM: Added settings form
- PREMIUM: Added MBR Scan setting
- PREMIUM: Added Honey Scan setting
- PREMIUM: Added Antirootkit Scan setting
- PREMIUM: Added Open website setting
- Added Dutch translation
- Added Italian translation
- Added sanity check for website opening

V10.1.0 12/11/2014
=================
- Added detections
- Fixed mbamservice false positive

V10.0.9 12/08/2014
=================
- Fixed Xpaj false positive with DiskCryptor MBR
- Added DiskCryptor MBR signature
- Added detections
- TrueSight 1.0.4: Better shellcode module detection
- IAT Hooks: Better shellcode module detection

V10.0.8 11/20/2014
=================
- Added detections
- Fixed bug of processes not killed
- Now process memory is scanned before path scan

V10.0.7 11/20/2014
=================
- Now process pages are scanned for whitelist
- Updated Yara engine
- Added detections
- Reverted some command line to free version: -nodriver -nokill -nopop -nothirdparty

V10.0.6 11/12/2014
=================
- Fixed a bug in Process module (not enough rights to get process path)
- Fixed a bug in AV whitelist detection
- Added detections

V10.0.5 11/11/2014
=================
- Now AV processes are whitelisted
- Added language separator for "Your language here"
- Added Injected process heuristic detection
- Fixed bad Zeus signature
- More aggressive against Poweliks processes
- Added detections
- Updated links

V10.0.4 10/29/2014
=================
- Added link to translations in language menu
- Added Delay IAT in PE module
- Added Delay IAT hooks in antirootkit
- Now IAT hooks are printed to UI as they are scanned
- Removed ctfmon from sensitive processes
- Now detects Zeus variants
- Now informative texts are not elided
- Better choices (currency/amount) for Paypal form
- Removed unused resources
- Improvements in quarantine module
- Now DNS entries show country IP in text report
- PREMIUM: Added quarantine handler
- Added detections

V10.0.3 10/22/2014
=================
- New user-agent: Now sends extended vendor names for real time monitoring
- Added detections

V10.0.2 10/16/2014
=================
- Added detection of services hidden from SCM and from registry
- Dropped command line support in free version
- Removed EAT hooks (useless)
- Improved IAT hooks scanner (now scans all modules instead of main module)
- Fixed a bug in driver library (driver could not load under certain circumstances)
- Added Czech translation
- Added tooltip with detection level (for colorblind people)
- Added detections

V10.0.1 10/10/2014
=================
- Improvements in Process library
- Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
- Fixed Poweliks rule
- Added detections
- Fixed Bug in registry module
- Fixed a bug in logging

V10.0.0 10/08/2014
=================
- Major UI changes
- Added support for future Premium version
- Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad keys
- Now CLSIDs are scanned for path and memory
- Added detections

V9.3.0 10/06/2014
=================
- New Rules engine. Easier to maintain, more robust.
- Fixed a lot of bugs in Scanner engines.
- Added detections

V9.2.13 09/25/2014
=================
- Fixed a bug in registry module introduced in 9.2.12
- Fixed a bug in process engine that forbids svchost processes to be killed
- Added detections

V9.2.12 09/23/2014
=================
- TrueSight: 1.0.3: Fixed a Kernel stack overflow leading to a BSoD
- Better handling of multistring registry value/key names (ZeroAccess/Poweliks)
- Added Poweliks detections
- Added detections

V9.2.11 09/18/2014
=================
- Added detection to new Poweliks variant
- Fixed a bug of infinite wait when COM objects are broken

V9.2.10 09/09/2014
=================
- Fixed a bug in Yara scanner
- Fixed a bug in language module
- Fixed a crash dump uploader (due to surlatoile.org move to https)
- Added service binary path in report

V9.2.9 09/01/2014
=================
- Updated Yara to 3.1.0
- Added detections
- Firefox PUM.HomePage is using domain whitelist

V9.2.8 08/15/2014
=================
- Added detections

V9.2.7 08/15/2014
=================
- Added scan of Search Page/Start Page for Internet Explorer
- Added scan of Start Page for Firefox
- TrueSight 1.0.2: Process Kill
- TrueSight 1.0.2: Registry key Kill
- TrueSight 1.0.2: File Kill
- RogueKiller: Implementation of new Truesight features
- RogueKillerCMD: Implementation of new Truesight features


V9.2.6 08/07/2014
=================
- Removed a ZeroAccess false detection
- Fixed a bug in registry module (introduced in 9.2.5)

V9.2.5 08/07/2014
=================
- Fixed a bug in registry module (poweliks/zeroaccess trick)
- Fixed a bug in command line parsing
- RogueKillerCMD: Added registry value/subkey removal by index
- Added detections

V9.2.4 07/24/2014
=================
- Added detections
- Added Key present rule
- Added Value data rule
- Updated Yara
- Fixed a bug in file search module
- Fixed a bug in honey file module
- Fixed string limit in path module
- RogueKillerCMD: Registry Kill

V9.2.3 07/14/2014
=================
- Fixed a bug in file module
- Added detections

V9.2.2 07/11/2014
=================
- Fixed a bug in task scanner
- Fixed a bug in path parser
- Fixed a bug in registry module
- Fixed a bug in install module
- Unknown MBRs are dumped in %programdata%/RogueKiller/Debug
- Added detections

V9.2.1 07/09/2014
=================
- Fixed a bug in logging
- Fixed unicode hosts file read/write
- Fixed empty hosts lines scan
- Truesight 1.0.1
- Truesight now suspends TDL4 threads before MBR fix
- Removed debug messages from Truesight
- Fixed pcalua detection in task scanner
- Added links

V9.2.0 07/07/2014
=================
- Truesight 1.0 (no more in beta)
- Truesight loads in X64
- Truesight rewriten from scratch (increased stability, code compatibility)
- Truesight now detects Filters (regular, reverse)
- Added detections
- Added translations
- Fixed regression about vendor url opening
- Fixed bug about duplicate registry entries on x86

V9.1.0 06/23/2014
=================
- Added detections
- Fixed a problem of ProgramFiles/ProgramFilesX86/ProgrameFilesW6432 var env parsing
- Binaries are now digitally signed.
- updated translations


V9.0.3 06/17/2014
=================
- Fixed encoding bug in quarantine handler
- Fixed crash window opening when no dump is available
- Fixed duplicated files in common startup folder on XP
- Detection of WinPE. Now LivePE/LiveUSB scan is faster and more accurate.
- Fixed reboot query
- Improved replacement method
- Fixed DNS whitelisting
- Added Zekos signatures
- Now file replacement engine looks for same file version before replacing.
- Fixed a bug in startup honey module
- Fixed a bug in mbr module
- Added detections


V9.0.2 06/04/2014
=================
- Fixed a bug in registry scanner
- Fixed a bug in Buffer lib
- Added chrome extensions removal
- Fixed service repair
- Added single instance mutex
- Fixed a bug when trying to quit
- Added detections
- Added Necurs link
- Added pathparser special rules (rundll32, wscript)
- Fixed a bug in file parsing
- Fixed a bug in Honey module


V9.0.1 06/02/2014
=================
- Fixed a bug in logging
- Fixed a bug in File lib
- Fixed a bug in GUI
- Optimizations in String parser
- Added detections
- Fixed a bug in addons detection
- Fixed a bug in forged file detection
- Fixed a bug in service scanner
- Now malware hooks are Orange

V9.0.0 05/29/2014
=================
- Fixed bugs

V9.0.0 beta 3 05/26/2014
=================
- CLI commands -nodriver -autoscan -autodelete -autoquit -autoeula -hideui
- Added detections
- Fixed EULA
- Added service repair
- Added check for updates
- Changed driver icon
- Added reboot notification
- Added pending detections notification on quit

V9.0.0 beta 2 05/23/2014
=================
- Fixed a bug in MBR log
- Fixed a bug in Service log
- Fixed a bug in log (RTL characters removed, ZeroAccess)
- Replaced SUSP PATH label by Suspicious.Path
- Removed Chrome.exe IAT/EAT scan
- Fixed 3 bugs in IEAT/EAT display (process is displayed / legit entries are hidden / fixed size of function in console display)
- Now suspicious services registry keys are not prechecked (to avoid confusion with true malware)
- Disabled Forged files removal (except if contains malware signature), due to some false positives
- Fixed a bug in Registry subkey removal (ZeroAccess)
- Fixed a bug in File replacement (added ACL copy before replace, Zekos)
- Fixed a bug in ListView sorting (was too slow)
- Added detections

V9.0.0 beta 1 05/22/2014
=================
- Added crash handler window
- Reports are now translated
- Added missing translations
- Added hover event for Facebook / Paypal links
- Added fancy Facebook button
- Replaced old icons by high res icons
- Added detections
- Fixed a bug in ComManager

V9.0.0 alpha5 05/21/2014
=================
- Brand new high res icon! (thanks nfn678 from deviantart.com)
- Now sending statistics to adlice.com webserver database
- PUM color detection is now Dark Gray
- Added web browser scan
- Added stop button (during scan only)

V9.0.0 alpha4 05/20/2014
=================
- Added context menu select/unselect all
- replaced old MBR display by a listview
- added MBR scan
- fixed carriage return bug in reports
- fixed bad driver decryption
- added Hooks scanner

V9.0.0 alpha3 05/19/2014
=================
- Fixed a bug when exiting with file menu
- Added hosts fix button (hosts tab)
- Fixed window names bug (massive false positive)
- Added true version number comparison for version checker
- Fixed elided text bug
- Added report footer
- Now general progressbar is used as progression
- Now displays fine progression
- Added file scanner

V9.0.0 alpha2 05/16/2014
=================
- Fixed a crash in Yara scanner on some processes
- Fixed a bug in Hidden processes detection
- Fixed a bug in report module, prescan results were removed from reports
- Fixed display bug (wrong X64 display in title)
- Fixed crash handler, now crash dumps will be located in %ProgramData%/RogueKiller/Debug
- Fixed display bug. After removal, status of items was not updated.
- Added Hosts file support
- Added Hosts file line removal
- Removed Proxy, DNS and Shortcut buttons/tabs

V9.0.0 alpha1 05/14/2014
=================
- Rewritten engine from scratch ( RKSdk V1 )
- Moved to Yara scanner
- Fixed a lot of bugs

V8.8.14 03/26/2014
=================
- Fixed a bug in PE parser
- Optimizations
- Added detections

V8.8.13 03/25/2014
=================
- Optimizations
- Prepare for 8.9.0
- NEW! Now scans IAT/EAT on x64 operating systems
- NEW! Now scans non-PE files (example: .bat)
- Addded detections

V8.8.12 03/20/2014
=================
- Optimizations
- Prepare for 8.9.0
- Added Thanks for Downloading Url at first use.
- Fixed bug in MBR fix
- Fixed progressbar behavior

V8.8.11 03/14/2014
=================
- Optimizations
- Added lot of PUP detections
- file path are elided in console

V8.8.10 02/28/2014
=================
- Added detections
- Changed links
- Fixed a bug in File library
- RogueKillerCMD 0.1.3
* Added service list
* Added service kill

V8.8.9 02/24/2014
=================
- Added double check for current version
- Added double post for autofeedback
- Changed sur-la-toile.com domain for new one surlatoile.org (fixed statistics and version check)


V8.8.8 02/19/2014
=================
- URL are now localized
- Fixed tree process creation deadlock


V8.8.7 02/11/2014
=================
- Fixed bugs in Hidden process detection
- Added traces for killed processes check bug.


V8.8.6 02/07/2014
=================
- ACLs management improvement
- Fixed FP in hook module
- NEW! Google Chrome extensions are listed [Removal not supported yet]
- Fixed Zekos FP with Zanga.exe
- Fixed forum link in report


V8.8.5 02/03/2014
=================
- Added debug trace for dllhost issue
- Added rogue detections
- Fixed duplicates in Firefox Addons list
- Added extensions.json / extensions.sqlite in the firefox watch list
- Now kills firefox before removing extensions

V8.8.4 01/27/2014
=================
- Added ACL module.
- Fixed bug with ACLs when replacing patched file [Black Screen - Zekos]
- Restored Zekos signatures

V8.8.3 01/24/2014
=================
- NEW! Extension removal for IE / Firefox (context menu)
- Neutralized Zekos signatures to avoid black screen at replacement. [To be fixed]

V8.8.2 01/17/2014
=================
- NEW! Miuref detection and removal
- Added Zekos x64 detection
- Fixed a bug in honey module
- Fixed a bug in core module
- Fixed a bug in driver module

V8.8.1 01/14/2014
=================
- Fixed bug in registry module
- Fixed a bug in file module
- NEW! Zekos detection and removal.

V8.8.0 12/27/2013
=================
- NEW! web browser addons are listed (Internet Explorer | Firefox )
- NEW! Cryptolocker pattern
- NEW! Killed process verifier. If some processes remain, they are killed by their whole tree.
- Added detections

V8.7.13 12/18/2013
=================
- Translated Paypal Icon
- Fixed a bug in GUI lib
- Added PUP pattern
- Fixed a bug in File lib (ZeroAccess detection)
- Added addons tab

V8.7.12 12/16/2013
=================
- Windows 8.1 detection
- Fixed bug in Shortcut mode
- Refactoring of File lib
- Added detections
- RogueKillerCMD 0.1.2
* Added process list

V8.7.11 12/04/2013
=================
- Fixed a bug in UI lib

V8.7.10 12/04/2013
=================
- Added detections
- RogueKillerCMD 0.1.1
* Fixed DLL dependencies

V8.7.9 11/25/2013
=================
- Fixed a bug in regex parsing
- Optimization of regex
- Added 2 new methods for registry Read/Write
- NEW! Honey module now uses the Win32 API Offline method (Safer)
- Fixed a bug in script cleanup
- Fixed a bug in mbr module
- Added detections
- Added Error code for MBR read
- Removed ROGUE ST detection for registry values


V8.7.8 11/14/2013
=================
- NEW! Added Zlib compression for crash dump sending
- Improvement of args handler

V8.7.7 11/11/2013
=================
- NEW! new banner
- Fixed bugs in Registry module
- Fixed bug in PeParser
- Added progress window for crash report uploading
- Now collecting FUll dumps [This can be long, be patient!]


V8.7.6 10/28/2013
=================
- Changed crash feedback for sending crash dump instead of custom crash logs
- Fixed bug in PeParser


V8.7.5 10/22/2013
=================
- Added useragent in debug log sending
- NEW! Geoloc for proxy / DNS IPs
- Fixed bug on TaskMan value
- NEW! -report_output and -hide switches
- NEW! Stop button


V8.7.4 10/16/2013
=================
- Added COUNTRY in user agent of statistic module


V8.7.3 10/15/2013
=================
- NEW! Detection/Removal of generic name mismatches in registry key/values (API fool trick -Rootkit)
- Fixed a bug in HiveReader module
- Fixed a bug in Pattern module


V8.7.2 10/10/2013
=================
- Fixed memory leak in sigcheck
- Fixed bug in PeParser
- Fixed bug in File module
- Added RECYCLER suspicious path (DorkBot)
- Added TaskManager key monitoring


V8.7.1 10/03/2013
=================
- Fixed bugs in PeParser
- Fixed bug in IAT/ETA hooks
- NEW! Listview sorting


V8.7.0 09/30/2013
=================
- NEW! Scan IAT/ETA of sensible processes
- NEW! Filesystem userland antirootkit
- Added colors to differenciate type of objects
- Added Romanian language
- Fixed bug in file deletion
- Fixed bugs in Pe parser
- Optimizations: Com library
- Fixed bug in GUI library
- Added detections


V8.6.12 09/18/2013
=================
- Added detections
- Added MBR infos
- Added PUM label, and more consitent colors
- Fixed a bug in MBR module


V8.6.11 09/11/2013
=================
- Fixed a crash a startup on x64 OS


V8.6.10 09/09/2013
=================
- Fixed a bug in PeParser
- TrueSight 0.9.1


V8.6.9 09/03/2013
=================
- Fixed a bug in PeParser
- Added Export parsing
- Fixed a bug in SSDT parsing
- Added detections


V8.6.8 09/02/2013
=================
- Fixed a bug in peParser
- Truesight v0.9


----- Now Date in english format


V8.6.7 27/08/2013
=================
- Fixed display issue
- Fixed problem in Registry module
- Added Rogue.AntiSpy-LSP pattern (Live Security Professional)
- Added detections


V8.6.6 19/08/2013
=================
- NEW! Ability to resize the application (but still flickering when resized...)
- Fixed display issue in safe mode
- Removed Hosts scan if file is bigger than 1MB
- Added detections
- Fixed bug in removal


V8.6.5 04/08/2013
=================
- NEW! Added support for new ZeroAccess variant (RTL)
- NEW! Added AutoRun value support in PE mode
- Fixed bug for rebooting query
- Fixed bug in file/folder deletion
- Removed unauthorized characters in report
- Updated links


V8.6.4 29/07/2013
=================
- Fixed display bugs
- Added tab icons
- NEW! One scan can allow user to trigger each option once (Delete, HostsFix, DNSFix, ProxyFix)
- Fixed bug in DLL module
- Modified Honey display in report
- Fixed bugs in PeParser
- Fixed bug in file parser
- Added detections
- Database queries switched to UNICODE


V8.6.3 17/07/2013
=================
- Added detections
- Fixed bugs
- Added crash feedback link into crash window


V8.6.2 02/07/2013
=================
- Modified links
- Fixed bugs
- Added Turkish translation
- Added switches -autoscan, -autoaccepteula, -autoquit and -autodelete for automation of the flow
- NEW! Minidump writting for DEBUG version (in cas of crash)


V8.6.1 17/06/2013
=================
- Fixed bugs
- Improved filename parsing


V8.6.0 14/06/2013
=================
- Changelog in English
- Rewrited whole engine
- NEW! Added icons in lists
- NEW! Added colors for Hosts lines detection
- Report: Splitted in object coherency (Tasks, Startup folders, registry)
- NEW! Honey module (previous PE module rewriten from scratch)
- NEW! .ini file for configuration storing
- NEW! Firefox malware detection module
- Added signatures
- Added ZeroAccess infection => Windows Defender repair
- Added disclaimer on Shortcut fix option
- Added hosts malicious lines identification in report
- Translations updated
- Added drivers to the patched files list to check
- Added service repair option (Tools/Repair services)
- Added Aho-Corasick algorithm for fast signature matching. Improved signature finding speed.
- NEW! Opera module - Added Proxy configuration


V8.5.4 18/03/2013
=================
- D?tection de lignes malicieuses Hosts file
- Ajout de signatures


V8.5.3 13/03/2013
=================
- Correction de bugs
- Ajout de signatures


V8.5.2 23/02/2013
=================
- D?placement des signatures MBR dans la base de donn?es
- Correction de bugs


V8.5.1 12/02/2013
=================
- MAJ d?tection Necurs.A
- MAJ base de donn?es
- Correction d'un bug dans le module database


V8.5.0 08/02/2013
=================
- Meilleure prise en charge de ZeroAccess

V8.4.4 01/02/2013
=================
- Langue Italien
- Langue Polonais
- Langue Cor?en
- Module PE: Correction de bugs
- Module Reg: correction d'un bug
- Detection ZeroAccess - Am?liorations


V8.4.3 08/01/2013
=================
- Langue Russe
- Module PE: Ajout des dossiers de d?marrage
- Module PE: Am?liorations diverses

V8.4.2 31/12/2012
=================
- Am?lioration du module PE


V8.4.1 23/12/2012
=================
- Correction d'un bug dans le module PE
- Correction d'un bug dans le module Files
- Correction d'un bug dans le module Hive
- Langue Spanish
- Dell MBR


V8.4.0 11/12/2012
=================
- Optimisations de code pour passage en x64
- Version x64 disponible
- correction d'un bug dans le module Tasks
- correction d'un bug dans le module Hooks

V8.3.2 07/12/2012
=================
- correction d'un bug dans le module startup
- correction d'un bug dans le module patched
- Correction d'un bug dans le module ntreg
- Possibilit? de d?senregistrer un service (ntreg) si impossibilit? de supprimer en mode RAW
- Prise en charge du MBR Fix pour TDL4 (Thanks XdeadCode)
- d?tection Root.MBR Alipop
- D?tection Root.MBR Mebroot
- D?tection Root.MBR Plite


V8.3.1 20/11/2012
=================
- R?organisation du traitement


V8.3.0 17/11/2012
=================
- Migration de la base de donn?es
- Correction de bugs
- Bouton facebook

V8.2.3 07/11/2012
=================
- Preparation ? SQLite
- Optimisation module parsing
- Correction d'un bug de d?tection du chemin process x64
- WL dll
HPStatusBL.dll
- Correction d'un bug dans le module Crypt
- WL
Screenpresso.exe

V8.2.2 03/11/2012
=================
- Window BL
Micorsoft Essential Security Pro 2013
Windows 8 Defender 2013
- BL
MESP.exe
- Ajout d'une whitelist par chemin
- Corection d'un bug dans le module blacklist
- Modification du lien FR tutoriel
- Traduction N?erlandais
- Ajout de la date et du mode dans le nom du rapport
- Executable pack? UPX
- driver WL
sbhips.sys */ SunBelt */
d347bus.sys /* Daemon tools*/
- WL
Windir/VPro500.exe
windir/*np325.exe
- BL particular
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\@
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\U
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\n
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\L

V8.2.1 29/10/2012
=================
- DNS WL
24.222.0.95
- Driver WL
avgtpx86.sys /*AVG*/
regguard.sys /*RegRun*/
- Whitelist
cdloader2.exe
magicJack.exe
AmazonCloudDrive.exe
V0220Mon.exe
msnotif.exe
LGMLauncher.exe
Communicator.exe
- Correction d'un bug dans le module debug
- Modifications du module d'importance
- Adaptation du driver pour Windows 8
- R?cup?ration des noms d'API SSDT en userland (compatibilit? Win8)


V8.2.0 22/10/2012
=================
- Truesight v0.7
- Fix langue German
- Divers corrections de bugs
- Whitelist
sys32/pcalua.exe
LogMeInSystray.exe
Dashlane.exe
- DNS Whitelist
86.64.145.14*
129.250.35.251
- Driver WL
SbFw.sys /*GFI Software*/
- Window BL
File Restore (FakeHDD)
 
ROGUE KILLER ChangeLog part2

V8.1.1 01/10/2012
=================
- Traduction Chinois traditionnel
- correction de bugs mineurs
- ajout de couleurs sur les listviews pour diff?rencier les type de d?tection
- correction d'un bug dans le module Blacklist
- Window BL
XP Defender 2013
Vista Defender 2013
Win 7 Defender 2013


V8.1.0 28/09/2012
=================
- Support du changement de langue au runtime
- correction d'un bug dans le module processes
- ajout d'un bouchon MBR (pour les tests)
- ajout d'un lien "website" dans l'ent?te du rapport

V8.0.5 23/09/2012
=================
- gestion des switchs de lancement
- ajout du switch "-nodriver" qui emp?che le chargement du driver
- ajout du switch "-nokill" qui emp?che le kill de processus (certains processus provoquent un BSOD au kill, il vaut mieux attaquer leur cl? de registre)
- ajout d'une cat?gorie "Extern Hive" dans le rapport => Listing des ruches externes trouv?es
- correction d'un bug dans le module Extern hives
- correction de bugs


V8.0.4 19/09/2012
=================
- Encryption des fichiers en quarantaine (Utiliser Cryptonic avec la cl? "RogueKiller" pour d?chiffrer)
- optimisation du module WEB
- Ajout de la suppression hors API lorsqu'une cl? est prot?g?e
- Correction d'un bug dans le module HiveReader
- Suppression de la v?rification des cl?s LEGACY (pas utilis?)
- Dll whitelist
adawarebp.dll
SkyDriveShell.dll


V8.0.3 13/09/2012
=================
- Correction d'un bug dans le module HiveReader
- Correction d'un bug dans le module Registry
- Correction d'un bug dans le module File ASSO
- Correction d'un bug dans le module Proxy FF
- Prise en charge des rootkits maxSST (fix d?sactiv? car non test?)
- Deactivation of "Patched" module (not really used, to many false positives)
- Whitelist DLL
tv_w32.dll
- Whitelist
%Windir%/HelpPane.exe
TeamViewer.exe
tv_w32.exe
TeamViewer_Desktop.exe
ibsvc.exe


V8.0.2 31/08/2012
=================
- Fichiers particuliers
\\RECYCLER\\[ANYFOLDER]\\$********************************\\n
\\RECYCLER\\[ANYFOLDER]\\$********************************\\@
\\RECYCLER\\[ANYFOLDER]\\$********************************\\L
\\RECYCLER\\[ANYFOLDER]\\$********************************\\U
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\n
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\@
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\L
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\U
- Incproc HJ
{fbeb8a05-beee-4442-804e-409d6c4515e9}
{5839fca9-774d-42a1-acda-d6a79037f57f}
- Blacklist
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.exe


V8.0.1 30/08/2012
=================
- Correction de bugs
- Whitelist
c2c_service.exe
SkyDrive.exe
procexp.exe
- Driver WL
RapportCerberus$ (trusteer)
- Truesight v0.6
Surveillance de DriverEntryIO
- Ajout patterns pour blacklist (GENDARMERIE)
install_0_msi.exe
hleo32.exe
regsrv64.exe
msconfig.dat
hos32.exe

V8.0.0 26/08/2012
=================
- [[Ramaniement de Code]]
- Surveillance de la cl? HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters : DataBasePath (HOSTS)
- Am?liorations diverses
- Ajout d'un cartouche d'information sur l'infection
- Refonte de certaines fenetres
- Whitelist
StatBar.exe
%windir%\^^Service.exe
%sys32%\iac25_32.ax

V7.6.6 10/08/2012
=================
- Recherche de fichiers de remplacement en cas de fichiers patch?s.
- Remplacement des fichiers patch?s en mode SUPPRESSION

V7.6.5 03/08/2012
=================
- Correction d'un bug dans le module peParser (PE x64)
- Ajout signature
ZeroAccess (services.exe x64)
- Windows BL
Live Security Platinum

V7.6.4 17/07/2012
=================
- Ajout d'une blacklist pour valeurs de registre
- BlacklistValue
Update (GENDARMERIE)
- Ajout patterns pour blacklist (GENDARMERIE)
fest0r_ot.exe
Schnarch.exe
- Whitelist DLL
cleanup.dll (MBAM)
- Windows BL
File Recovery


V7.6.3 08/07/2012
=================
- Correction d'un bug dans le module HiveReader (gestion valeurs de registre unicode)
- Ajout patterns pour blacklist (GENDARMERIE)
roper0dun.exe
rasmxs.exe
SCardDlg.exe
TapiSysprep.exe
0_0u_l.exe
glom0_og.exe


V7.6.2 02/07/2012
=================
- Ajout d'un module de kill / relaunch de processus englobant la suppression de fichiers particuliers
(explorer.exe est tu? / r?activ?)
- Correction d'un bug dans la d?tection des fichiers particuliers
- Surveillance de la cl? : HKCR\\CLSID\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InprocServer32 (ZeroAccess)
- Blacklist
sys32 / n
- Part files blacklist
windows\\Installer\\{********-****-****-****-************}\\L
localAppdata\\{********-****-****-****-************}\\L
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\L
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\U
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\@
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\n


V7.6.1 28/06/2012
=================
- R?ctivation du module de recherche de signatures
- Ajout d'un module de v?rification des fichiers syst?mes (ASLR + recherche de signatures)
- V?rification du fichier services.exe
- Ajout signature
ZeroAccess (services.exe)
- Correction de bugs (module Window)
- Ajout patterns pour blacklist (GENDARMERIE)
er_00_0_l.exe
- Correction de bugs


V7.6.0 26/06/2012
=================
- Ajout d'un contract utilisateur (EULA)
- Modification du module Particular files pour prise en compte des raisons de suppression + comparaison par masque
- Part files blacklist
windows\\Installer\\{********-****-****-****-************}\\n
windows\\Installer\\{********-****-****-****-************}\\@
windows\\Installer\\{********-****-****-****-************}\\U
localAppdata\\{********-****-****-****-************}\\n
localAppdata"\\{********-****-****-****-************}\\@
windows\\Assembly\\GAC\\Desktop.ini
windows\\Assembly\\GAC_32\\Desktop.ini
windows\\Assembly\\GAC_64\\Desktop.ini
- Drivers WL
avgidsshimx.sys (AVG)


V7.5.4 07/06/2012
=================
- Surveillance de la cl? : HKCR\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32 (ZeroAccess)
- Ajout programdata dans chemins sensibles
- Ajout patterns pour blacklist (GENDARMERIE)
pkg0u.exe
pkg_0ll.exe
WinzipArchiver.exe
TarArchiver.exe
Smoerrebroe.exe
tpl_0_c.exe
RarArchiverWin.exe

V7.5.3 05/06/2012
=================
- Am?lioration de l'interface
- Revue des traductions
- Mise ? jour de la detection ZeroAccess (Sirefef)
- Ajout patterns pour blacklist (GENDARMERIE)
krussel3.exe
AMD_cpx.exe
Apple_Store.exe
cs8v0k.exe


V7.5.2 30/05/2012
=================
- Correction d'un bug faisant apparaitre une popup
- Am?lioration du module de redirection des chemins
- Whitelist
SpotifyWebHelper
%windows%/ALCMTR.exe
- Ajout patterns pour blacklist (GENDARMERIE)
ArchiverforWin.exe
game_client.exe
WinArchiver.exe


V7.5.1 28/05/2012
=================
- Am?lioration du module de comparaison par masque
- Surveillance de HKLM\\SYSTEM\\ControlSet001\\Control\\SafeBoot : AlternateShell
- Surveillance du registre x64 pour la cl? SHELL
- Ajout patterns pour blacklist (GENDARMERIE)
k8h0pp.exe
temp##.exe
ServiceVBOX.exe
%sys32%/%%%%%%%%%%%%%%%%%%%%.exe


V7.5.0 24/05/2012
=================
- Ajout de la possibilit? d'utiliser RogueKiller sous environnement PE.
- Possibilit? de scanner les ruches windows en branchement externe du DD.
- Correction d'un bug dans ntreg
- Ajout bureau dans suspect paths
- Ajout patterns pour blacklist (GENDARMERIE)
k8h00.exe
VboxServs.exe


V7.4.5 18/05/2012
=================
- Int?gration librairie ntreg
- Ajout patterns pour blacklist (GENDARMERIE)
ch8l0.exe
p0j99p.exe
spoolsrv.exe
FSnapshot_x86.exe
BSI.bund.exe
GboxService.exe
InfoServices_a.exe
ksprskylabs1.exe


V7.4.4 08/05/2012
=================
- D?tection de Xpaj (bootkit)
- Ajout de patterns de d?tection GENDARMERIE
ms.exe
#{1}.#{12+}.exe
wpbt#{1}.dl{2}
hnszs#{1}.exe
ms*****.bat
ram_reserver64.exe
itunes_service#{2}.exe
syncservicex86.exe
EPUhelpers.exe
DNS_Servicex86.exe
kitre#{1}.exe


V7.4.3 04/05/2012
=================
- Mise en place des patterns pour d?tection des processus, cl?s RUN, SHELL, Startup
- Correction d'un bug dans le module HiveReader
- Optimisations de code
- TrueSight : Securisation du code


V7.4.2 03/05/2012
=================
- Correction d'un bug dans le module HiveReader


V7.4.1 02/05/2012
=================
- Whitelist
E_FATIHJL.EXE
- Ajout du pattern GEMA
- Ajout du pattern GENDARMERIE
- Correction d'un bug dans le module readMBR
- Correction d'un bug dans le module SSDT


V7.4.0 01/05/2012
=================
- Correction d'un bug dans le module debug
- Ajout du module ExceptionHandler => gestion automatique des plantages (en partie).
Quand un crash survient, une fen?tre s'ouvre et propose ? l'utilisateur de l'envoyer automatiquement.
- Window BL
Data Recovery (FakeHDD)
- Support des langues:
Allemand


V7.3.4 27/04/2012
=================
- Ajout du module SigCheck, permettant la recherche de signatures dans les fichiers binaires.
=> Recherche de signatures dans les processus
- Correction d'un bug dans le module readMBR (r?organisation de la priorit? des signatures)
- Correctifs dans les resources de langue.


V7.3.3 22/04/2012
=================
- Prise en compte de la valeur Start_TrackProgs (Programmes r?cents menu d?marrer)
- Correction d'un bug dans le module HiveReader
- Modification des ACLs avant v?rification des cl? RUN (bug virus Gendarmerie)
- Support des langues:
Grec
Portugais


V7.3.2 20/03/2012
=================
- [13/04/2012] Correction de bugs
- [03/04/2012] Window BL
SMART HDD
- [23/03/2012] Ajout lien vers Security Shield (blog)
- [22/03/2012] Module Debug - Second ajout
- [22/03/2012] Module statistique => Activation de plusieurs langages.
- [21/03/2012] Ajout progressBar (permet de savoir si un scan est en cours)
- [21/03/2012] Activation des styles visual
- [21/03/2012] Module Debug - Premier ajout
- [21/03/2012] Correction d'un bug
- [21/03/2012] Window Blacklist
System Shield
Security Shield
- Correction d'un bug dans le module startup
- Ajout de la surveillance du dossier "Common Startup"
- TrueSight v0.5 : Optimisations de code
- MAJ langue Czech / Slovak
- Ajout checkbox "AntiRootkit" qui d?sactive les fonctionnalit?s du module TrueSight


V7.3.1 10/03/2012
=================
- Correction d'un bug dans le module faked
- Ajout d'une checkbox pour d?sactiver le module faked (le scan prend du temps)
- Whitelist
Skype.exe
FixCamera.exe
firefox.exe
plugin-container.exe
- Driver WL
Crypto.sys /*SafeNet*/
mfehidk.sys /*McAfee*/
wpsdrvnt.sys /*Symantec*/


V7.3.0 08/03/2012
=================
- TrueSight v0.4
- Possibilit? de fixer les hooks inline.
- TrueSight : D?tection des hooks IRP (Major et Inline) sur un driver donn? -> Atapi.sys
- Possibilit? de fixer les hooks IRP inline (peut g?n?rer un BSOD dans certains cas, cette fonction reste ? am?liorer. A utiliser uniquement en dernier recours).
- Ajout d'un messagebox demandant confirmation si aucune suppression n'a ?t? effectu?e
- TrueSight : Bypass des fonctions du driver pour Windows 8 (pas compatible pour le moment)
- TrueSight : Optimisations de code
- Detection de Windows 8
- Correction d'un bug dans le module HiveReader (valeur / cl?s avec accents)
- Ajout d'un module de d?tection des fichiers FAKED (exp?rimental)
-> Appliqu? sur sys32/drivers
- Correction d'un bug dans le module SHELL
- Correction d'un bug dans le module STARTUP
- Correction d'un bug dans le module WEB
- Module Startup : Possibilit? de voir les dossiers de toutes les sessions (au lieu de la courante)
- Surveillance de la cl? HKCU\...\Advanced : Start_ShowRun


V7.2.1 29/02/2012
=================
- TrueSight v0.3
- Detection des hooks inline (fonctions SSDT seulement)
- Correction d'un bug dans le module HiveReader
- Driver WL
avipbb.sys /*Avira*/
avkmgr.sys /*Avira*/
- Window BL
Smart Fortress 2012
Windows Shield Tool
Windows PRO Scanner
Windows Basic Antivirus
Windows Stability Guard
Windows Firewall Constructor

V7.2.0 27/02/2012
=================
- Ajout d'une option FixMBR dans l'onglet MBR. Cette option devient disponible si une infection MBR est trouv?e.
- Possibilit? de fixer le bootstrap MBR avec un MBR standard (XP, Vista ,Seven)
- Ajout d'un module de lecture directe des ruches => d?tection cl?s / valeurs cach?es de l'API
- d?tection MBR Toshiba
- d?tection MBR Lenovo
- d?tection MBR Standard
- d?tection MBR KIWI Image system
- Whitelist
Spotify.exe
jusched.exe (global)
- Window BL
Windows Functionality Checker
Windows Smart Warden
Home Malware Cleaner
Windows Smart Partner
Antivirus Protection
Windows Telemetry Center
Windows Perfomance Catalyst
Strong Malware Defender

V7.1.0 15/02/2012
=================
- Passage du code en logique UNICODE (au lieu de ANSI)
- Correction de bugs
- Ajout du support des langues:
Czech
Slovak
- Mise ? jour des d?tections MBR whistler/sinowal
- d?tection MBR myBIOS
- D?tection des MBR flood?s par NOP
- Blacklist window
Security Scanner
Internet Security
Internet Security 2012
- Rogue ProgFile
\\PCSpeed Service\\
\\everyclear\\
- Blacklist
gema.exe

V7.0.4 08/02/2012
=================
- Ajout d'une checkbox pour d?sactiver le scan MBR (choix utilisateur)
- Correction d'un bug d'affichage faisant disparaitre les boutons dans certaines basses r?solutions d'?cran


V7.0.3 06/02/2012
=================
- Modification du module LL2 => moins d'erreur d'acc?s, notemment sur les OS x64
- Correction d'un bug dans le workflow des modes secondaires
- Blacklist
InetAccelerator.exe (Gendarmerie2)

V7.0.2 30/01/2012
=================
- Correction de bugs d'affichages (retours ? la ligne en trop) dans l'?dition du rapport
- Correction dans le module MBR => taille des partitions actualis? (1ko = 1024 octets)
- Whitelist
adawarebp.exe
DropBox.exe
- Rogue ProgFiles
\\BoanCatch\\
\\pcupgrade\\
\\best-pc\\
\\PCMaster Antispyware\\
\\InfoSeven\\
\\comdoumi\\
- Ajout pattern Rogue.ViusDoctor, Rogue.Zaxar
- Window BL
Antivirus Smart Protection
Malware Protection Center


V7.0.1 28/01/2012
=================
- Correction d'un bug dans le module MBR => Type de partitions actualis?s
- Correction d'un bug dans le module MBR => Calcul des tailles de partition actualis?
- Passage ? 5 PhysicalDrive Max
- Ajout du nom des disques physiques


V7.0.0 26/01/2012
=================
- Passage en mode GUI


V6.2.4 12/01/2012
=================
[24/01/2012] - Ajout de cl?s Advance: Start_ShowMyDocs Start_ShowRecentDocs Start_ShowUser
Start_ShowMyPics Start_ShowMyGames Start_ShowMyMusic Start_ShowControlPanel Start_ShowDownloads
Start_ShowVideos Start_ShowHelp Start_ShowPrinters Start_ShowSetProgramAccessAndDefaults
[23/01/2012] - Correction d'un bug dans le module MBR
[23/01/2012] - Correction d'un bug dans le module TASKS
[23/01/2012] - Window BL : Smart Protection 2012
[16/01/2012] - Prise en charge des dlls lanc?es depuis un raccourci startup (virus Gendarmerie)
[16/01/2012] - Correction d'un bug dans le module checkPath
- Ajout HKEY_USERS\\Software\\Classes\\pezfile\\shell\\open\\command
- Ajout HKEY_USERS\\Software\\Classes\\.exe\\shell\\open\\command
- Ajout HKEY_USERS\\Software\\Classes\\exefile\\shell\\open\\command
- Correction d'un bug dans le module de sauvegarde REG
- Ajout de l'option a : WhyIGotInfected? => ouverture de la page de WIGI
- Ouverture de liens vers les manips du blogspot en fonction de l'infection detect?e (ZeroAccess, FakeRean)


V6.2.3 09/01/2012
=================
- Whitelist
smad.exe
- Whitelist Dll
BatInfEx.dll
BatLogEx.dll
- Driver Whitelist
hookcentre.sys /*Gdata*/
- Window Blacklist
System Check
- Rogue ProgFiles
\\InfoSafe\\
\\CleanerCom\\
\\MicroVaccine\\
\\PC-Spider\\
\\CYAK\\
\\PcVirusDoctor\\
\\VDoctor Professional\\
\\CheckSpeed\\

V6.2.2 31/12/2011
=================
- Detection MBR Code TestDisk
- Detection MBR Code HP tatou?
- Detection MBR Code Whistler
- Distinction entre Vista / 7 MBR Code
- Detection MBR Code Linux
- Correction d'un bug dans le module de backup REG


V6.2.1 28/12/2011
=================
- Detection MBR codes XP et Vista/7
- Detection MBR codes MaxSS / TDL4 / PiHar
- Modification du module MBR (prise en compte de plusieurs PhysicalDrive)
- Whitelist DLL
%sys32%/LogiLDA.dll
panda_url_filtering.dll
nsMouselib.dll
msconf.dll
- Whitelist
B2CNotiAgent.exe
HpSAUpgrade.exe
HPSFUpdater.exe
panda_url_filtering.exe
MpSigStub.exe
dplaysvr.exe
realplayerent_config.exe
- rogue ProgFiles
\\info-manager\\
- Window BL
Security Monitor

V6.2.0 12/12/2011
=================
- Ajout d'un module de d?tection des screensavers : HKEY_CURRENT_USER\\Control Panel\\Desktop : SCRNSAVE.EXE
- Mise ? jour du pattern ZeroAccess (d?tection du FS $NtUninstallKB / consrv.dll)
- Ajout de mot-cl?s d'importance dans les rapports (redirection des logs au niveau du serveur PHP)
- Ajout du pattern statistique Root.MBR
- Ajout check du MBR (LL2) + activation du module
- Dump des MBR trouv?s dans la quarantaine
- Modification de la fin du script => possibilit? de garder le notepad ouvert
- Correction de bugs
- Rogue ProgFiles
\\datasave\\
\\sweeperlab\\
\\virussecurity\\
\\ProtectCop\\
\\HomeBoan\\
\\SmartSafer\\
- Whitelist
pccntupd.exe
pull.exe
RapportService.exe
HWDeviceService.exe
windir\v0330mon.exe
- Driver Whitelist
uphcleanhlp.sys /*WinXP (?)*/
FireTDI.sys /*Mac Afee*/
fslx.sys /*Symantec*/
savonaccesscontrol.sys /*Sophos*/
ShldDrv.sys /*Panda*/
bdrsDrv.sys /*BitDefender*/
- WhitelistDLL
rooksbas.dll
- Blacklist
%sys32/sysrunc.exe


V6.1.12 02/12/2011
=================
- Ajout check du MBR (User / LL1) --> d?sactiv? pour tests
- Ajout pattern Rogue.AntiSpy-AH
- Window Blacklist
XP Antispyware 2012
XP Antivirus 2012
XP Security 2012
XP Antispyware 2012
XP Home Security 2012
XP Internet Security 2012
Vista Antispyware 2012
Vista Antivirus 2012
Vista Security 2012
Vista Home Security 2012
Vista Internet Security 2012
Win 7 Antispyware 2012
Win 7 Antivirus 2012
Win 7 Security 2012
Win 7 Home Security 2012
Win 7 Internet Security 2012


V6.1.11 30/11/2011
=================
- Ajout d'un module de chargement direct du driver (plus efficace)
- d?sactivation du module "LOCKED"
- Window Blacklist
BlueFlare Antivirus
Wolfram Antivirus
OpenCloud Security
Malware Protection
Spyware Protection
Cloud Protection
Guard Online
AV Guard Online
Cloud AV 2012
- Rogue ProgFiles
\\NDoctorCom\\
\\perfectcare\\
\\privacyup\\
\\PowerPC\\
\\CleanCatch\\
- blacklist
Cloud AV 2012v121.exe


V6.1.10 18/11/2011
=================
- Ajout d'un module de r?cup?ration des donn?es des pr?c?dents scans (PREVRUN)
- Rogue ProgFiles
sweeperlab
VirusSecurity
- Blacklist
AV Protection 2011v121.exe
- Window Blacklist
AV Protection 2011

V6.1.9 16/11/2011
=================
- Ajout d'un module de v?rification des fen?tres windows ouvertes
- Ajout d'un module de r?sidu des process (pour registre)
- Correction de bugs
- Window Blacklist
System Fix
Privacy Protection
AV Security 2012
System Restore
System Security 2011
AV Protection Online
Security Sphere 2012
- Driver WL
pxrts.sys /*PrevX real time scanner*/
guard.sys /*AVG 7*/
- Whitelist
%windows%\wanmpsvc.exe
%windows%\*snpstd$
%windows%\sttray.exe
%windows\lclock.exe
%windows\ATKKBService.exe
MessageCheck.exe
%windows\UpdReg.EXE
uUACTokenSvc.exe
GameXNGO.exe
- Whitelist DLL
LC.dll
npSkypeChromePlugin.dll
- Whitelist DNS
4.2.2.$


V6.1.8 14/11/2011
=================
- Ajout Pattern: PrivacyProtection
- Correction de bugs
- Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowMyComputer
- Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowSearch
- Whitelist
netsession_win.exe
SetWallpaper.cmd
TUAutoReactivator32.exe
%windows%\VM_STI.EXE
%windows%\ZSSnp211.EXE
%windows%\Domino.EXE
FacebookUpdate.exe
googletalkplugin.exe
%windows%\SiSUSBrg.exe
lsnfier.exe
%windows%\Imgtask.exe
mediaget.exe
%windows%\AutoKMS.exe
%windows%\mixer.exe
- Driver WL
SandBox.sys /*Sandboxy*/
RapportPG.sys /*Trusteer (Report)*/
sbaphd.sys /*Sunbelt*/
PavProc.sys /*Panda antivirus*/
PavSRK.sys /*Panda antivirus*/
- Dll WL
KeyboardOnlineTray.dll
mcdvd_32.dll
- Blacklist
AV Security 2012v121.exe


V6.1.7 05/11/2011
=================
- Am?lioration du module statistique (Patterns ZeroAccess, Fake HDD, Rogue ProgFiles)
- Correction de bugs
- Ajout d'un module de gestion de la reflection du registre (x64)
- am?lioration du backup en .reg (prend en charge les cl?s au lieu des valeurs seulement)
- Rogue ProgFile
\\PatchUp_Plus\\
\\NVirusKorea\\
\\ProtectCode\\
\\CoreScan\\
\\AntiAvoid\\
\\IPRIVACY\\
\\ProtectKeep\\
\\AnyCop\\
\\windowpc\\
- Whitelist
arservice.exe
supprim? kmservice.exe (crack pour Office 2010)
- Whitelist DLL
IadHide5.dll


V6.1.6 01/11/2011
=================
- Ajout d'un module statistique (connexion base de donn?e SLT)
- DNS whitelist:
8.8.4.$
- Correction de bugs
- Whitelist :
windows\BCMSMMSG.exe
windows\*snp2***.exe
windows\stsystra.exe
windows\qmc.exe
windows\cthelper.exe
windows\ALCXMNTR.EXE
sys32\ANIWConnService.exe
sys32\PSDrvCheck.exe
rnupgagent.exe
googletalk.exe
E_FATICDL.EXE
- Drivers WL:
OADriver.sys /*Online armor*/
sp_rsdrv2.sys /*Spyware terminator*/
cmdguard.sys /*Comodo IS*/
SYMEVENT.SYS /*Symantec*/
SASKUTIL.SYS /*SUPER Antispyware*/
PSINProc.sys /*Panda Security*/
- Whitelist DLL
migrate.dll
OIExt.dll
BthAuthenticationTime.dll
NativeHelpNotifier.dll


V6.1.5 29/10/2011
=================
- Ajout d'un module de v?rification en ligne du num?ro de versio
- Ajout d'un module d'envoi automatique des rapports ? l'adresse du d?veloppeur (pour am?lioration de l'outil)
- Drivers WL:
fshs.sys /*F-Secure Orange AV*/
- Rogue ProgFiles
\\boankorea\\
\\FastScan\\

V6.1.4 22/10/2011
=================
- Rogue ProgFiles
\\VirusScan\\
\\pcspeedup\\
- Drivers WL:
ehdrv.sys /*ESET Helper Driver*/
- Whitelist
AVGIDSMonitor.exe
- Ajustement de la d?tection dans le module RANDOMNAME



V6.1.3 14/10/2011
=================

- TrueSight v0.2
- Correction de bugs
- R?arrangement du code
- Ajout backup des suppressions registre en .reg
- Ajout d'un module de d?tection des noms al?atoires
- Blacklist
sys32\lvvm.exe
crss.exe (Cloud Protection)
- Rogue ProgFiles
\\realcleaner\\

V6.1.2 07/10/2011
=================

- Drivers WL:
PCTCore.sys /*PCTools*/
bdselfpr.sys /*Bitdefender*/
- Kill des processus v?rouill?s
- WellKnown processes
audiodg.exe
- Rogue ProgFiles
\\vaccinecom\\
\\PCPlusSecurity\\
- WellKnown WL
sys32\ctfmon.exe
sys32\lsm.exe
sys32\SearchIndexer.exe
sys32\sppsvc.exe
sys32\SearchProtocolHost.exe
sys32\SearchFilterHost.exe
sys32\mctadmin.exe
sys32\dllhost.exe
sys32\alg.exe
sys32\wscntfy.exe
sys32\notepad.exe
sys32\wuauclt.exe
sys32\userinit.exe
sys32\msdtc.exe
windows\agrsmmsg.exe
- Whitelist dll
nvsysrot.dll


V6.X.X XX/XX/XXXX (Version repous?e)
=================
- Module de suppression de cl?s (recursif) par appel direct
- chargement du driver en mode BOOT antagoniste si bloqu?
- Detection de cl?s de registres cach?es du SCM
- Ajout chemin sensible %sysroot% pour processus
- Ajout d'un module de detection des noms long -processus et cl?s- (Guard Online / OpenCloud / ...)


V6.1.1 28/09/2011
=================
- Correction d'un bug dans le chargement / d?chargement du driver
- Supprim? messages debug
- TrueSight v0.1
- Ajout driver Whitelist avec masque
- Ajout blacklistPath dans recherche des services
- Drivers WL:
unknown /*Unknown*/
vsdatant.sys /*ZoneAlarm*/
procguard.sys /*ProcGuard*/
aswSP.sys /*Avast*/
aswSnx.sys /*Avast*/
PCTAppEvent.sys /*PCToolsFirewallPlus*/
sp**.sys /*Daemon tools*/
AVGIDSShim.Sys /*AVG*/
- Rogues progFiles
\\HelpPrivacy\\
\\InfoBoan\\
\\windowsliveprotect\\
\\DrBoan\\
\\Privacyi\\
\\Micropop\\
- Service Blacklist
MPopService


V6.1.0 22/09/2011
=================
- R?cup?ration des vrais adresses de la SSDT
- Ajout option 7 (restauration de la SSDT par index) : OPTION CACHEE car dangereuse. A utiliser sur demande d'un helper
- module TrueSight : Restauration SSDT
- module TrueSight : Kill par appel direct aux APIs NT (DrvNtTerminate)


V6.0.0 21/09/2011
=================
- Ajout d'un driver embarqu? dans les ressources
- Chargement du driver TrueSight (x86 seulement)
- Recherche des Hooks SSDT
- Recherche des Hooks Shadow SSDT


V5.3.5 21/09/2011
=================
- WhitelistDLL
LVPrcInj01.dll
- Whitelist
kmservice.exe
- Rogues ProgFiles
\\BoanCop\\
\\cleancert\\
\\VIHunter\\


V5.3.4 30/08/2011
=================
- Correction d'un bug dans la detection de la whitelist (masque)
- Ajout module de restauration des icones du bureau (SHELL)
- Ajout module de restauration de la barre des t?ches (SHELL)
- Ajout d'un mutex pour emp?cher le lancement de plusieurs instances
- Rogues ProgFiles
\\PrivacyBoho\\
\\SafePrivacy\\
\\BoanClear\\
- Whitelist
BR040286.exe
 
ROGUE KILLER ChangeLog part3

V5.3.3 18/08/2011
=================
- Ajout d'un module de d?tection de fichiers / dossiers particuliers
- Blacklist Particular:
%Appdata%\Adobe\shed
%Appdata%\Adobe\plugs
- Dll Whitelist
rpchrome$
MSVC^71.dll
- Rogue ProgFile
\\errordoctor\\
- GUID
{19090308-636D-4E9B-A1CE-A647B6F794BF} //Wolfram antivirus



V5.3.2 18/08/2011
=================
- Meilleure prise en charge du x64
--> Ajout des variables d'env SysWow64 / Program Files (x86)
--> Ajout de la restauration de Program Files (x86) dans le mode 6
- Optimisation de code
- WellKnownProcess:
varEnv.syswow64\\svchost.exe
- Whitelist:
nclaunch.exe


V5.3.1 06/08/2011
=================
- Ajout d'un module de surveillance des cl?s manquantes
- Ajout des cl?s manquantes:
HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command" => default : "%1" %*
- Rogue ProgFile:
\\PrivacyCode\\
\\InfoGuard\\
\\DefenseVirus\\
\\PatchUp_Plus\\
- Whitelist dll:
btmshell.dll
mkil.dll

V5.3.0 01/08/2011
=================
- Detection des d?tournements des noms syst?me
- Le programme est maintenant capable de tuer un process de 6 mani?res diff?rentes
Cel? permet de contourner les protections de pas mal de malwares

- Service Blacklist:
wxpdrivers
srvsysdriver32
srvbtcclient
srviecheck

- Rogue progFiles
\\MacroVirus\\
\\DualVaccine\\
\\CodeScan\\


V5.2.9 31/07/2011
=================
- Service Blacklist:
Windows_Update

- Dll Whitelist
MSVCP71.dll

- Whitelist
alcwzrd.exe
PLFset^.exe


V5.2.8 23/07/2011
=================
- Ajout v?rification des .exe dans dossier d?marrage
- Dll Whitelist
Dropbox$
PLFSet.dll
-Whitelist
vsnp2uvc.exe
- Rogue progFiles
\\Clear2PC\\
\\PCMedic\\
\\boanking\\
- ajout BlackList
<user>\startupFolder\csrss.exe


V5.2.7 30/06/2011
=================
- Correction de bugs (RegCloseKey)
- Correction de bugs provoquant un ?cran noir apr?s passge de OTL (au reboot)


V5.2.6 23/06/2011
=================
- Ajout de la surveillance de la ligne:
HKEY_CLASSES_ROOT\.exe => default


V5.2.5 23/06/2011
=================
Correction de bugs majeurs faisant planter l'appli


V5.2.4 22/06/2011
=================
Rogue ProgFiles:
-\\privacyalpha\\
-\\basicprivacy\\
-\\MicroPC\\
-Whitelist
Bginfo.exe
PLFsetL.exe
- Ajout suppression ACL pour les cl?s Shell


V5.2.3 16/06/2011
=================
- Blacklist
%ProgramFiles%\csrss.exe
%ProgramFiles\conhost.exe
- Service blacklist
QTUpdate
- Rogue ProgFiles
-\\Milestone Antivirus\\


V5.2.2 05/06/2011
=================
- Ajout d'infos sur les lecteurs pour le mode 6
- Correction de bugs faisant planter les modes 6/1/2


V5.2.1 02/06/2011
=================
- Correction de bugs faisant planter le module Task Scheduler 2.0
- Raports sur le bureau quelque soit le repertoire de lancement de l'application


V5.2.0 01/06/2011
=================
- Blacklist service
cdfss
wcscd
- Prise en charge des cl?s
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats
- V?rification et kill des DLL malicieuses charg?es sous explorer.exe
- Ajout du kill des dll explorer.exe dans les r?sidues
- Ajout d'un module d'exploration des GUID (Si un GUID est connu, on retrouve le chemin de la DLL malicieuse
et on l'ajoute ? la BlackList dynamique)
- Prise en charge du dossier Common Startup


V5.1.9 29/05/2011
=================
- Rogue ProgFile:
\\vaccineu\\
- Affichage des icones User / Poste de travail / Corbeille sur le bureau
Hijack : WarnOnHTTPSToHTTPRedirect
- Whitelist
soundman.exe
- Blacklist
wuaucldt.exe


V5.1.8 27/05/2011
=================
- Correction de bugs dans le mode 6
- Ajout des librairies dans la mode 6


V5.1.7 26/05/2011
=================
- Correction de bugs dans le mode 6
- Whitelist:
mhotkey.exe
mmkeybd.exe
dit.exe
LxrAutorun.exe
sw2#.exe
Screenpresso.exe


V5.1.6 21/05/2011
=================
- Rogue ProgFile
\\\Error Fix\\
- Whitelist
OEM0#Mon.exe
vVx#000.exe


V5.1.5 20/05/2011
=================
- Correction d'un bug majeur du mode 6
- Whitelist
RtHDVCpl.exe


V5.1.4 16/05/2011
=================
- Prise en charge de la sauvegarde effectu?e par Windows Recovery (Option 6)
- Whitelist:
RtHDVCpl.exe
googlecrashhandler.exe
megakeyupdater.exe
zHotkey.exe
ASScrProlog.exe
ASScrPro.exe


V5.1.3 13/05/2011
=================
- Ajout de chemins dans les repertoires sensibles:
%SystemDrive% / Windows
%System Drive% / Documents and settings / <user>
- Policy:
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer -> NoDesktop
- Rogues PF:
\\Ifkpr\\
\\AntiDefend\\
- WhiteList:
vVX1000.exe
regedit.exe



V5.1.2 13/05/2011
=================
- Correction d'un bug dans le module rundll32
- Rogue progFile
\\selfprivacy\\
\\PrivacyKey\\


V5.1.1 05/05/2011
=================
- Correction de bugs faisant planter le module Task Scheduler 2.0
- Correction d'un bug de fausse d?tection dans le module RUNDLL32 (RUN) -> report? dans 4.3.12


V5.1.0 02/05/2011
=================
- Prise en charge du Task Scheduler 2.0 (Vista / Seven)
- Rogue progFile
\\PrivacyView\\


V5.0.0 30/04/2011
=================
- Migration d'IDE


V4.3.12 30/04/2011
==================
- Ajout ACCESS_DENIED dans rapports
- Ajout date p?remption de l'ex?cutable, avec message d'avertissement si > 3 jours
- Whitelist
RockMeltUpdate.exe


V4.3.11 25/04/2011
==================
- Grosses optimisations (Rapidit? du scan x4)
- Whitelist
OctoshapeClient.exe
- Rogue progFile
\\PC2Safe\\


V4.3.10 24/04/2011
=================
- Rogue progFile
\\Boan119\\
\\VaccineCore\\
\\Antivirus Clean 2011\\
- Ajout cl? : FIREFOX.EXE\\shell\\safemode\\command
- Ajout whitelist:
ereg.$ (Dragon naturally speaking)
- Correction bug module Shell
- Whitelist DNS:
62.251.229.237
- Blacklist
sys32\\windupdt\\winupdate.exe
- Whitelist:
Rsystems Support.exe
- DllWhitelist:
bthprops.cpl
-WellKnownProcess:
dwm.exe
wininit.exe

V4.3.9 16/04/2011
=================
- DllWhitelist:
"csnp2uvc.dll"
"gcswf32.dll"
"rpchromebrowserrecordhelper.dll"
- Ajout whitelist:
OrangeInside.exe
- Rogue progFile
\\Error Repair Professional\\
- Correction bug module WhitelistDLL
- Ajout de la date de la version
- Ajout d'un mode (0) pour quitter. Le programme se relance automatiquement ? la fin.
Il convient donc de choisir le mode 0 pour fermer le programme



V4.3.8 09/04/2011
=================
- Ajout d'un module de reconnaissance de processes connus (explorer.exe, etc..)
- Optimisations
- Ajout d'un module de reconnaissance des dlls charg?es en 04 sous rundll32
- Rogue progFile
\\HomeClean\\
\\BoanSupport\\
- DllWhitelist:
"oobefldr.dll" "nvsvc.dll" "NvCpl.dll"
"NvMcTray.dll" "nview.dll" "srclient.dll"
"dr25svc.dll" "cmicnfg.dll" "ksrun.dll"
"sbavmon.dll" "dlbttime.dll" "ftutil2.dll"
"nvclock.dll" "nvhotkey.dll" "nvmctray.dll"
"p17.dll" "spirun.dll" "p17rune.dll"
"ptipbmf.dll" "ulutil2.dll" "sispower.dll"
"wf2kcpl.dll" "zsscheduler.dll" "apphelp.dll"
"advpack.dll" "sti_ci.dll" "ASTSVCC.dll"
"LXBUtime.dll" "p0**0pin.dll"
- Purge rogues ProgFile
- Correction bugs (Language anglais, kill svchost.exe)
- Ajout module de restauration des param?tres du centre de s?curit?
- Ajout whitelist:
clavier.exe


V4.3.7 04/04/2011
=================
- Ajout d'un module de reconnaissance MD5 pour les process, les dll et les cl?s RUN
- MD5 Blacklist:
2eb8bf9d3fad4cb9e26a1ae184a65816 //AntivirusPlus "random.dll"


V4.3.6 29/03/2011
=================
- AJout module Association de fichiers StartMenuInternet (Firefox, IE, Opera)
- Rogue Program files
\\ADSTOP\\
\\SystemDefender\\
- DNS Whitelist
90.0.0.38


V4.3.5 29/03/2011
=================
- Ajout du disque local syst?me dans l'option 6
- Ajout du repertoire CurrentUser dans l'option 6
- Am?lioration de l'algorithme, gain de rapidit? (option 6)
- Ajout des modules de surveillance UAC: "ConsentPromptBehaviorAdmin" , "ConsentPromptBehaviorUser" , "EnableLUA"
- Ajout de module de r?paration du fond d'?cran.
- Rogue Program files
\\vaccinescan\\
- Whitelist DNS
199.243.213.* (Canada)


V4.3.4 26/03/2011
=================
- Ajout des removable devices dans l'option 6, sauf lecteur disquette.
- Ajout des repertoires Ma musique, Mes videos, Mes images
- Correction bug sur la r?cup?ration des chemins Mes videos.


V4.3.3 24/03/2011
=================
- Ajout module de v?rification de l'activation de la restauration syst?me
- Modification du syst?me WL/BL => Ajout de plusieurs chemins possible
- Ajout des disques locaux (Sauf syst?me) pour le mode 6.
- DNS Whitelist
86.64.145.145 (NEUF)
84.103.237.145 (NEUF)
- Whitelist
Dropbox.exe
LBubble Dock.exe


V4.3.2 16/03/2011
=================
- Ajout d'un module pour neutraliser les liens dans les rapports (fichiers Hosts principalement)
- Correction d'un bug g?n?rant des FPs dans le module de services
- Rogue PF
\\ProPrivacy\\
\\antiguard\\
- Whitelist
rockmeltcrashhandler.exe
rockmelt.exe
- WhitelistDNS
195.235.96.90 (DNS Espagnol)
195.235.113.3 (DNS Espagnol)

V4.3.1 14/03/2011
=================
- Ajout d'un module pour la restauration des fichiers pass?s en "cach?" par le rogue Windows diagnostic (option 6)
- Ajout whitelist:
IMVUQualityAgent.exe
- Suppression du checkPath pour les services (trop de FPs)


V4.3.0 10/03/2011
=================
- Refonte des Whitelist/Blacklist, ajout de chemins (permet de dire qu'un fichier est blacklist? sauf dans un certain repertoire, etc...)
- Correction d'un bug causant des probl?mes d'affichage dans le module de langue englais


V4.2.1 09/03/2011
=================
- Correction d'un bug faisant planter le module de langue
- Prise en charge Quarantaine pour les modules RUN/Services/Tasks/Startup Folder/Residus
- Ajout Whitelist:
isuspm.exe (Install Shield Update manager)


V4.2.0 07/03/2011
=================
- Modification du syst?me de rapports:
Les rapports ne s'ajoutent plus au fichier RKreport.txt, mais ? des fichiers distincts ? chaque lancement, nomm? suivant la norme: RKreport[NUMERO].txt
Le r?capitulatif de tous les fichiers disponibles s'affiche ? la fin du rapport.
- Whitelist DNS: 81.253.149.$


V4.1.1 07/03/2011
=================
- Correction d'un bug dans la detection des chemins de fichiers, entra?nant la non d?tection de certaines cl?s de registre avec espaces.
- Ajout rogue program files:
\\ZeroVaccine\\


V4.1.0 04/03/2011
=================
- Correction de bugs
- Ajout d'une traduction Fran?ais/Anglais selon la langue du PC


V4.0.1 28/02/2011
=================
- Correction de bugs (refonte du systeme de parsing des cl?s de registre)
- Ajout de surveillance des cl?s RunOnce, RunServices, RunOnceEx, RunServiceOnce pour toutes les sessions.
Des rogues comme System tool peuvent maintenant ?tre supprim?s depuis une session saine.
- Rogue Program files:
\\pcvaccine\\


V4.0.0 23/02/2011
=================
- Refonte du moteur avec passage du C au C++
- Modification de l'affichage des rapports, plus d'infos.
- Ajout blacklist
sdra64.exe
- Rogue program files
\\specialguard\\


V3.10.3 21/02/2011
==================
- Ajout des modules de surveillance Associations de fichiers:
HKEY_LOCAL_MACHINE\Software\\Classes\\pezfile\\shell\\open\\command
HKEY_LOCAL_MACHINE\Software\\Classes\\.exe\\shell\\open\\command
HKEY_LOCAL_MACHINE\Software\\Classes\\exefile\\shell\\open\\command
HKEY_CURRENT_USER\Software\\Classes\\exefile\\shell\\open\\command
- Ajout blacklist
eksplorasi.exe


V3.10.2 17/02/2011
==================
- Ajout d'une mise en quarantaine pour les process tu?s (pas encore pour les DLL et les r?sidus)
La quarantaine se trouve ? la racine de l'ex?cutable (RK_Quarantine) et comprends:
* Les fichiers au format -> Nom_de_lexe.exe.vir
* un fichier texte (QuarantineReport.txt) comprenant le r?capitulatif par date des suppression, ainsi que les chemins d'origine.
Demander ce rapport en cas de faux positif pour restaurer (? la main) les fichiers d?plac?s par erreur.
- Ajout module HKEY_USERS (cl? Winlogon/Windows) pour surveiller les cl?s Shell et Load des autres sessions du PC
- Ajout surveillance proxy sur HKLM
- Ajout Association fichiers EXE: HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command
- Rogue Program Files
\\McAVG\\
\\AVGT\\



V3.10.1 16/02/2011
==================
- Ajout module HKEY_USERS (cl? RUN) pour surveiller les cl?s RUN d'autres sessions.
- Correction bug CheckPath
- Ajout surveillance du chemin des fichiers Services
- Ajout surveillance cl? ProxyEnable (Module Proxy)
- Rogue Program Files
\\PrivacyHidden\\
\\SafeCare\\


V3.10.0 11/02/2011
==================
- Ajout module de d?tection rootkits (sommaire)
=> BruteForce PIDs + v?rification Blacklist / WhiteList
- Ajout ouverture UAC au lancement (pour mode admin)
- R?organisation DNS Blackist => Comparaison par masque
- Rogues program files
"\\eoRezo\\"
"\\homevaccine\\"
"\\smartscan\\"



V3.9.0 01/02/2011
=================
- Migration des modules Proxy et DNS dans des options distinctes. (options 4 et 5)
- Ajout BlackList:
printer.exe (EasySpywareCleaner)
ctfmona.exe (EasySpywareCleaner)
xpupdate.exe (EasySpywareCleaner)
- Rogue Program Files:
\\EasySpywareCleaner\\
- Correction Bug sur module Shell, qui emp?chait la detection des cl?s "Load"


V3.8.5 31/01/2011
=================
- Ajout module de reconnaissance du mode de d?marrage (Normal, Mode sans ?chec avec / sans prise en charge r?seau)
- Ajout reconnaissance du nom de la session courante
- Ajout DNS WhiteList: "74.118.212.1","74.118.212.2", "192.168.10.1", "15.243.128.51","15.243.160.51", "193.95.75.10","193.95.75.13"
- Rogue Program Files:
\\MyPCCheck\\

- Ajout WhiteList:
autologin.exe



V3.8.4 29/01/2011
=================
- Ajout module de reconnaissance des DNS malicieux
- Ajout WhiteList DNS: http://www.commentcamarche.net/faq/1496-serveurs-dns-des-principaux-fai
- 74.118.212.1,74.118.212.2,192.168.10.1,156.154.70.22,156.154.71.22
- Ajout Whtelist
little transparency.exe
SmpSys.exe
- Changement Icone


V3.8.3 27/01/2011
=================
- Ajout module de d?tection de lancement automatique de raccourcis dans le dossier Startup
(C:\Documents and Settings\<USER>\Menu D?marrer\Programmes\D?marrage)

- Ajout rogues program files:
\\liveboan\\
\\security119\\
\\PrivacyInfo\\
\\MegaVaccine\\
\\WebVaccine\\
\\Smart Security\\


V3.8.2 27/01/2011
=================
- Correction de bugs
- Ajout rogues program files:
\\PC Security 2011\\
\\Best Spyware Scanner\\
\\AVP2009\\
\\RegGenie\\

- Ajout WhiteList
e_s$$**$.exe (Epson Driver)



V3.8.1 20/01/2011
=================
- Modification de code
- Correction de bugs


V3.8.0 19/01/2011
=================
-Ajout module de d?tection des rogues dans program files
-Modif module DLL pour d?tection chemin sensibles/program files
-Ajout blacklist:
avsubengine.exe (VaccineClean)
uninst_$ (Rogue.multiple)
-Ajout rogues program files:
\\VaccineClean\\
\\easyvaccine\\
\\PCoptimizer 2010\\
\\PrivacyRight\\
\\wisevaccine\\
\\privacyguard 2010\\
\\v2accine2010\\
\\NewVC\\
\\ddosclean\\
\\vaccineprogram\\
\\SpyCare\\
\\pcclearplus\\
\\CleanV\\
\\uservaccine\\
\\powercare\\
\\protect_one\\
\\QScan\\
\\ScanZero\\
\\searchguard\\
\\safetyboan\\
\\BestBoan\\
\\DataProtect\\
\\????????????\\
\\adsafer\\
\\AntiProtect\\
\\cleanscan\\
\\New2Clean\\
\\IDBoan\\
\\Scan119\\
\\????????\\
\\Vkiller\\
\\infosecret\\
\\VaccineLab\\
\\RegistryClever\\
\\VaccineData\\
\\infohold\\
\\Internetvaccine\\
\\keycop\\
\\k-security\\
\\eClean3.0\\
\\RealVaccine\\


V3.7.4 13/01/2011
=================
- Modification module HOSTS -> affichage des 20 premi?res lignes seulement
(simplifie la lecture du rapport)
- Modification du module de detection du type d'user
- Ajout whitelist:
Smax4.exe


V3.7.3 09/01/2011
=================
- Modification du module HOSTS (Ajout d'un fixACL et d'un fixAttributes, qui permettent la modif du fichier)
- Correction d'un bug g?n?rant des faux positifs dans le module HijackInitDLL


V3.7.2 08/01/2011
=================
- Ajout module de surveillance des AppInitDLL (chargement de dll au d?marrage de windows dans explorer)
- Renseignement du mode de lancement de l'appli (Admin - NOT Admin)
- Ajout blacklist
SM***.exe
SM****.exe
SM****_$.exe


V3.7.1 07/01/2011
=================
- Correction d'un bug cr?ant des faux positifs dans le module de masque
- Modification du module "inkillable" => meilleurs r?sultats, surtout sous Vista/seven
- Ajout blacklist:
sw2#.exe
Fullremove.exe

-Service Blacklist
sst#


V3.7.0 05/01/2011
=================
- Ajout module de detection Hijack WBEM (famille Antivirus 2010)


V3.6.1 28/12/2010
=================
- Ajout blacklist:
*****_##$.exe (Internet Security suite)


V3.6.0 28/12/2010
=================
- Ajout d'un module de surveillance du fichier HOSTS
- Ajout d'un mode permettant de restaurer un HOSTS sain


V3.5.2 27/12/2010
=================
- Ajout de la surveillance de la ligne
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows -> Load

- Ajout Blacklist:
!^!^!#####.exe (System tool)


V3.5.1 18/12/2010
=================
- Correction d'un bug emp?chant la suppression de cl?s de registre poss?dant +2 niveaux de sous-cl?s


V3.5.0 13/12/2010
=================
- Modification du module de modif des ACLs, prise en charge de Vista / Seven
(Merci ? Egwene et Eric_71)


V3.4.0 11/12/2010
=================
- Ajout d'un module pour rendre le process inkillable! :)
(du moins hormis l'utilisateur, et les applis ayant SE_DEBUG)


V3.3.0 11/12/2010
=================
- Ajout d'un module de suppression des LEGACY
(Ne marche que sous XP pour le moment)
- Ajout d'un module de modification des ACL, avec resatauration apr?s le scan/modif des cl?s (merci ? Egwene)
- Correction d'un bug de d?tection des chemins sensibles (Appli~1 = Appdata)

V3.2.1 01/12/2010
=================
- Correction d'un bug qui faisait planter le module running services
- service blacklist:
vbma**** (Antivirus Action)


V3.2.0 20/11/2010
=================
- Modification et activation du module des taches planifi?es.
Bas? sur la blacklist, et les r?sidus en m?moire.


V3.1.0 20/11/2010
=================
- Ajout de module de scan 04
RunServices
RunOnceEx

- Blacklist
windowstmsystem.exe
microsoftspeech.exe
mbamzlib.exe
sshnas$
Zludo*.exe
Zjuje*.exe

- Service
SSHNAS

V3.0.1 14/11/2010
=================
- Ajout de service Blacklist
Follower

- Ajout de cl?s Blacklist
netc.exe
nnmmnnsys.exe


V3.0.0 14/11/2010
=================
- Hijack Policies
NoFolderOptions

- Correction d'un bug qui faisait planter le module de recherche RUN


V2.9.0 14/11/2010
=================
- Ajout d'un module de Shell Spawning (Hijack du lancement des .Exe)
pezfile
.exe


V2.8.0 13/11/2010
=================
- Ajout de module de d?tection des Hijack Policies
DisableTaskMgr
DisableRegistryTools
DisableCMD

V2.7.1 12/11/2010
=================
- Correction d'un bug faisant planter le module IFEO
(d?bordement de tableau)


V2.7.0 11/11/2010
=================
- Ajout module proxy Firefox


V2.6.0 05/11/2010
=================
- Ajout module de reconnaissance des dll charg?es sous rundll32
- Ajout module de kill des dll trouv?es dans les r?sidus
- Services Blacklist:
kxtoykoc (smart defragmenter)
jvfrhmo (think point)

V2.5.0 05/11/2010
=================
- Ajout module Image File Execution Options
- Ajout module taches planifi?es (? completer)


V2.4.0 05/11/2010
=================
- Ajout description dans les propri?t?s.


V2.4.0 30/10/2010
=================
- Ajout d'un module de scan des r?sidue
(process dont la cl? de registre ? ?t? supprim?e, mais qui n'ont pas ?t? tu?s,
car seul la valeur de la cl? de registre permet de les identifier)
- Ajout Date/Heure dans le rapport
- Correction d'un faux positif sur les noms de fichier contenant "temp"


V2.3.1 30/10/2010
=================
- Ajout recherche Blacklist pour les valeurs de registre
- BlackList:
MK**.exe (Antimalware Doctor)
MK***.exe (Antimalware Doctor)
uPc+MV$.exe (Antimalware Doctor)

- WhiteList:
Chrome.exe (se lance dans Appdata)

- Ouverture automatique du rapport ? la fin
- Message invitant ? passer le mode 2 si des infections
ont ?t? trouv?es dans le registre



V2.3.0 22/10/2010
=================
- refonte du module de scan svchost (?l?vation des privil?ges)
-> plus besoin des taskkill et tasklist

- Ajout d'un module de scan des services en cours d'ex?cution (autres
que svchost)


V2.2.0 21/10/2010
=================
- Ajout currentcontrolset003
- remaniement du code


V2.1.0 20/10/2010
=================
- Ajout d'un module de comparaison g?rant les masques
- Ajout de rogue

SM***_****.exe (Smart Engine)


V2.0.0 20/10/2010
=================
- Ajout d'un module de scan des services svchost
-> on tue le service si celui ci est suspect

Ce module ne fonctionne pas nativement sous XP home.
il faut t?l?charger 2 ex?cutables et les placer ? la racine de RogueKiller


V1.8.0 19/10/2010
=================
- Ajout d'un module de scan des services (CurrentControlSet, ControlSet001, 002)

- Ajout de services ? la liste noire:

userinit (Antivirus 2010)


V1.7.1 19/10/2010
=================

- Ajout de quelques process en WhiteList

flux.exe
RtkBtMnt.exe
GoogleUpdate.exe


V1.7.0 18/10/2010
=================
- Ajout d'un module de suppression des proxy

V1.6.0 18/10/2010
=================
- refonte de la recherche de processus.
-> Purge des Blacklist / WhiteList
-> Scan bas? sur l'emplacement du process en priorit? pour une plus grande rapidit?

- Ajout? le repertoire "Bureau/Desktop" comme dossier sensible
- Ajout? chemin des fichiers tu?s (Sauf security Tools) dans le rapport


V1.5.0 18/10/2010
=================
- Ajout d'un scan de la cl? Shell

rogue Thinkpoint pris en charge

BlackList
Hotfix.exe
Desktop Security 2010.exe


WhiteList:
GoogleUpdate.exe
chrome.exe
GoogleCrashHandler.exe
flux.exe
Ati2evxx.exe
spoolsv.exe




V1.4.0 14/10/2010
=================
- Ajout d'un choix de mode pour le registre
mode scan: ne supprime pas les cl?s de registre trouv?es
mode remove: supprime les cl?s de registre trouv?es

Cela permet de voir d'?ventuels faux positifs et rassurer les personnes
qui ne veulent pas toucher au registre, et seulement tuer le processus infectieux


V1.3.0 14/10/2010
=================
- Ramaniement du code, optimisations.
Arrangement modulaire


V1.2.0 12/10/2010
=================
- Am?lioration du module de d?tection des cl?s RUN/RUNONCE infectieuse
d?tection des fichiers / chemin de mani?re plus pr?cise
moins de faux positifs, ciblage plus facile.

- Passage en "Append" du fichier RKreport.txt (au lieu de w+)
ce qui permet de ne pas ?craser les rapports pr?c?dents en cas de multiples
ex?cutions ? la suite
(le rapport est donc une superposition ant?-chronologique des diff?rents rapports)



V1.1.2 10/10/2010
=================
- Ajout d?tection OS et affichage dans le rapport

Desktop Security 2010.exe
flash_player_installer.exe

Whitelist:
rundll32.exe


V1.1.1 08/10/2010
=================

avp32.exe (Peak Protection)
user.exe (Peak Protection)
system.exe (Peak Protection)
svc.exe
load.exe (Antivirus studio 2010)
securitycenter.exe (Antivirus studio 2010)
securityhelper.exe (Antivirus studio 2010)
AntiVirus Studio 2010.exe (Antivirus studio 2010)


V1.1.0 04/10/2010
=================
- Ajout d'un module de suppression des cl?s RUN/RUNONCE en fonction
de la liste noire/liste blanche et des filtres dossiers habituels
- Optimisations
- Ajout d'un icone programme
- Ajout de quelques process Koobface:

ld15.exe
ld16.exe
andy133.exe


V1.0.3 01/10/2010
=================
- Ajout d'un module tuant les applications tournant sous "\Application Data\"
ou un de ses sous-dossiers
- Ajout d'un module tuant les applications tournant sous "\Temp\"
ou un de ses sous-dossiers


V1.0.2 01/10/2010
=================
- Passage en priorit? Haute au d?marrage du processus
(plus grande part CPU pour le scan, donc moins de chances de se faire killer)


V1.0.1 01/10/2010
=================
- Ajout d'une whitelist minimaliste pour acc?l?rer la recherche

[System Process]
System
smss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
dwm.exe
explorer.exe
ctfmon.exe
dllhost.exe
alg.exe
conhost.exe
taskhost.exe
sched.exe
Locator.exe
jusched.exe



V1.0 30/09/2010
===============
- Rogue Security Tools
module de d?tection des noms compos?s uniquement de chiffres

- Ajout de rogues plus anciens:
ccagent.exe (Control center)
ccmain.exe
richtx64.exe (Data Protection)
asr64_ldm.exe (Dr Guard)
diskperfxp.exe (User Protection)
davclnt.exe (Digital Protection)
avp.exe
digprot.exe
datprot.exe (Data Protection)
ave.exe


- Changelog SmitfraudFix jusqu'? November 06, 2008

winupdate.exe
AVR09.exe
msa.exe
ld09.exe
mediacodec.exe
pp10.exe
SYSDLL.exe
SYS32DLL.exe
DL32.exe
pcdefender.exe
svchost_32.exe
asasa.exe
syst.exe
msctrl.exe
msavsc.exe
msscan.exe
msiemon.exe
msfw.exe
msctrl.exe
msavsc.exe
msscan.exe
msiemon.exe
msfw.exe
setup2.exe
AntivirusXP.exe
ld03.exe
pp06.exe
userload.exe
rs32net.exe
renus2008.exe
sysrc32.exe
svchostw.exe
ld01.exe
ld02.exe
pp2.exe
dll32.exe
winagent.exe
systeminit.exe
sysguard.exe
avrlabs.exe
AnvTrgr.exe
msiconf.exe
VirTrigger.exe
VirusTriggerBin.exe
svhost.exe
reged.exe
spoolsystem.exe
syscert.exe
sysexplorer.exe
wsc32x.exe
 
Wasn't sure if you needed the ChangeLog but I put it anyway. Rest will come shortly.
Greetings
 
MBAM Log (It did not ask me to restart my computer so I did not)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/8/2016
Scan Time: 3:04 PM
Logfile: Mbam log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pantahsharam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421339
Time Elapsed: 53 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.FrameWorkBHO, HKLM\SOFTWARE\CLASSES\CLSID\{CACB139B-7C2C-4A99-A4EE-72449D0FF549}, Quarantined, [5016b6abaced66d07c0f910ae71b0bf5],
PUP.Optional.Somoto, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SomotoUpdateCheckerAutoStart, Quarantined, [88de6df499003df968d14aba24e0bc44],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3255573426-2543451188-2402224606-501\SOFTWARE\AskPartnerNetwork, Quarantined, [98ce89d8e7b2de58f1f846b6ae54bd43],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Somoto, C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart, Quarantined, [ed797be65940063062d09f65de2633cd],
PUP.Optional.ASK.Gen, C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\dj0j0bkq.default\searchplugins\ask-search.xml, Quarantined, [86e0c59c584196a0e73bc94a1bead32d],
PUP.Optional.Iminent, C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\prefs.js, Good: (), Bad: (user_pref("iminent.adapters", "{\"digitaltrends\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918115605761814400\"},\"thepiratebay\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918120998591814400\"},\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918121671501814400\"},\"facebook\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":3,\"expireTime\":\"13918121702531814400\"},\"pakalertpress\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918123905401814400\"},\"imdb\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918149294831814400\"},\"youtube\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918150980681814400\"},\"chinawomendating\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918164699201814400\"},\"google\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918165274491814400\"},\"milfhd\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166262801814400\"},\"puremature\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166364021814400\"},\"****milfporn\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166701651814400\"},\"porntube1\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918166884101814400\"},\"redtube\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167122471814400\"},\"akamaihd\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167219151814400\"},\"xsrving\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167230251814400\"},\"doublepimp\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918167245361814400\"},\"mrskin\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918233822111814400\"},\"celebritymixer\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918234152471814400\"},\"upworthy\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918236461351814400\"},\"paradigmshiftcentral\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918344220901814400\"},\"theocgproject\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918346534071814400\"},\"fromthesilence\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918430790481814400\"},\"website-unavailable\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918436513221814400\"},\"soundcloud\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918436625591814400\"},\"flickr\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918440130941814400\"},\"yahoo\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13918937172551814400\"},\"techspot\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918937421601814400\"},\"imgnip\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918938268291814400\"},\"adultxpictures\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918938890281814400\"},\"imgboxxx\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918939386481814400\"},\"xxxhost\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918939703311814400\"},\"ashleymadison\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918941401901814400\"},\"cougarspeeddate\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918941799991814400\"},\"couturelosangeles\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918942072071814400\"},\"meetup\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918943127551814400\"},\"blogspot\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918943548031814400\"},\"urbancougar\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918943789121814400\"},\"adultfriendfinder\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918947254591814400\"},\"thecougarconnection\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13918947597331814400\"},\"amazon\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13919118186361814400\"},\"bleepingcomputer\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919121663351814400\"},\"eset\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919132267021814400\"},\"globaltechexpert\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919133121911814400\"},\"vimeo\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919149562991814400\"},\"mooji\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13919182744511814400\"},\"metric-conversions\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13920867834221814400\"},\"lbreport\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13920882684871814400\"},\"bankofamerica\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921748721781814400\"},\"identity-protection\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921750659541811559\"},\"wikipedia\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921791526561814400\"},\"starfirereiki\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921792198031814400\"},\"didjshop\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921797645451814400\"},\"didgetherapy\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921798282861814400\"},\"crystal-cure\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921811147471814400\"},\"chopra\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921869371701814400\"},\"wordpress\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13921954635601814400\"},\"adyashanti\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922559265951814400\"},\"jezebel\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922594469021814400\"},\"stern\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922630428761814400\"},\"toggl\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13922724686981814400\"},\"xvideos\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923622800791814400\"},\"maturetubeporn\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923623803091814400\"},\"tubemature\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923624548441814400\"},\"megamaturesex\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923624783541814400\"},\"oldgrannylovers\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923626662301814400\"},\"hotpornshow\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923627231801814400\"},\"gizmodo\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923635453881814400\"},\"mylant\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13923656701001814400\"},\"literotica\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924830463751814400\"},\"tube8\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924830606641814400\"},\"nudediana\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924831054311814400\"},\"only40\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924834184351814400\"},\"drunkporntube\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924834380641814400\"},\"69flv\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924834742911814400\"},\"roadtrippers\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924843833021814400\"},\"ramdass\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924845329401814400\"},\"themetapicture\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13924848477661814400\"},\"edisproduction\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13925970340901814400\"},\"israelvideonetwork\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13925976120771814400\"},\"teohua\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926742359521814400\"},\"floweroflifestore\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926742494011814400\"},\"bukbesthotels\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926742592551814215\"},\"myorganogold\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926744845391814400\"},\"homedepot\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926818429611814400\"},\"websurveypanel\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13926819638011814400\"},\"pnmag\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927559152871814400\"},\"glad\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927571825031814400\"},\"thekitchn\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927572187091814400\"},\"outbrain\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927572985881814400\"},\"oncenter\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927638368761814400\"},\"samplewords\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927642443821814400\"},\"bidclerk\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927645313681814400\"},\"sfgate\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927766260121814400\"},\"ehow\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"13927768006291814400\"},\"lbtransit\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927779662531814400\"},\"adobe\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":2,\"expireTime\":\"13927785890971814400\"}}");), Replaced,[bda9c69bd1c8102635569877bd480ff1]
PUP.Optional.Iminent, C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\prefs.js, Good: (), Bad: (_ok\",\"shown\":[\"antiadblock\"],\"downloadCount\":143}");
user_pref("extensions.adblockpluspopupaddon.defaultAction", "block");), Replaced,[402677eac1d81d194f3cd33c17ee9d63]

Physical Sectors: 0
(No malicious items detected)


(end)
 
ADW CLEANER Log

# AdwCleaner v6.010 - Logfile created 08/09/2016 at 16:18:21
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-24.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : pantahsharam - PANTAHSHARAM-HP
# Running from : C:\Users\pantahsharam\Desktop\adwcleaner_6.010.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[-] File deleted: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{F791D8AE-47E8-40A5-A913-EB2D2AF29602}]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.search.param.yahoo-fr" - "chr-greentree_ff&ilc=12&type=714647"
[-] Chrome preferences cleaned: "extensions.APN_TB.first-previous-keyword-url" - "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
[-] Chrome preferences cleaned: "extensions.ORJ-V7.previous-keyword-url" - "\"hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=\""
[-] Chrome preferences cleaned: "browser.search.defaultengine" - "Ask Search"
[-] Chrome preferences cleaned: "browser.search.order.1" - "Ask Search"


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2266 Bytes] - [08/09/2016 16:18:21]
C:\AdwCleaner\AdwCleaner[S0].txt - [2853 Bytes] - [08/09/2016 16:17:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2412 Bytes] ##########
 
JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by pantahsharam (Administrator) on Thu 09/08/2016 at 16:31:25.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 58

Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{00AF124E-E821-4855-9D41-A13E008D8367} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{1215B215-B43B-499C-BDFC-AFF3D21446BB} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{19A48680-34BC-4184-8DE1-582A3DB04228} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{1ECEF254-4A13-481D-BD4B-6CBAF04783E2} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{204CB972-5DA6-4D77-8CD5-640B39CCA9E1} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{2105BAAA-A665-474F-91D2-4FB201C34F38} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{225E7CD5-A725-4751-BCB3-0269B26E61D3} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{499EE3C2-44BB-4D9C-B5A7-D2DA596E04F2} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{6840B832-BFA0-4812-BDAE-B5C2F52D82F5} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{6A3FF985-781E-4225-8C14-ECBB6B35EE1F} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{6C81BEF7-F04D-45F6-88B5-9E605EBCC60A} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{853F4EED-E066-42E2-9446-38ABD1022950} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{862793D7-3788-43E6-A2B7-4B4B23751AFD} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{8D1CFBEC-25D1-4EDE-A7C3-D22CA76E155C} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{9004E390-6184-4B0E-B431-6FE09CFBA1DB} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{96511885-2B34-4D55-81BC-CEAEDA58699F} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{AA520B7B-8080-47FF-A600-80FA33B3F337} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{B2E5CD29-E24E-4746-9AB0-B9CF96BB4C79} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{C1F53CB7-7C18-4D90-A200-458C8C258ED2} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{C6071F6C-EAFA-4D49-9E27-A3B17D96A663} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{D716E09A-FA75-4E7B-B751-086FEB8136E0} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{EB593DC8-DB81-4A39-A9E4-EC1D28C067F8} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{EF357285-C610-4952-A600-BA5A08B6CC25} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\{EF9EE58B-8F34-4860-BD72-820E11CE28A4} (Empty Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Invalidprefs.js (File)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IRJCQ8H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZCWSAHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\598AH9QG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O3J0R5Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6S1U4O6Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XZ99FAE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FTCAY0B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Y5LB8I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUR3MLEV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPF5XUSY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOCI55DI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNWCJNMA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM1KGWH3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWL7F15U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMOI38T4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\pantahsharam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZS9U65N5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IRJCQ8H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZCWSAHQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\598AH9QG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5O3J0R5Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6S1U4O6Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XZ99FAE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FTCAY0B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Y5LB8I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUR3MLEV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPF5XUSY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JOCI55DI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNWCJNMA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM1KGWH3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TWL7F15U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMOI38T4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZS9U65N5 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/08/2016 at 16:34:59.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 16-09-05.01 - pantahsharam 09/09/2016 10:19:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3753 [GMT 2:00]
Running from: c:\users\pantahsharam\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-08-09 to 2016-09-09 )))))))))))))))))))))))))))))))
.
.
2016-09-08 14:11 . 2016-09-08 14:18 -------- d-----w- C:\AdwCleaner
2016-09-08 13:04 . 2016-09-08 14:05 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-08 13:03 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-08 13:03 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-08 13:03 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-08 13:03 . 2016-09-08 13:03 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-09-08 09:38 . 2016-09-08 09:38 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-08 09:37 . 2016-09-08 09:37 -------- d-----w- c:\program files\RogueKiller
2016-09-08 09:37 . 2016-09-08 09:37 -------- d-----w- c:\programdata\RogueKiller
2016-09-07 12:21 . 2016-09-07 12:21 -------- d-----w- C:\QUARANTINE
2016-09-07 12:16 . 2016-09-07 12:29 -------- d-----w- C:\FRST
2016-09-06 19:49 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-06 19:44 . 2016-07-08 15:01 3218944 ----a-w- c:\windows\system32\win32k.sys
2016-09-06 19:35 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21B483F8-8E43-4CDF-ABDA-313CB1994E57}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-06 20:55 . 2012-01-21 05:37 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-07-26 12:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe
2016-07-14 18:15 . 2012-05-03 22:55 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 18:15 . 2011-10-12 23:42 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-06-26 00:35 . 2016-07-14 17:00 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-26 00:27 . 2016-07-14 17:00 756736 ----a-w- c:\windows\system32\win32spl.dll
2016-06-26 00:27 . 2016-07-14 17:00 344576 ----a-w- c:\windows\system32\ntprint.dll
2016-06-26 00:27 . 2016-07-14 17:00 970240 ----a-w- c:\windows\system32\localspl.dll
2016-06-26 00:27 . 2016-07-14 17:00 22528 ----a-w- c:\windows\system32\inetppui.dll
2016-06-26 00:27 . 2016-07-14 17:00 166400 ----a-w- c:\windows\system32\inetpp.dll
2016-06-26 00:27 . 2016-07-14 17:00 1208320 ----a-w- c:\windows\system32\aeinv.dll
2016-06-25 19:54 . 2016-07-14 17:00 497152 ----a-w- c:\windows\SysWow64\win32spl.dll
2016-06-25 19:53 . 2016-07-14 17:00 297472 ----a-w- c:\windows\SysWow64\ntprint.dll
2016-06-25 19:53 . 2016-07-14 17:00 48640 ----a-w- c:\windows\system32\wpnpinst.exe
2016-06-25 19:53 . 2016-07-14 17:00 61952 ----a-w- c:\windows\system32\ntprint.exe
2016-06-25 19:41 . 2016-07-14 17:00 61952 ----a-w- c:\windows\SysWow64\ntprint.exe
2016-06-22 13:06 . 2016-07-14 17:00 268800 ----a-w- c:\windows\system32\centel.dll
2016-06-17 18:24 . 2016-07-14 17:00 544256 ----a-w- c:\windows\system32\devinv.dll
2016-06-17 18:24 . 2016-07-14 17:00 571904 ----a-w- c:\windows\system32\generaltel.dll
2016-06-17 18:24 . 2016-07-14 17:00 294912 ----a-w- c:\windows\system32\invagent.dll
2016-06-17 18:24 . 2016-07-14 17:00 219136 ----a-w- c:\windows\system32\aepic.dll
2016-06-17 18:24 . 2016-07-14 17:00 1490432 ----a-w- c:\windows\system32\appraiser.dll
2016-06-17 18:24 . 2016-07-14 17:00 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-06-14 15:21 . 2016-07-14 17:00 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-09-05 333416]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-12-04 242792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\pantahsharam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-27 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.376\SSScheduler.exe [2016-7-19 407816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 hwusb_cdcacm;hwusb_cdcacm;c:\windows\system32\DRIVERS\ew_cdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_cdcacm.sys [x]
R3 hwusb_wwanecm;hwusb_wwanecm;c:\windows\system32\DRIVERS\ew_wwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_wwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.376\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.376\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R4 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IntelBCAsvc;Intel(R) Biometric and Context Agent Service;c:\program files\Intel\BCA\pabeSvc64.exe;c:\program files\Intel\BCA\pabeSvc64.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
S2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
S2 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys;c:\windows\SYSNATIVE\DRIVERS\easytthr.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 18:15]
.
2016-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 08:29]
.
2016-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 08:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{1925E23C-52D8-473A-98A4-A71281337318}: NameServer = 213.162.69.2 213.162.69.170
TCP: Interfaces\{7670DE11-D589-4090-8321-62C6C7B141BC}: NameServer = 213.162.69.2 213.162.69.170
TCP: Interfaces\{E206ABF8-83E3-4929-97F3-74FD5A27A50A}: NameServer = 213.162.69.2 213.162.69.170
TCP: Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}\6427565677166756: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}\75C414E402743C4A374756: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2012\QBW32.EXE -silent
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,98,ed,2f,ee,00,ae,4c,a1,cf,c6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,98,ed,2f,ee,00,ae,4c,a1,cf,c6,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-09-09 10:35:52
ComboFix-quarantined-files.txt 2016-09-09 08:35
.
Pre-Run: 241,023,524,864 bytes free
Post-Run: 241,694,130,176 bytes free
.
- - End Of File - - F2C8A209CD1B7114FDD98FB471E6CA8C
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by pantahsharam (administrator) on PANTAHSHARAM-HP (10-09-2016 09:07:57)
Running from C:\Users\pantahsharam\Desktop
Loaded Profiles: pantahsharam (Available Profiles: pantahsharam & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-03] (Intel(R) Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-06] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [242792 2012-12-04] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-18\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-09-09] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1925E23C-52D8-473A-98A4-A71281337318}: [NameServer] 213.162.69.2 213.162.69.170
Tcpip\..\Interfaces\{3C5C4C8E-0540-468D-85BD-E8E54443EB64}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7670DE11-D589-4090-8321-62C6C7B141BC}: [NameServer] 213.162.69.2 213.162.69.170
Tcpip\..\Interfaces\{E206ABF8-83E3-4929-97F3-74FD5A27A50A}: [NameServer] 213.162.69.2 213.162.69.170
Tcpip\..\Interfaces\{EB428A1F-D96E-4117-BACA-BF354E5871E4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F7C398A0-4DD9-4AEF-8DEF-B2705D8D117E}: [NameServer] 208.67.222.222,208.67.220.220

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140130001518.dll [2014-01-30] (McAfee, Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-05-06] (HP)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-11] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140130001519.dll [2014-01-30] (McAfee, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-05-06] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-11] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-05-17] (Intel Security)

FireFox:
========
FF ProfilePath: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-04-14] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-images.xml [2014-09-14]
FF SearchPlugin: C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\searchplugins\google-maps.xml [2014-09-14]
FF Extension: (WOT) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: (selectivecookiedelete) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\selectivecookiedelete@siju.mathew [2016-05-18]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-05-18]
FF Extension: (anonymoX) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\client@anonymox.net.xpi [2015-09-30]
FF Extension: (Firefox Hotfix) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-05]
FF Extension: (IPFlood) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\ip****@p4ul.info.xpi [2016-05-17]
FF Extension: (Adblock Plus) - C:\Users\pantahsharam\AppData\Roaming\Mozilla\Firefox\Profiles\o4dtd5gm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-17]
FF Extension: (TrueSuite Website Logon) - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2016-09-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-12-14] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-04-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-08] (Realsil Microelectronics Inc.) [File not signed]
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2014-02-07] () [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-06] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241016 2014-01-30] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [206448 2012-12-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2014-01-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-03] ()
S4 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.) [File not signed]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [878904 2016-05-16] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-05-16] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-05-16] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2013-03-12] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 hwusb_cdcacm; C:\Windows\System32\DRIVERS\ew_cdcacm.sys [124672 2014-04-16] (Huawei Technologies Co., Ltd.)
R3 hwusb_wwanecm; C:\Windows\System32\DRIVERS\ew_wwanecm.sys [379392 2014-04-16] (Huawei Technologies Co., Ltd.)
R3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [178840 2014-01-30] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [309400 2014-01-30] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2014-01-30] (McAfee, Inc.)
S3 mferkdet; C:\Windows\system32\drivers\mferkdet.sys [106112 2014-01-30] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2014-01-30] (McAfee, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-08-29] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-08] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 a3wlaqta; C:\Windows\System32\Drivers\a3wlaqta.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
U4 bdselfpr; no ImagePath
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S4 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-09 10:35 - 2016-09-09 10:35 - 00026258 _____ C:\ComboFix.txt
2016-09-09 10:15 - 2016-09-09 10:35 - 00000000 ____D C:\Qoobox
2016-09-09 10:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-09-09 10:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-09-09 10:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-09-09 10:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-09-09 10:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-09-09 10:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-09-09 10:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-09-09 10:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-09-09 09:03 - 2016-09-09 09:09 - 05658674 ____R (Swearware) C:\Users\pantahsharam\Desktop\ComboFix.exe
2016-09-08 16:34 - 2016-09-08 16:34 - 00008828 _____ C:\Users\pantahsharam\Desktop\JRT.txt
2016-09-08 16:11 - 2016-09-08 16:18 - 00000000 ____D C:\AdwCleaner
2016-09-08 16:10 - 2016-09-08 16:12 - 01610560 _____ (Malwarebytes) C:\Users\pantahsharam\Desktop\JRT.exe
2016-09-08 16:08 - 2016-09-08 16:11 - 03826240 _____ C:\Users\pantahsharam\Desktop\adwcleaner_6.010.exe
2016-09-08 16:04 - 2016-09-08 16:04 - 00012773 _____ C:\Users\pantahsharam\Desktop\Mbam log.txt
2016-09-08 15:04 - 2016-09-08 16:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-08 15:04 - 2016-09-08 15:04 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-08 15:03 - 2016-09-08 15:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-08 15:03 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-08 15:03 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-08 15:03 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-08 13:45 - 2016-09-08 14:02 - 22851472 _____ (Malwarebytes ) C:\Users\pantahsharam\Desktop\mbam-setup-2.2.1.1043.exe
2016-09-08 11:38 - 2016-09-08 11:38 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-09-08 11:37 - 2016-09-08 11:37 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-09-08 11:37 - 2016-09-08 11:37 - 00000000 ____D C:\ProgramData\RogueKiller
2016-09-08 11:37 - 2016-09-08 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-09-08 11:37 - 2016-09-08 11:37 - 00000000 ____D C:\Program Files\RogueKiller
2016-09-08 11:35 - 2016-09-08 11:36 - 33106704 _____ (Adlice Software ) C:\Users\pantahsharam\Desktop\setup.exe
2016-09-07 20:10 - 2016-09-07 20:20 - 00000318 _____ C:\Users\pantahsharam\Desktop\shodo.txt
2016-09-07 14:29 - 2016-09-10 09:07 - 00020295 _____ C:\Users\pantahsharam\Desktop\FRST.txt
2016-09-07 14:23 - 2016-09-07 14:29 - 00054055 _____ C:\Users\pantahsharam\Desktop\Addition.txt
2016-09-07 14:21 - 2016-09-07 14:21 - 00000000 ____D C:\QUARANTINE
2016-09-07 14:17 - 2016-09-07 14:41 - 00038117 _____ C:\Users\pantahsharam\Desktop\FRST (2).txt
2016-09-07 14:16 - 2016-09-10 09:07 - 00000000 ____D C:\FRST
2016-09-07 14:15 - 2016-09-07 14:15 - 02397696 _____ (Farbar) C:\Users\pantahsharam\Desktop\FRST64.exe
2016-09-06 22:49 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-06 22:49 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-06 22:49 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-06 22:49 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-06 22:49 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-06 22:49 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-06 22:49 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-06 22:49 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-06 22:49 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-06 22:49 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-06 22:49 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-06 22:49 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-06 22:49 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-06 22:49 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-06 22:49 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-06 22:49 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-06 22:49 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-06 22:49 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-06 22:49 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-06 22:49 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-06 22:49 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-06 22:49 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-06 22:49 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-06 22:49 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-06 22:49 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-06 22:49 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-06 22:49 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-06 22:49 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-06 22:49 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-06 22:49 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-06 22:49 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-06 22:49 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-06 22:49 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-06 22:49 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-06 22:49 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-06 22:49 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-06 22:49 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-06 22:49 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-06 22:49 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-06 22:49 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-06 22:49 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-06 22:49 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-06 22:49 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-06 22:49 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-06 22:49 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-06 22:49 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-06 22:49 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-06 22:49 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-06 22:49 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-06 22:49 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-06 22:49 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-06 22:49 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-06 22:49 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-06 22:49 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-06 22:49 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-06 22:49 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-06 22:49 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-06 22:49 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-06 22:49 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-06 22:49 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-06 22:49 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-06 22:49 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-06 22:49 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-06 21:49 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-06 21:49 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-06 21:49 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-06 21:49 - 2016-07-08 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-06 21:49 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-06 21:49 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-06 21:49 - 2016-07-08 17:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-06 21:49 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-06 21:49 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-06 21:49 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-06 21:49 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-06 21:49 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-06 21:49 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-06 21:49 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-06 21:44 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-05 22:15 - 2016-09-06 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-05 21:58 - 2016-09-05 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-10 09:07 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-10 09:07 - 2009-07-14 06:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-10 08:59 - 2009-07-14 07:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-10 08:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-10 08:52 - 2013-05-29 02:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-10 08:52 - 2011-12-28 18:26 - 00000000 ____D C:\Users\pantahsharam\AppData\LocalLow\AuthenTec
2016-09-10 08:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-09 23:10 - 2012-12-03 18:12 - 00000000 ____D C:\Users\pantahsharam\AppData\Roaming\vlc
2016-09-09 22:53 - 2012-01-23 23:44 - 00000000 ____D C:\Users\pantahsharam\AppData\Local\CrashDumps
2016-09-09 22:38 - 2013-05-29 02:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-09 22:14 - 2013-05-29 02:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-09 21:21 - 2015-12-15 21:03 - 00376832 ___SH C:\Users\pantahsharam\Desktop\Thumbs.db
2016-09-09 21:20 - 2011-12-28 18:27 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9C744B26-60FB-48D2-87E2-AE69436145DA}
2016-09-09 10:30 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-09-08 14:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-09-07 12:14 - 2009-07-14 06:45 - 05114856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-06 23:01 - 2013-08-05 09:02 - 00000000 ____D C:\Windows\system32\MRT
2016-09-06 22:55 - 2012-01-21 07:37 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-06 12:42 - 2012-05-05 07:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-05 21:58 - 2016-06-09 19:19 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-09-05 21:58 - 2015-09-04 11:37 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-21 18:28 - 2015-12-05 19:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2014-02-28 02:48 - 2015-12-19 02:03 - 0099384 _____ () C:\Users\pantahsharam\AppData\Roaming\inst.exe
2014-02-28 02:48 - 2015-12-19 02:03 - 0007859 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat
2014-02-28 02:48 - 2015-12-19 02:03 - 0001167 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf
2014-02-28 02:48 - 2015-12-19 02:03 - 0000055 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.log
2014-02-28 02:48 - 2015-12-19 02:03 - 0082816 _____ (VSO Software) C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys
2014-02-25 06:23 - 2014-02-25 06:23 - 0000246 _____ () C:\Users\pantahsharam\AppData\Roaming\Recent.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0002242 _____ () C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt
2011-12-28 07:34 - 2011-12-28 07:34 - 0001547 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0000663 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0001247 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt
2013-03-05 07:13 - 2013-03-05 07:13 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-06 17:06

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by pantahsharam (07-09-2016 14:23:37)
Running from C:\Users\pantahsharam\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-28 16:25:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3255573426-2543451188-2402224606-500 - Administrator - Disabled)
Guest (S-1-5-21-3255573426-2543451188-2402224606-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3255573426-2543451188-2402224606-1004 - Limited - Enabled)
pantahsharam (S-1-5-21-3255573426-2543451188-2402224606-1000 - Administrator - Enabled) => C:\Users\pantahsharam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.206.1717.117 - Alps Electric)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
AuthenTec TrueAPI (Version: 1.3.0.111 - AuthenTec, Inc.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DidjImp (HKLM-x32\...\{BB80F384-B770-4D15-A420-DA1A6853A85B}) (Version: 0.5.0 - JesusFreke)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
EasyTether (HKLM-x32\...\{c751b7eb-df27-4668-b05f-7457d2fa9e00}) (Version: 1.1.18 - Mobile Stream)
EasyTether (Version: 1.1.18 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{F45DA6A7-AD7C-489A-B9E2-CCFC70A46A2A}) (Version: 1.0.1 - Mobile Stream)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D8B3696-E52D-4291-B833-9F6AEB1CC4AB}) (Version: 2.1.0 - Hewlett-Packard Company)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}) (Version: 2.4.3 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}) (Version: 5.3.0.163 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.06.123 - Huawei Technologies Co.,Ltd)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 3.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 3.9.0 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.03000 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Creator LE 5.0.6 (HKLM-x32\...\Music Creator LE_is1) (Version: 17.0 - Cakewalk Music Software)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NowSmart Cut (HKLM-x32\...\NowSmart Cut) (Version: 1.2 - NowSmart)
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14074.11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Search Protection (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\Search Protection) (Version: 8.5.0.1 - Spigot, Inc.) <==== ATTENTION
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.77 - NCH Software)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.79.0 - Verizon)
WinDirStat 1.1.2 (HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Words of Dhamma (HKLM-x32\...\Words_of_Dhamma) (Version: - )
Zoomquilt Screensaver (HKLM-x32\...\Zoomquilt Screensaver.scr) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17EB695A-4DAC-41B5-99B4-2B7AC6990054} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2914A811-3409-4660-A0ED-A63169E2436D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-22] (Hewlett-Packard Company)
Task: {2B44E91C-B44A-4B5A-802B-D3A208DB7720} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {4D7DD924-23DE-4B88-A807-FB0B3257CE4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {6C96C7AD-41E2-42E6-8D43-B1474446A4F7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {71E4D199-61A8-4A08-8872-C9EC4012149C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-16] (CyberLink)
Task: {7A58F646-E121-433B-951A-952ECCDE8805} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8AF82163-C34D-4C69-A0EE-BF4EA497EAA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {8C76AEB1-6694-494D-8C1A-EF039AE99464} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-23] (Hewlett-Packard Company)
Task: {9174BB03-1929-405D-8466-C72F5F6C357C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)
Task: {9B5F4A6D-7591-4DB5-95E5-B5155A5E5642} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {9D33B6D0-AEFE-4FF8-ACEF-01AAC3F4BE6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {C02241B9-B7E9-48CB-900B-607B6866A7D4} - System32\Tasks\{534BBE50-E4CD-4D06-B33A-278EFEE2EECB} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {E5C3DB6E-494C-4AFD-ACE5-7BC55CFA5FE3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3255573426-2543451188-2402224606-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E6ED4F78-0B44-49D3-9ABC-BF8C1EA58529} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-22] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-10-28 04:02 - 2013-10-28 04:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-12-14 19:47 - 2014-02-07 05:59 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2012-03-18 01:18 - 2011-03-02 21:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-04-15 20:16 - 2011-04-15 20:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-02 23:41 - 2011-05-02 23:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2015-12-14 19:40 - 2014-03-04 10:14 - 00088144 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
2015-12-14 20:11 - 2014-02-07 05:59 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2015-12-14 19:47 - 2014-02-07 05:59 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2015-12-14 19:47 - 2014-02-07 05:59 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2015-12-14 19:47 - 2014-03-04 07:54 - 02416640 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2015-12-14 19:47 - 2014-03-04 07:54 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2007-04-19 05:30 - 2007-04-19 05:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-19 05:30 - 2007-04-19 05:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2016-05-24 12:20 - 2016-05-24 12:20 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f91bd970f20123a46b575cf6e92bc441\IsdiInterop.ni.dll
2011-11-17 00:37 - 2011-04-30 10:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-12-14 19:40 - 2014-03-05 16:47 - 00425984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\core.dll
2015-12-14 19:40 - 2014-03-05 16:47 - 00275968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\sdk.dll
2015-12-14 19:41 - 2014-02-07 05:59 - 00011362 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\mingwm10.dll
2015-12-14 19:41 - 2014-02-07 05:59 - 00043008 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 02416640 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 09559040 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtGui4.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00390656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Proxy.DLL
2015-12-14 19:40 - 2014-03-05 16:44 - 00243712 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Common.dll
2015-12-14 19:40 - 2014-03-05 16:44 - 00157696 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Trace.dll
2015-12-14 19:40 - 2014-03-05 16:44 - 00546304 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\PluginContainer.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00260608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AtCodec.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00322560 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00237056 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00156160 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSDialup.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00190464 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XCodec.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00154624 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DataServicePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00284672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00219136 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00142336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00339968 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceAppPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00065536 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSPowerMgr.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00120192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\Win7Support.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00167936 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ATR2SMgr.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 01088512 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00708608 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SmsAppPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00158720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00233984 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialUpPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00102400 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSAdapt.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00200192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:45 - 00131584 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\OSNDIS.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 01146880 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NDISAPI.dll
2015-12-14 19:40 - 2014-03-05 16:46 - 00317952 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:50 - 00560128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00304128 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\XFramePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:52 - 00831488 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MiniFramePlugin.dll
2015-12-14 19:41 - 2014-02-10 08:37 - 15675904 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtWebKit4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 01148416 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtNetwork4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 03962368 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXmlPatterns4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 00306176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\phonon4.dll
2015-12-14 19:41 - 2014-03-04 07:54 - 00398336 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\QtXml4.dll
2015-12-14 19:40 - 2014-03-05 16:49 - 00097280 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NotifyServicePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:52 - 00331776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetConnectPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:47 - 00419328 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DialupUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00318976 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:52 - 00274944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\MenuMgrPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:53 - 00412672 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\DiagnosisPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00117248 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LayoutPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:51 - 00309760 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SettingUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:50 - 00502784 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetSettingPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:53 - 00308736 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00100352 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\CompressRatePlugin.dll
2015-12-14 19:40 - 2014-03-05 16:53 - 00518656 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:49 - 00841216 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\SMSUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00110080 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\ServiceUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00139776 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\HelpUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:54 - 00434688 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\USSDUIPlugin.dll
2015-12-14 19:40 - 2014-03-05 16:49 - 00808448 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00082944 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00081920 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00192000 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qjpeg4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00350720 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qmng4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00370176 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\plugins\imageformats\qtiff4.dll
2015-12-14 19:40 - 2014-02-07 05:59 - 00712192 _____ () C:\Program Files (x86)\T-Mobile\InternetManager_H\LiveUpdateInterface.dll
2015-12-14 19:47 - 2014-03-04 07:54 - 09559040 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2015-12-14 20:11 - 2014-02-07 05:59 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2015-12-14 20:11 - 2014-02-07 05:59 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)
 
==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-09-05 21:58 - 00000068 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pantahsharam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.162.69.2 - 213.162.69.170
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: QBVSS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\pantahsharam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: uTorrent => "C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: Viber => "C:\Users\pantahsharam\AppData\Local\Viber\Viber.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{535DEF20-967B-4CBC-BABB-A2D5B36F7659}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{11954BBB-9A3A-4691-BE4C-D945442D0F3E}] => (Allow) LPort=2869
FirewallRules: [{7F4C500E-050C-4827-87F4-1A3820AE5B9B}] => (Allow) LPort=1900
FirewallRules: [{24BFCB71-A0D2-4745-A1F4-54A067990CCD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3BAD2048-FA8F-47C9-9FC8-D6B6AE76B6EB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{73A1D281-F742-4E18-B135-48AB589E0C49}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{28C1B73D-04CF-4576-A8BF-60A6003529A2}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{6C6DCD9D-00D7-426E-9BC6-D18AA2DBE924}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{68C4C460-542C-4785-ABF0-4A1BC72E04CC}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [TCP Query User{99601ED0-07B8-4084-A8E5-C8508C99EF3A}G:\techwizard.exe] => (Allow) G:\techwizard.exe
FirewallRules: [UDP Query User{EF85F817-C314-4E16-9EB0-9E64B786F4E5}G:\techwizard.exe] => (Allow) G:\techwizard.exe
FirewallRules: [{0FA71815-F6E0-42EA-A876-F4F7D52EF595}] => (Allow) LPort=50000
FirewallRules: [TCP Query User{916BABC6-8034-4878-B795-CD85F5665E94}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [UDP Query User{B658BC1B-AA90-4C6F-8D7E-DD08E6E3861D}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [TCP Query User{593A0817-3C58-4BBD-B361-4E046113DB09}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{4104E552-16A0-4C2F-9281-90BF9A0728DC}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{78574185-550B-4F9C-A860-732C799B2036}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [UDP Query User{9D66C94F-DAB9-4AEB-B5B9-9ACCDD2F5579}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe
FirewallRules: [TCP Query User{83A79043-78A5-4E56-9F03-0D240D2C6EE6}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [UDP Query User{1CDEC6E3-72C8-49F6-A43C-20A8FFC33A45}C:\users\pantahsharam\downloads\utorrent.exe] => (Block) C:\users\pantahsharam\downloads\utorrent.exe
FirewallRules: [{3924264D-AD69-4ADB-B243-3333C4FA357E}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{84CF44A7-1E40-4496-A0D1-0163B4AF9FF6}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{58445CF4-3C08-444F-88E1-5C2C405A0536}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{29610B48-BAD4-4617-8378-00E06C7CC2E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E74920FF-B27E-4346-A994-DC653DD158E5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{9E07CA32-6550-4F8F-8259-1267522CA233}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{F0514ED8-BD2A-4818-A79E-E35DE7949D4E}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{6CA9A441-1FD9-4FA9-9939-EB246EAA3704}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{D9DD1928-A10E-47A1-9399-C9920ECCC805}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{C479B4E4-9BA6-463B-B67B-AF0B84A1C833}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{30DB3936-93C9-4BF0-83B3-DEC0B1BC697E}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{9A02EEDF-E1D3-4D7F-8B51-681AB1075DA5}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{FA8A9F26-A6F0-424C-9BAA-7DBD08D2DF12}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{039BFBD6-C911-4A59-9676-434D7F2F46AC}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{22AD8305-286E-4E68-A6C1-79FF9070FE8D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{0DA12083-73B1-490E-9B4A-9ABEF7A1DDC7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{3B94BECC-F0D8-429E-B038-C93C66567D3F}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DB88D875-CE11-4099-8442-F43D3633D157}] => (Allow) C:\Users\pantahsharam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7BFEA746-E17F-4668-ADB3-E3D4EF3A1109}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{1E30D33A-2675-4589-88CD-5CDE358154FE}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{70227428-859C-4844-819E-0CC521DCA13F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{82825B69-BEA8-4106-8D0D-F04F57DBB3CA}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [UDP Query User{0016BA01-0B6D-4D17-865C-5043C8DF24B9}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [TCP Query User{9240AD9E-9E1E-45A0-BCA7-DD742D69D92C}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [UDP Query User{DB255704-E3E8-47A7-A14E-343570C8581F}C:\users\pantahsharam\desktop\utorent.exe] => (Block) C:\users\pantahsharam\desktop\utorent.exe
FirewallRules: [TCP Query User{A2516549-1AE6-4D71-BA84-D40CABB3C327}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{7D365DD6-6951-4353-875C-E425CA3CF0B4}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [{B1D8E745-BF1A-443E-9BD1-BC1ABE3B3C11}] => (Allow) LPort=50001
FirewallRules: [{6726D298-C5FE-44B0-8E42-00F2694AE42E}] => (Allow) LPort=50001
FirewallRules: [{1332FD5B-DACC-42E1-B04F-439F9692926E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01D516F0-58DD-4CAD-9E05-EE3DD68D17B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8EF2F46F-4D1F-4C0E-92DC-EE0C919EDA31}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{54F68F5E-6F72-4802-ACA2-AA751451FB66}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{ECB69B30-6A9C-48B9-B5E4-2F782999329D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81AAE72F-1E77-4655-9175-67AAED8F1131}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4D49ED8-22CB-4809-B47E-4E8D04D0D8DD}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{D0A9D3FE-D619-4C35-847D-D2C086BF81F5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdController.exe
FirewallRules: [{AA4F7797-A07A-43DD-9043-4C653F9D8DF8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{06CE6878-FAB9-4739-83B7-092129856B68}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServer.exe
FirewallRules: [{89A586C3-E625-40DC-8BC1-05759382B83A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\support\bin\win\RosettaStoneLtdServices.exe

==================== Restore Points =========================

23-06-2016 09:14:41 Windows Update
01-07-2016 23:10:21 Windows Update
07-07-2016 19:30:12 Windows Update
12-07-2016 00:50:45 Windows Update
15-07-2016 01:21:18 Windows Update
23-07-2016 20:00:25 Scheduled Checkpoint
24-07-2016 19:03:28 Windows Update
01-08-2016 10:11:52 Windows Update
06-09-2016 17:13:23 Scheduled Checkpoint
06-09-2016 21:34:31 Windows Update
06-09-2016 22:52:30 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2016 02:21:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 31.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1480

Start Time: 01d20901add387a6

Termination Time: 20

Application Path: C:\Users\pantahsharam\Desktop\FRST64.exe

Report Id: 596351f9-74f5-11e6-bbe2-101f74fef953

Error: (09/07/2016 12:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
Faulting module name: TrueSuiteService.exe, version: 5.3.0.163, time stamp: 0x4dc363f3
Exception code: 0xc0000417
Fault offset: 0x0001275a
Faulting process id: 0x34c
Faulting application start time: 0x01d208f08e0932a7
Faulting application path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Faulting module path: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Report Id: d9eea56a-74e3-11e6-bbe2-101f74fef953

Error: (09/06/2016 04:36:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0xca8
Faulting application start time: 0x01d2082af7336d56
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 533b5b62-743f-11e6-9a46-101f74fef953

Error: (08/01/2016 10:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x1c28
Faulting application start time: 0x01d1ebe8d3fbf62d
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: a3f2e763-5822-11e6-b5be-101f74fef953

Error: (08/01/2016 11:42:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0xc8c
Faulting application start time: 0x01d1ebca9f5fee81
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 40f9db8c-57cc-11e6-b5be-101f74fef953

Error: (07/31/2016 05:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x1500
Faulting application start time: 0x01d1eb3f9fcc7b3b
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: f3520c9c-5732-11e6-b5be-101f74fef953

Error: (07/31/2016 03:34:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x17e4
Faulting application start time: 0x01d1eb2e8ba97f5a
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 8525e054-5723-11e6-b5be-101f74fef953

Error: (07/31/2016 11:08:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 868

Start Time: 01d1eb0aa1f3a68d

Termination Time: 78

Application Path: C:\Windows\Explorer.EXE

Report Id: 3e5b74f7-56fe-11e6-b5be-101f74fef953

Error: (07/30/2016 11:41:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0x3b0
Faulting application start time: 0x01d1ea5bc95c5061
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: 6337f155-569e-11e6-bbc9-101f74fef953

Error: (07/25/2016 10:20:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Internet Manager.exe, version: 0.0.0.0, time stamp: 0x531578ad
Faulting module name: QtCore4.dll, version: 4.6.2.0, time stamp: 0x52ff17e6
Exception code: 0xc0000005
Fault offset: 0x00100217
Faulting process id: 0xc04
Faulting application start time: 0x01d1e64c9a00da3e
Faulting application path: C:\Program Files (x86)\T-Mobile\InternetManager_H\Internet Manager.exe
Faulting module path: C:\Program Files (x86)\T-Mobile\InternetManager_H\QtCore4.dll
Report Id: b5ed7691-5240-11e6-814a-101f74fef953


System errors:
=============
Error: (09/07/2016 02:26:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 02:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:35:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:31:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:18:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:15:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s).

Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Internet Manager. OUC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/07/2016 12:14:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Internet Manager. OUC service to connect.

Error: (09/07/2016 12:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/06/2016 09:40:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{06622D85-6856-4460-8DE1-A81921B41C4B}
and APPID
{06622D85-6856-4460-8DE1-A81921B41C4B}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2014-01-29 08:57:45.903
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-29 08:57:45.823
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 6091.86 MB
Available physical RAM: 3007.3 MB
Total Virtual: 12181.9 MB
Available Virtual: 9227.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:571.05 GB) (Free:220.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.96 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32
Drive I: (Internet Manager) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive l: () (Removable) (Total:1.89 GB) (Free:0.97 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 72185642)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=571.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
In my first reply I asked you to uninstall Search Protection.
It seems to still be there.
What happened?
 
Right after I read your reply, I uninstalled Search Protection in the Control Panel.
I can't find it anywhere now, lookprogr.JPG
 
OK.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.6 KB · Views: 3
After I ran the fix it rebooted the machine and first thing it gave me the log and then asked if I want to allow "MAsetup..." to make changes to my computer and I said NO. wasnt sure what it was. Was it part of the fix?




Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by pantahsharam (11-09-2016 18:50:55) Run:1
Running from C:\Users\pantahsharam\Desktop
Loaded Profiles: pantahsharam (Available Profiles: pantahsharam & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
U3 mfeavfk01; no ImagePath
U3 a3wlaqta; C:\Windows\System32\Drivers\a3wlaqta.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
U4 bdselfpr; no ImagePath
S4 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
S4 iwdbus; system32\DRIVERS\iwdbus.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Windows\System32\Drivers\a3wlaqta.sys
2014-02-28 02:48 - 2015-12-19 02:03 - 0099384 _____ () C:\Users\pantahsharam\AppData\Roaming\inst.exe
2014-02-28 02:48 - 2015-12-19 02:03 - 0007859 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat
2014-02-28 02:48 - 2015-12-19 02:03 - 0001167 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf
2014-02-28 02:48 - 2015-12-19 02:03 - 0000055 _____ () C:\Users\pantahsharam\AppData\Roaming\pcouffin.log
2014-02-28 02:48 - 2015-12-19 02:03 - 0082816 _____ (VSO Software) C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys
2014-02-25 06:23 - 2014-02-25 06:23 - 0000246 _____ () C:\Users\pantahsharam\AppData\Roaming\Recent.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0002242 _____ () C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt
2011-12-28 07:34 - 2011-12-28 07:34 - 0001547 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0000663 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt
2011-12-28 07:36 - 2011-12-28 07:36 - 0001247 _____ () C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt
2013-03-05 07:13 - 2013-03-05 07:13 - 0000057 _____ () C:\ProgramData\Ament.ini
CustomCLSID: HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\pantahsharam\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {9B5F4A6D-7591-4DB5-95E5-B5155A5E5642} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3255573426-2543451188-2402224606-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
InstallerService => service removed successfully
mfeavfk01 => service removed successfully
a3wlaqta => service removed successfully
andnetadb => service removed successfully
AndNetDiag => service removed successfully
ANDNetModem => service removed successfully
andnetndis => service removed successfully
bdselfpr => service removed successfully
catchme => service removed successfully
intaud_WaveExtensible => service removed successfully
iwdbus => service removed successfully
massfilter => service removed successfully
usbbus => service removed successfully
UsbDiag => service removed successfully
USBModem => service removed successfully
ZTEusbmdm6k => service removed successfully
ZTEusbnmea => service removed successfully
ZTEusbser6k => service removed successfully
Could not move "C:\Windows\System32\Drivers\a3wlaqta.sys" => Scheduled to move on reboot.
C:\Users\pantahsharam\AppData\Roaming\inst.exe => moved successfully
C:\Users\pantahsharam\AppData\Roaming\pcouffin.cat => moved successfully
C:\Users\pantahsharam\AppData\Roaming\pcouffin.inf => moved successfully
C:\Users\pantahsharam\AppData\Roaming\pcouffin.log => moved successfully
C:\Users\pantahsharam\AppData\Roaming\pcouffin.sys => moved successfully
C:\Users\pantahsharam\AppData\Roaming\Recent.txt => moved successfully
C:\Users\pantahsharam\AppData\Local\IWDAudHelper.20111227.213648.txt => moved successfully
C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213449.txt => moved successfully
C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213638.txt => moved successfully
C:\Users\pantahsharam\AppData\Local\PDLSetup.20111227.213647.txt => moved successfully
C:\ProgramData\Ament.ini => moved successfully
"HKU\S-1-5-21-3255573426-2543451188-2402224606-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B5F4A6D-7591-4DB5-95E5-B5155A5E5642}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B5F4A6D-7591-4DB5-95E5-B5155A5E5642}" => key removed successfully
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => key not found.
"C:\Users\pantahsharam\AppData\Local\FilesFrog Update Checker" => not found.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-09-2016 18:53:50)

C:\Windows\System32\Drivers\a3wlaqta.sys => Is moved successfully

==== End of Fixlog 18:53:50 ====
 
It was "MASetupCleaner.exe"
( I did a google search and it has something to do with the Samsung Kies Program which I uninstalled a few hours ago cos I never use it. )
 
Very well.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 40
Java version 32-bit out of Date!
Adobe Flash Player 22.0.0.209
Mozilla Firefox (47.0.1)
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise SHSTAT.EXE
Internet Manager OnlineUpdate ouc.exe
Internet Manager OnlineUpdate LiveUpd.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back