Solved TECHBROWSING.COM appearing when chrome restores previous pages.

Everett · Mar 3, 2016

When I re-open google chrome I get an additional tab that I have not been visiting. Everything else seems to be running normally and I am not having other pop up issues. I will post the frst logs next.

Everett · Mar 3, 2016

I'm having trouble posting any of my log files. When I do a short post like this it works but even just trying to post the processes list in the frst file, when I press post reply the other two buttons go dim but then nothing else happens and the other two buttons become black again. I've tried refreshing and making a small post and then editing it but its not working. please help.

EDIT: I was able to post the files via internet explorer. seems like my chrome isn't working poperly.

Everett · Mar 3, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by Jesus (administrator) on JESUS-PC (03-03-2016 11:09:49)
Running from C:\Users\Jesus\Desktop\malware tools
Loaded Profiles: Jesus (Available Profiles: Jesus & fbwuser29C8 & fbwuserFBEA & fbwuser5783)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC4\winvnc4.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Flux Software LLC) C:\Users\Jesus\AppData\Local\FluxSoftware\Flux\flux.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
() C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

Everett · Mar 3, 2016

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-05-20] (Synaptics, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM-x32\...\Run: [VAIOSurvey] => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Run: [f.lux] => C:\Users\Jesus\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3862297630-1303015323-3635741390-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3862297630-1303015323-3635741390-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4051FF07-D6F1-440B-9B46-6DB26F2E76C3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{43913E9A-76E5-43E6-9D7A-2F904D587F4E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9479664B-AAA3-4ACD-B723-E223B4D01FF5}: [DhcpNameServer] 8.8.8.8
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sonystyle.ca/vaio
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sonystyle.ca/vaio
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sonystyle.ca/vaio
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sonystyle.ca/vaio
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
SearchScopes: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000 -> DefaultScope {05FB1E52-C923-4F6C-AE91-AD5AF927BD88} URL = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
SearchScopes: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000 -> {05FB1E52-C923-4F6C-AE91-AD5AF927BD88} URL = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
SearchScopes: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000 -> {EC29F814-3FE6-4F8C-BFB9-567E9C5F6372} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-02-01] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-02-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-13] [not signed]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M7684315B-37F3-49FE-9DFE-325686680F51&SearchSource=55&CUI=&UM=8&UP=SPBF496382-60B6-4495-848A-59B622EFC2AC&SSPV="
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-13]
CHR Extension: (Google Docs) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-13]
CHR Extension: (Google Drive) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Turn Off the Lights) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-02-29]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1371136 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2442368 2016-02-17] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-02-17] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 RtkAudioService; C:\Windows\RtkAudioService.exe [139808 2008-07-15] (Realtek Semiconductor)
S3 SOHCImp; C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2360048 2011-02-04] (RealVNC Ltd)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19456 2008-01-30] (ArcSoft, Inc.)
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [10216 2008-07-11] (Sony Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-06-13] (DT Soft Ltd)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-06-14] (REALiX(tm))
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2015-06-14] (REDC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-11-05] (Windows (R) Win 7 DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

Everett · Mar 3, 2016

==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-03 11:09 - 2016-03-03 11:09 - 00000000 ____D C:\FRST
2016-03-02 20:41 - 2016-03-02 23:54 - 1661174754 _____ C:\Users\Jesus\Downloads\Kung.Fu.Panda.3.2016.HC.1080p.HDRiP.x264.ShAaNiG.mkv
2016-03-02 20:38 - 2016-03-02 21:17 - 736517493 _____ C:\Users\Jesus\Downloads\Kung.Fu.Panda.3.2016.720p.HC.WEBRip.700MB.MkvCage.mkv
2016-03-02 20:34 - 2016-03-02 20:34 - 00117855 _____ C:\Users\Jesus\Downloads\[kat.cr]kung.fu.panda.3.2016.hc.hdrip.xvid.ac3.evo.torrent
2016-03-02 20:23 - 2016-03-02 20:28 - 35713471 _____ C:\Users\Jesus\Desktop\Kodi.apk
2016-03-02 20:17 - 2016-03-02 20:22 - 00000000 ____D C:\Users\Jesus\Downloads\Bluestacks 2.0.2.5623 Mod Rooted
2016-03-02 20:15 - 2016-03-02 20:15 - 00014794 _____ C:\Users\Jesus\Downloads\[kat.cr]bluestacks.2.0.2.5623.mod.rooted.offline.installer.core.x.torrent
2016-03-02 20:01 - 2016-03-02 20:11 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Kodi
2016-03-02 19:59 - 2016-03-02 19:59 - 00431684 _____ C:\Users\Jesus\AppData\Local\dd_vcredistMSI6202.txt
2016-03-02 19:59 - 2016-03-02 19:59 - 00011366 _____ C:\Users\Jesus\AppData\Local\dd_vcredistUI6202.txt
2016-03-02 19:58 - 2016-03-02 19:58 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-03-02 19:58 - 2016-03-02 19:58 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-03-02 19:53 - 2016-03-02 19:56 - 83064067 _____ C:\Users\Jesus\Downloads\kodi-16.0-Jarvis.exe
2016-02-26 07:58 - 2016-02-26 07:58 - 00000000 ____H C:\asc_rdflag
2016-02-25 17:48 - 2016-02-25 18:40 - 00000000 ____D C:\Users\Jesus\Downloads\Ratatouille (2007) [1080p]
2016-02-25 10:00 - 2016-02-25 15:59 - 00000000 ____D C:\Users\Jesus\Downloads\Top Pot Hand-Forged Doughnuts - Mark Klebeck
2016-02-25 09:56 - 2016-02-25 09:56 - 00005450 _____ C:\Users\Jesus\Downloads\[kat.cr]top.pot.hand.forged.doughnuts.secrets.and.recipes.for.the.home.baker.mark.klebeck.epub.mentalzero.torrent
2016-02-22 09:19 - 2016-01-07 10:27 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-22 09:18 - 2016-01-09 12:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-22 09:18 - 2016-01-09 11:42 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-22 09:17 - 2016-01-29 22:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-22 09:17 - 2016-01-29 21:44 - 01915392 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-22 09:12 - 2016-02-01 12:25 - 01589376 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-22 09:12 - 2016-02-01 12:25 - 01171696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdohlp.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2016-02-22 09:12 - 2016-01-29 22:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbeio.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2016-02-22 09:12 - 2016-01-29 22:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2016-02-22 09:12 - 2016-01-29 22:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2016-02-22 09:12 - 2016-01-29 22:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasads.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasdatastore.dll
2016-02-22 09:12 - 2016-01-29 22:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-22 09:12 - 2016-01-29 21:48 - 04693952 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-22 09:12 - 2016-01-29 21:44 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-02-22 09:12 - 2016-01-29 21:44 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2016-02-22 09:12 - 2016-01-29 21:44 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2016-02-22 09:12 - 2016-01-29 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 01067008 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2016-02-22 09:12 - 2016-01-29 21:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2016-02-22 09:12 - 2016-01-29 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2016-02-22 09:12 - 2016-01-29 20:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-22 09:12 - 2016-01-29 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iashost.exe
2016-02-22 09:12 - 2016-01-29 20:24 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-22 09:12 - 2016-01-29 20:24 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-22 09:12 - 2016-01-29 20:24 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-22 09:11 - 2016-01-07 10:32 - 02799104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-14 14:08 - 2016-02-14 14:08 - 00053054 _____ C:\Users\Jesus\Downloads\[kat.cr]matilda.1996.720p.bluray.x264.amiable.torrent
2016-02-14 13:30 - 2016-02-14 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-02-14 13:30 - 2016-02-14 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-02-09 13:04 - 2016-02-09 13:04 - 00000000 ____D C:\Users\Jesus\Downloads\35HappyBudgies_FLAC
2016-02-09 11:34 - 2016-02-09 11:54 - 367225681 _____ C:\Users\Jesus\Downloads\35HappyBudgies_FLAC.zip
2016-02-08 22:04 - 2016-02-08 22:13 - 00000000 ____D C:\Users\Jesus\Downloads\Despicable Me (2010) [1080p]
2016-02-08 22:04 - 2016-02-08 22:04 - 00017072 _____ C:\Users\Jesus\Downloads\[kat.cr]despicable.me.2010.1080p.brrip.x264.yify.torrent
2016-02-08 19:46 - 2016-02-08 19:46 - 00011890 _____ C:\Users\Jesus\Downloads\[kat.cr]dispicable.me.2010.mp4.torrent
2016-02-08 19:46 - 2016-02-08 19:46 - 00000000 ____D C:\Users\Jesus\Downloads\Am anfang war das licht
2016-02-07 02:02 - 2016-02-07 02:02 - 00278160 _____ C:\Windows\Minidump\Mini020716-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-03 11:09 - 2016-01-14 21:20 - 00000000 ____D C:\Users\Jesus\Desktop\malware tools
2016-03-03 10:42 - 2015-12-13 09:39 - 00003242 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2016-03-03 10:42 - 2015-06-14 17:34 - 00002874 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Jesus)
2016-03-03 10:39 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 10:39 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 10:38 - 2015-06-13 09:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 10:34 - 2015-06-13 14:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-03 10:13 - 2015-06-13 09:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-03 08:39 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-03 02:00 - 2015-06-13 16:23 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\qBittorrent
2016-03-03 02:00 - 2006-11-02 10:42 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-02 23:44 - 2015-06-14 16:44 - 00000334 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2016-03-02 20:00 - 2015-07-16 07:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-02 14:15 - 2015-06-13 22:15 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\vlc
2016-02-29 08:32 - 2015-06-13 10:28 - 00000000 ____D C:\ProgramData\ProductData
2016-02-26 07:59 - 2015-06-14 18:00 - 67006464 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2016-02-26 07:59 - 2015-06-14 18:00 - 00020480 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2016-02-26 07:58 - 2015-06-14 18:00 - 62107648 _____ C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2016-02-26 07:58 - 2015-06-14 18:00 - 00229376 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2016-02-26 07:58 - 2015-06-14 18:00 - 00057344 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2016-02-25 23:48 - 2015-06-13 22:02 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-02-25 23:47 - 2015-06-13 22:04 - 00000955 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2016-02-25 23:47 - 2015-06-13 22:02 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-02-25 17:48 - 2015-06-13 16:16 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\uTorrent
2016-02-25 10:00 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf
2016-02-22 10:13 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2016-02-22 10:03 - 2006-11-02 07:46 - 00759542 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-22 09:56 - 2006-11-02 10:21 - 00320824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-22 09:53 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-22 09:53 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-22 09:51 - 2015-06-13 16:43 - 00000000 ____D C:\Windows\system32\MRT
2016-02-22 09:24 - 2006-11-02 07:35 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-19 16:18 - 2015-06-13 09:30 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 16:18 - 2015-06-13 09:30 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-08 21:57 - 2015-06-13 10:25 - 00039424 _____ C:\Users\Jesus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-07 02:02 - 2015-09-11 17:16 - 538986371 _____ C:\Windows\MEMORY.DMP
2016-02-07 02:02 - 2015-09-11 17:16 - 00000000 ____D C:\Windows\Minidump
2016-02-06 09:01 - 2015-06-15 18:20 - 00000000 ____D C:\ProgramData\Oracle
2016-02-06 09:00 - 2015-06-15 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-06 09:00 - 2008-08-12 16:03 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-06 08:59 - 2015-08-27 08:35 - 00000000 ____D C:\Users\Jesus\.oracle_jre_usage
2016-02-06 08:58 - 2015-06-15 18:31 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-04 07:58 - 2015-12-28 11:32 - 00000000 ____D C:\Users\Jesus\Desktop\origami
==================== Files in the root of some directories =======
2015-06-13 10:25 - 2016-02-08 21:57 - 0039424 _____ () C:\Users\Jesus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-02 19:59 - 2016-03-02 19:59 - 0431684 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI6202.txt
2015-07-16 07:23 - 2015-07-16 07:24 - 0440850 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI6D36.txt
2015-12-20 08:03 - 2015-12-20 08:03 - 0438832 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI762B.txt
2016-03-02 19:59 - 2016-03-02 19:59 - 0011366 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI6202.txt
2015-07-16 07:23 - 2015-07-16 07:24 - 0011598 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI6D36.txt
2015-12-20 08:03 - 2015-12-20 08:03 - 0013702 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI762B.txt
2015-06-14 18:39 - 2015-06-14 18:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\Jesus\OFCommon.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-03 08:59
==================== End of FRST.txt ============================

Everett · Mar 3, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Jesus (2016-03-03 11:11:10)
Running from C:\Users\Jesus\Desktop\malware tools
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2015-06-13 16:02:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3862297630-1303015323-3635741390-500 - Administrator - Disabled)
fbwuser29C8 (S-1-5-21-3862297630-1303015323-3635741390-1001 - Limited - Disabled) => C:\Users\fbwuser29C8
fbwuser5783 (S-1-5-21-3862297630-1303015323-3635741390-1003 - Limited - Disabled) => C:\Users\fbwuser5783
fbwuserFBEA (S-1-5-21-3862297630-1303015323-3635741390-1002 - Limited - Disabled) => C:\Users\fbwuserFBEA
Guest (S-1-5-21-3862297630-1303015323-3635741390-501 - Limited - Disabled)
Jesus (S-1-5-21-3862297630-1303015323-3635741390-1000 - Administrator - Enabled) => C:\Users\Jesus
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.1.0 - IObit)
ArcSoft Magic-I Visual Effects (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM-x32\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version: - ArcSoft)
Business Plan Pro 15th Anniversary Edition (HKLM-x32\...\{3E9E68FB-49FA-410A-8787-424F2A506E0F}) (Version: 11.25.0009 - Palo Alto Software, Inc.)
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (x32 Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (x32 Version: 1.2.00 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CrystalDiskInfo 6.5.2 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
f.lux (HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
Hotspot Shield 5.2.1 (HKLM-x32\...\HotspotShield) (Version: 5.2.1 - AnchorFree Inc.)
Hotspot Shield 5.2.1 Embedded (x32 Version: 5.2.1.0 - Buildbot) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel(R) Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Kodi) (Version: - XBMC-Foundation)
Macro Recorder 5.7.8 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.8 - Jitbit Software)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
OpenMG Secure Module 5.1.00 (HKLM-x32\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (x32 Version: 5.1.00.05200 - Sony Corporation) Hidden
Pavtube Video Converter Ultimate Ver 4.8.6.6 (HKLM-x32\...\{682B3199-76C3-4745-B7AE-FC13F6676421}_is1) (Version: - )
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 3.3.2 (HKLM-x32\...\qBittorrent) (Version: 3.3.2 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07300 - Sony Corporation)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM-x32\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
SuperBeam version 1.2.0 (HKLM-x32\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 1.2.0 - MukaBits)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.7.0 - Synaptics)
TreeMaker 5.0 (HKLM-x32\...\TreeMaker_is1) (Version: - TreeMaker Team)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
VAIO Content Folder Setting (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.17290 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}) (Version: 3.2.00.06115 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.2.00.06115 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM-x32\...\{FE697886-F392-4E0D-A0C0-47587BF60992}) (Version: 3.2.00.06062 - Sony Corporation)
VAIO Content Metadata Manager Setting (x32 Version: 3.2.00.06062 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{CB8A8696-93EC-414E-A752-850AB133F68A}) (Version: 3.2.00.06112 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.2.00.06112 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07280 - Sony Corporation)
VAIO Help and Support (HKLM-x32\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 6.01.0806.64.ENCA - Sony Corporation)
VAIO Launcher (HKLM-x32\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (x32 Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO MusicBox (HKLM-x32\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.00.06110 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM-x32\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM-x32\...\{E1D25278-B51A-4163-BC3D-20A4D2D09F98}) (Version: 1.00.0229 - Sony)
VAIO OOBE and Welcome Center (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 6.10.0820.64.ENCA - Sony Corporation)
VAIO Original Function Setting (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.1.00.08060 - Sony Corporation)
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.07150 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.2.00.05200 - Sony Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VNC Enterprise Edition E4.6.1 (HKLM\...\RealVNC_is1) (Version: E4.6.1 - RealVNC Ltd)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.7.0 (HKLM\...\VNCPrinter_is1) (Version: 1.7.0 - RealVNC Ltd.)
WinDVD for VAIO (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.513 - InterVideo Inc.)
WinDVD for VAIO (x32 Version: 8.0-B9.513 - InterVideo Inc.) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0740DD42-4088-436A-BE9C-FACCBA54A606} - System32\Tasks\pc shutdown => C:\Windows\System32\shutdown.exe [2008-01-20] (Microsoft Corporation)
Task: {0856BDC5-B567-42D7-B671-B5B6015706B1} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {14F8B2CC-84BA-4F6B-8369-83054F6FBCE9} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {2366A3F1-90CA-437B-8326-6414B8BD9C6E} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2008-06-27] (Sony Corporation)
Task: {34CDABAF-6B1A-4216-9047-428368C5928B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {35C79BE7-C4AA-46E0-A3DE-18C9C3466A98} - System32\Tasks\Driver Booster SkipUAC (Jesus) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)
Task: {6AD4527D-0182-4925-AAEB-937035C7E7AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-01] (Adobe Systems Incorporated)
Task: {75396622-D73E-4D2C-B458-98171F7A11AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {A65ABD24-C8FD-41C0-8A14-1D9CAE85458E} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{55d8d7c4-41f9-0736-55d8-8d7c441f5f11}\sevensetup.exe <==== ATTENTION
Task: {AD8F213D-0C7F-44A2-92AD-F12C40C3CB76} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {B6020190-E20D-4FE2-BA59-626574977FE7} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-07-15] (Sony Corporation)
Task: {E2D26EF7-B949-43B5-B821-8D056C4B6816} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-01-15] (IObit)
Task: {F1427E40-DF30-456D-9117-89EA71EE8E6C} - System32\Tasks\Uninstaller_SkipUac_Jesus => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {FC41369D-BE40-4A38-B768-3057D2456972} - System32\Tasks\ASC9_SkipUac_Jesus => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-01-18] (IObit)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{55d8d7c4-41f9-0736-55d8-8d7c441f5f11}\sevensetup.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Everett · Mar 3, 2016

==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-01-06 11:16 - 2011-02-04 22:22 - 00030720 _____ () C:\Windows\System32\VNCpm.dll
2007-09-06 12:27 - 2007-09-06 12:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-04-30 21:45 - 2008-04-30 21:45 - 00335872 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2016-02-17 14:24 - 2016-02-17 14:24 - 00694416 _____ () C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
2015-06-14 17:25 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2016-02-17 14:43 - 2016-02-17 14:43 - 00166528 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2016-02-03 20:52 - 2016-02-03 20:52 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll
2009-03-27 15:02 - 2009-03-27 15:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll
2009-03-27 15:02 - 2009-03-27 15:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll
2008-08-12 16:04 - 2008-07-28 19:45 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2008-08-12 16:04 - 2008-07-28 19:45 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-12-01 18:25 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2015-12-01 18:25 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2015-12-01 18:25 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2015-12-01 18:25 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2015-12-01 18:25 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2015-06-14 17:25 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-06-14 17:25 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-08-10 08:41 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-01-20 07:48 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-01-20 07:48 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-01-20 07:48 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-06-13 16:18 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-06-13 16:18 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more sites.

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 07:34 - 2016-01-29 10:00 - 00001922 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 anchorfree.net
127.0.0.1 rss2search.com
127.0.0.1 techbrowsing.com
127.0.0.1 box.anchorfree.net
127.0.0.1 www.mefeedia.com
127.0.0.3 www.anchorfree.net
127.0.0.2 mefeedia.com
127.0.0.1 anchorfree.us
127.0.0.1 a433.com
127.0.0.1 rpt.anchorfree.net
127.0.0.1 delivery.anchorfree.us/land.php
127.0.0.1 hsselite.com
127.0.0.1 www.hsselite.com
127.0.0.1 onhax.net
127.0.0.1 www.onhax.net
127.0.0.1 forum.onhax.net
127.0.0.1 labs.onhax.net
127.0.0.1 localhost127.0.0.1 is360.iobit.com
127.0.0.2 mefeedia.com
127.0.0.1 hsselite.com
127.0.0.2 mefeedia.com
127.0.0.1 hsselite.com
127.0.0.2 mefeedia.com
127.0.0.1 hsselite.com
127.0.0.2 mefeedia.com
127.0.0.1 hsselite.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 8.8.8.8 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9DED1E44-BC0E-4640-ABE6-AFA5FA6E0648}] => (Allow) LPort=80
FirewallRules: [{BF5F4EA5-BD98-45ED-A623-3A928C7C1F91}] => (Allow) LPort=80
FirewallRules: [{DD1F1458-79D6-4B78-B9B0-C4DAEA5114C0}] => (Allow) LPort=80
FirewallRules: [{2A60FB7E-5749-4678-B0E0-49D233376251}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{F0789806-1A29-4E57-988A-8413A1F31DD6}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{CC2EFE52-08DE-4C09-8543-58D3893F3A43}] => (Allow) C:\Users\Jesus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2CE75413-1F4C-49A5-9AB8-F23AD944AE41}] => (Allow) C:\Users\Jesus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67467198-32B5-41DB-93DF-4975E62BD48F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{D0E621D4-E248-402C-8631-CFAFB716B90C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{A01167FC-C1EF-4AE5-9FF1-F1979E24B570}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{679D0B8F-B7FC-46C2-8002-0F6C562F7BF7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{E8D13ABC-0D31-4282-9C4A-2DB2A2744353}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{63DA2B72-A69D-4CC7-80E4-EED5C9C14731}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{7C7D5D8A-7974-49A2-8EA5-04234D76C865}] => (Allow) C:\Program Files\RealVNC\VNC4\winvnc4.exe
FirewallRules: [{9AECEEF8-5DDA-43B5-845C-3C4B1A88ED86}] => (Allow) C:\Program Files\RealVNC\VNC4\winvnc4.exe
FirewallRules: [{B7A9498D-DDFC-48B0-AEB0-17CC6CB7F704}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{347B30C0-FF95-4C4E-AAAF-B359201B394D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{4732E540-9105-482D-83DC-926F7C64FA1E}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{56410756-1225-44E5-8522-87889F08AA0D}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{8160A232-220A-4B99-9593-EFC7722463CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C9B85A2D-F0EC-45E0-A5D3-041ACCA7A588}] => (Block) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{40E0A840-3E9F-447D-9301-4838B20239C5}] => (Block) C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
FirewallRules: [{8E069451-3B8C-4BA4-B83B-5DFF7E8175FF}] => (Block) %SystemRoot%\system32\svchost.exe
==================== Restore Points =========================
20-02-2016 00:00:01 Scheduled Checkpoint
21-02-2016 00:00:02 Scheduled Checkpoint
22-02-2016 00:00:02 Scheduled Checkpoint
22-02-2016 09:10:16 Windows Update
23-02-2016 00:00:02 Scheduled Checkpoint
24-02-2016 12:30:45 Scheduled Checkpoint
25-02-2016 10:11:53 Windows Update
26-02-2016 00:22:45 Scheduled Checkpoint
26-02-2016 14:05:16 Scheduled Checkpoint
27-02-2016 10:46:44 Scheduled Checkpoint
28-02-2016 00:00:02 Scheduled Checkpoint
29-02-2016 16:57:48 Scheduled Checkpoint
01-03-2016 10:13:19 Scheduled Checkpoint
02-03-2016 00:00:02 Scheduled Checkpoint
02-03-2016 19:59:52 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
02-03-2016 20:07:38 Windows Update
03-03-2016 09:29:10 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (03/03/2016 08:39:48 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
Error: (03/03/2016 08:39:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/03/2016 02:00:56 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
Error: (03/02/2016 09:31:07 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
Error: (03/02/2016 09:30:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/01/2016 08:43:04 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
Error: (03/01/2016 08:43:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/29/2016 03:52:10 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)
Error: (02/29/2016 03:52:10 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index metadata cannot be read. (0xc0041801)
Error: (02/29/2016 03:52:10 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index metadata cannot be read. (0xc0041801)

System errors:
=============
Error: (03/03/2016 08:39:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: DMICall
Error: (03/03/2016 08:39:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (03/02/2016 09:31:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: DMICall
Error: (03/02/2016 09:30:24 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:07:33 AM on 02/03/2016 was unexpected.
Error: (03/02/2016 09:29:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (03/01/2016 08:43:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: DMICall
Error: (03/01/2016 08:41:19 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (02/29/2016 05:05:18 PM) (Source: iaStor) (EventID: 9) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.
Error: (02/29/2016 03:52:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
Error: (02/29/2016 03:52:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

CodeIntegrity:
===================================
Date: 2015-12-01 08:11:01.303
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:49:02.319
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:56.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:51.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:46.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:40.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:35.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:30.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:24.785
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.
Date: 2015-12-01 07:48:19.403
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\IWsASC.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 65%
Total physical RAM: 3934.13 MB
Available physical RAM: 1349.18 MB
Total Virtual: 8075.54 MB
Available Virtual: 4891.72 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:223.68 GB) (Free:44 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:14.63 GB) (Free:1.03 GB) FAT32
Drive h: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:566.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: D24DBD37)
Partition 1: (Not Active) - (Size=9.2 GB) - (Type=27)
Partition 2: (Active) - (Size=223.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

Broni · Mar 3, 2016

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Uninstall Advanced SystemCare.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Everett · Mar 4, 2016

RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Jesus [Administrator]
Started from : C:\Users\Jesus\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/04/2016 17:32:29

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.sonystyle.ca/vaio -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.sonystyle.ca/vaio -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.sonystyle.ca/vaio -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.sonystyle.ca/vaio -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.sonystyle.ca/vaio -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.sonystyle.ca/vaio -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

¤¤¤ Tasks : 1 ¤¤¤
[PUP] \Bidaily Synchronize Task[973b] -- c:\programdata\{55d8d7c4-41f9-0736-55d8-8d7c441f5f11}\sevensetup.exe (--startup=1 --single) -> Deleted

¤¤¤ Files : 4 ¤¤¤
[PUP][Folder] C:\ProgramData\{55d8d7c4-41f9-0736-55d8-8d7c441f5f11} -> Deleted
[PUP][File] C:\ProgramData\{55d8d7c4-41f9-0736-55d8-8d7c441f5f11}\48f6877fa3f9f4af -> Deleted
[PUP][File] C:\ProgramData\{55d8d7c4-41f9-0736-55d8-8d7c441f5f11}\850b212a842d137b -> Deleted
[PUP][File] C:\ProgramData\{55d8d7c4-41f9-0736-55d8-8d7c441f5f11}\sevensetup.dat -> Deleted
[PUP][Folder] C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA} -> Deleted
[PUP][File] C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}\desktop.ini -> Deleted
[PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Deleted
[PUP][File] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}\desktop.ini -> Deleted
[PUP][Folder] C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 9e7e37c97b4d0a84d1b3debfb08c5ded
[BSP] 00d46265bbc157cbb2f7f491beadcf70 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9427 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 19308544 | Size: 229046 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
--- User ---
[MBR] d08959e92584bd8838800ca29ae29e43
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 14988 MB
Error reading LL1 MBR! ([32] The request is not supported. )
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
--- User ---
[MBR] 7435b395373533bcd39085cd12602a0e
[BSP] 3a263ec662f61a27d74cd7a536bc3337 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Everett · Mar 4, 2016

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/03/2016
Scan Time: 5:40:39 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.04.05
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Jesus

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 456170
Time Elapsed: 22 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Everett · Mar 4, 2016

# AdwCleaner v5.037 - Logfile created 04/03/2016 at 18:12:46
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : Jesus - JESUS-PC
# Running from : C:\Users\Jesus\Desktop\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder Deleted : C:\Users\Jesus\AppData\Local\YSearchUtil
[#] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.petango.com_0.localstorage

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! SearchSet

***** [ Web browsers ] *****

[-] [C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M7684315B-37F3-49FE-9DFE-325686680F51&SearchSource=55&CUI=&UM=8&UP=SPBF496382-60B6-4495-848A-59B622EFC2AC&SSPV=
[-] [C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : npdicihegicnhaangkdmcgbjceoemeoo

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2288 bytes] - [04/03/2016 18:12:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [2271 bytes] - [04/03/2016 18:07:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2434 bytes] ##########

Everett · Mar 4, 2016

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows (TM) Vista Home Premium x64
Ran by Jesus (Administrator) on 04/03/2016 at 18:24:16.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 41

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File)
Successfully deleted: C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage (File)
Successfully deleted: C:\Users\Jesus\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Jesus\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Jesus) (Task)
Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag4_Startup (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Jesus (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\iobit\driver booster (Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02JR4U3M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03U0RI2F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ARFBLJ8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CQK8F0V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1VQWRDT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEN0ALLV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNM7TDOM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVHF8A4V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ854OHL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02JR4U3M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03U0RI2F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ARFBLJ8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8CQK8F0V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1VQWRDT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEN0ALLV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FNM7TDOM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVHF8A4V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJ854OHL (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/03/2016 at 18:28:26.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Mar 4, 2016

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Everett · Mar 4, 2016

ComboFix 16-03-01.01 - Jesus 04/03/2016 20:23:34.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3934.2429 [GMT -5:00]
Running from: c:\users\Jesus\Desktop\ComboFix.exe
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Jesus\OFCommon.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-02-05 to 2016-03-05 )))))))))))))))))))))))))))))))
.
.
2016-03-05 01:33 . 2016-03-05 01:33 -------- d-----w- c:\users\Jesus\AppData\Local\temp
2016-03-05 01:33 . 2016-03-05 01:33 -------- d-----w- c:\users\fbwuserFBEA\AppData\Local\temp
2016-03-04 23:47 . 2016-03-04 23:59 -------- d-----w- c:\programdata\BlueStacksSetup
2016-03-04 23:35 . 2016-03-04 23:35 -------- d-----w- c:\users\Jesus\AppData\Roaming\ProductData
2016-03-04 23:35 . 2016-03-05 01:19 -------- d-----w- c:\programdata\ProductData
2016-03-04 23:07 . 2016-03-04 23:12 -------- d-----w- C:\AdwCleaner
2016-03-04 22:39 . 2016-03-04 23:20 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-04 22:33 . 2015-10-05 14:50 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-04 22:33 . 2015-10-05 14:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-04 22:33 . 2015-10-05 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-04 22:33 . 2016-03-04 22:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-04 22:33 . 2016-03-04 22:33 -------- d-----w- c:\programdata\Malwarebytes
2016-03-04 02:55 . 2016-03-04 22:17 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-04 02:55 . 2016-03-04 23:35 -------- d-----w- c:\programdata\RogueKiller
2016-03-03 16:09 . 2016-03-03 16:12 -------- d-----w- C:\FRST
2016-03-03 01:08 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D0EF80F-F2DF-4810-A4AA-F8FB5EFC4E31}\mpengine.dll
2016-03-03 01:01 . 2016-03-03 19:54 -------- d-----w- c:\users\Jesus\AppData\Roaming\Kodi
2016-03-03 00:58 . 2016-03-03 00:58 -------- d-----w- c:\program files (x86)\Kodi
2016-02-22 14:19 . 2016-01-09 17:06 940032 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2016-02-22 14:19 . 2016-01-09 16:42 1506816 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2016-02-22 14:19 . 2016-01-09 16:42 944640 ----a-w- c:\program files\Windows Journal\InkSeg.dll
2016-02-22 14:19 . 2016-01-09 16:43 1823232 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2016-02-22 14:19 . 2016-01-09 16:42 1482752 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2016-02-22 14:19 . 2016-01-09 16:42 1455104 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-02-22 14:19 . 2016-01-07 15:27 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-02-22 14:18 . 2016-01-09 17:06 501760 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-02-22 14:18 . 2016-01-09 16:42 659968 ----a-w- c:\windows\system32\kerberos.dll
2016-02-22 14:17 . 2016-01-30 03:09 1316864 ----a-w- c:\windows\SysWow64\ole32.dll
2016-02-22 14:17 . 2016-01-30 02:44 1915392 ----a-w- c:\windows\system32\ole32.dll
2016-02-22 14:11 . 2016-01-07 15:32 2799104 ----a-w- c:\windows\system32\win32k.sys
2016-02-14 18:30 . 2016-02-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-02-14 18:30 . 2016-02-14 18:30 2048 ----a-w- c:\windows\system32\tzres.dll
2016-02-06 13:59 . 2016-02-06 13:59 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-22 14:24 . 2006-11-02 12:35 146614896 ----a-w- c:\windows\system32\mrt.exe
2016-02-06 13:58 . 2015-06-15 23:31 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-01 12:54 . 2015-06-13 19:20 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-01 12:54 . 2015-06-13 19:20 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-30 03:07 . 2016-02-22 14:12 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-20 12:57 . 2015-12-20 12:57 3299832 ----a-w- c:\windows\system32\YamahaAE2.dll
2015-12-20 12:57 . 2015-12-20 12:57 2190992 ----a-w- c:\windows\system32\YamahaAE.dll
2015-12-20 12:57 . 2015-12-20 12:57 888480 ----a-w- c:\windows\system32\tossaeapo64.dll
2015-12-20 12:57 . 2015-12-20 12:57 873464 ----a-w- c:\windows\system32\tadefxapo264.dll
2015-12-20 12:57 . 2015-12-20 12:57 75544 ----a-w- c:\windows\system32\tepeqapo64.dll
2015-12-20 12:57 . 2015-12-20 12:57 596120 ----a-w- c:\windows\system32\tosasfapo64.dll
2015-12-20 12:57 . 2015-12-20 12:57 532384 ----a-w- c:\windows\system32\SRSTSX64.dll
2015-12-20 12:57 . 2015-12-20 12:57 224264 ----a-w- c:\windows\system32\tossaemaxapo64.dll
2015-12-20 12:57 . 2015-12-20 12:57 221976 ----a-w- c:\windows\system32\SRSTSH64.dll
2015-12-20 12:57 . 2015-12-20 12:57 2110600 ----a-w- c:\windows\system32\WavesGUILib64.dll
2015-12-20 12:57 . 2015-12-20 12:57 209536 ----a-w- c:\windows\system32\SRSHP64.dll
2015-12-20 12:57 . 2015-12-20 12:57 172584 ----a-w- c:\windows\system32\toseaeapo64.dll
2015-12-20 12:57 . 2015-12-20 12:57 166208 ----a-w- c:\windows\system32\SRSWOW64.dll
2015-12-20 12:57 . 2015-12-20 12:57 158704 ----a-w- c:\windows\system32\tadefxapo.dll
2015-12-20 12:57 . 2015-12-20 12:57 1382240 ----a-w- c:\windows\system32\tosade.dll
2015-12-20 12:57 . 2015-12-20 12:57 1435152 ----a-w- c:\windows\system32\SRRPTR64.dll
2015-12-20 12:57 . 2015-12-20 12:57 749000 ----a-w- c:\windows\system32\sltech64.dll
2015-12-20 12:57 . 2015-12-20 12:57 467160 ----a-w- c:\windows\system32\SRAPO64.dll
2015-12-20 12:57 . 2015-12-20 12:57 381416 ----a-w- c:\windows\system32\SRCOM64.dll
2015-12-20 12:57 . 2015-12-20 12:57 341152 ----a-w- c:\windows\SysWow64\SRCOM.dll
2015-12-20 12:57 . 2015-12-20 12:57 341152 ----a-w- c:\windows\system32\SRCOM.dll
2015-12-20 12:57 . 2015-12-20 12:57 258504 ----a-w- c:\windows\system32\slprp64.dll
2015-12-20 12:57 . 2015-12-20 12:57 965032 ----a-w- c:\windows\system32\SFSS_APO.dll
2015-12-20 12:57 . 2015-12-20 12:57 961848 ----a-w- c:\windows\system32\sl3apo64.dll
2015-12-20 12:57 . 2015-12-20 12:57 90920 ----a-w- c:\windows\system32\SFCOM64.dll
2015-12-20 12:57 . 2015-12-20 12:57 88328 ----a-w- c:\windows\system32\SFAPO64.dll
2015-12-20 12:57 . 2015-12-20 12:57 83632 ----a-w- c:\windows\SysWow64\SFCOM.dll
2015-12-20 12:57 . 2015-12-20 12:57 231920 ----a-w- c:\windows\system32\SFNHK64.dll
2015-12-20 12:57 . 2015-12-20 12:57 1121864 ----a-w- c:\windows\system32\slcnt64.dll
2015-12-20 12:57 . 2015-12-20 12:57 933640 ----a-w- c:\windows\system32\SEHDRA64.dll
2015-12-20 12:57 . 2015-12-20 12:57 716104 ----a-w- c:\windows\system32\SECOMN64.dll
2015-12-20 12:57 . 2015-12-20 12:57 589072 ----a-w- c:\windows\SysWow64\SECOMN32.DLL
2015-12-20 12:57 . 2015-12-20 12:57 448584 ----a-w- c:\windows\system32\SEAPO64.dll
2015-12-20 12:57 . 2015-12-20 12:57 2893568 ----a-w- c:\windows\system32\RTSnMg64.cpl
2015-12-20 12:57 . 2015-12-20 12:57 2997504 ----a-w- c:\windows\system32\RtPgEx64.dll
2015-12-20 12:57 . 2015-12-20 12:57 343712 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2015-12-20 12:57 . 2015-12-20 12:57 4628736 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2015-12-20 12:57 . 2015-12-20 12:57 195192 ----a-w- c:\windows\system32\RtkCfg64.dll
2015-12-20 12:57 . 2015-06-14 23:31 23704 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2015-12-20 12:57 . 2015-12-20 12:57 88352 ----a-w- c:\windows\system32\RTEEG64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 387320 ----a-w- c:\windows\system32\RTEEP64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 3271912 ----a-w- c:\windows\system32\RtkApi64.dll
2015-12-20 12:57 . 2015-12-20 12:57 110984 ----a-w- c:\windows\system32\RTEEL64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 689888 ----a-w- c:\windows\system32\RtDataProc64.dll
2015-12-20 12:57 . 2015-12-20 12:57 214840 ----a-w- c:\windows\system32\RTEED64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 1351992 ----a-w- c:\windows\system32\RTCOM64.dll
2015-12-20 12:57 . 2015-12-20 12:57 321720 ----a-w- c:\windows\system32\RP3DHT64.dll
2015-12-20 12:57 . 2015-12-20 12:57 321720 ----a-w- c:\windows\system32\RP3DAA64.dll
2015-12-20 12:57 . 2015-06-14 23:31 2965120 ----a-w- c:\windows\system32\RltkAPO64.dll
2015-12-20 12:57 . 2015-12-20 12:57 2610208 ----a-w- c:\windows\SysWow64\RltkAPO.dll
2015-12-20 12:57 . 2015-12-20 12:57 72203792 ----a-w- c:\windows\system32\RCoRes64.dat
2015-12-20 12:57 . 2015-12-20 12:57 2028664 ----a-w- c:\windows\system32\RCoInstII64.dll
2015-12-20 12:57 . 2015-12-20 12:57 84624 ----a-w- c:\windows\system32\R4EEG64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 7172920 ----a-w- c:\windows\system32\R4EEP64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 447720 ----a-w- c:\windows\system32\R4EED64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 151792 ----a-w- c:\windows\system32\R4EEL64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 134208 ----a-w- c:\windows\system32\R4EEA64A.dll
2015-12-20 12:57 . 2015-12-20 12:57 5774632 ----a-w- c:\windows\system32\NAHIMICV2apo.dll
2015-12-20 12:57 . 2015-12-20 12:57 923752 ----a-w- c:\windows\system32\MISS_APO.dll
2015-12-20 12:57 . 2015-12-20 12:57 5289952 ----a-w- c:\windows\system32\NAHIMICAPOlfx.dll
2015-12-20 12:57 . 2015-12-20 12:57 1003864 ----a-w- c:\windows\system32\NahimicAPONSControl.dll
2015-12-20 12:56 . 2015-12-20 12:56 677672 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2015-12-20 12:56 . 2015-12-20 12:56 12986520 ----a-w- c:\windows\system32\MaxxVoiceAPO4064.dll
2015-12-20 12:56 . 2015-12-20 12:56 13120760 ----a-w- c:\windows\system32\MaxxVoiceAPO3064.dll
2015-12-20 12:56 . 2015-12-20 12:56 998032 ----a-w- c:\windows\system32\MaxxVoiceAPO2064.dll
2015-12-20 12:56 . 2015-12-20 12:56 931624 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2015-12-20 12:56 . 2015-12-20 12:56 678184 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2015-12-20 12:56 . 2015-12-20 12:56 330568 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2015-12-20 12:56 . 2015-12-20 12:56 2823280 ----a-w- c:\windows\system32\MaxxAudioAPO7064.dll
2015-12-20 12:56 . 2015-12-20 12:56 2050184 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2015-12-20 12:56 . 2015-12-20 12:56 14057256 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2015-12-20 12:56 . 2015-12-20 12:56 1395760 ----a-w- c:\windows\system32\MaxxAudioAPO6064.dll
2015-12-20 12:56 . 2015-12-20 12:56 1334384 ----a-w- c:\windows\system32\MaxxSpeechAPO64.dll
2015-12-20 12:56 . 2015-12-20 12:56 1211832 ----a-w- c:\windows\system32\MaxxAudioAPO5064.dll
2015-12-20 12:56 . 2015-12-20 12:56 1164336 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2015-12-20 12:56 . 2015-12-20 12:56 618192 ----a-w- c:\windows\system32\KAAPORT64.dll
2015-12-20 12:56 . 2015-12-20 12:56 1186160 ----a-w- c:\windows\system32\IntelSstCApoPropPage.dll
2015-12-20 12:56 . 2015-12-20 12:56 9997848 ----a-w- c:\windows\system32\IntelSSTAPO.dll
2015-12-20 12:56 . 2015-12-20 12:56 357528 ----a-w- c:\windows\system32\HiFiDAX2API.dll
2015-12-20 12:56 . 2015-12-20 12:56 340648 ----a-w- c:\windows\system32\ICEsoundAPO64.dll
2015-12-20 12:56 . 2015-12-20 12:56 727440 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2015-12-20 12:56 . 2015-12-20 12:56 708320 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2015-12-20 12:56 . 2015-12-20 12:56 514528 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2015-12-20 12:56 . 2015-12-20 12:56 504312 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2015-12-20 12:56 . 2015-12-20 12:56 500560 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2015-12-20 12:56 . 2015-12-20 12:56 445408 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2015-12-20 12:56 . 2015-12-20 12:56 441272 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2015-12-20 12:56 . 2015-12-20 12:56 428232 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2015-12-20 12:56 . 2015-12-20 12:56 3278408 ----a-w- c:\windows\system32\FMAPO64.dll
2015-12-20 12:56 . 2015-12-20 12:56 253904 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2015-12-20 12:56 . 2015-12-20 12:56 253872 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2015-12-20 12:56 . 2015-12-20 12:56 252880 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2015-12-20 12:56 . 2015-12-20 12:56 1780624 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2015-12-20 12:56 . 2015-12-20 12:56 1591064 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2015-12-20 12:56 . 2015-12-20 12:56 1508936 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
"f.lux"="c:\users\Jesus\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2015-11-12 5893920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-30 595504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-29 00:45 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-19 21:13 1088664 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-13 12:54]
.
2016-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13 14:29]
.
2016-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13 14:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-09 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-09 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-09 181784]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-15 6453760]
"Skytel"="Skytel.exe" [2008-07-15 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-21 1220392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sonystyle.ca/vaio
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{43913E9A-76E5-43E6-9D7A-2F904D587F4E}: NameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-BlueStacks Agent - c:\program files (x86)\BlueStacks\HD-Agent.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Driver Booster_is1 - c:\program files (x86)\IObit\Driver Booster\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2016-03-04 20:36:19
ComboFix-quarantined-files.txt 2016-03-05 01:36
.
Pre-Run: 50,441,768,960 bytes free
Post-Run: 49,871,306,752 bytes free
.
- - End Of File - - 309BD76B432D3CA739D68A57FADF7232
5C616939100B85E558DA92B899A0FC36

Broni · Mar 4, 2016

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Everett · Mar 4, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-03-2016
Ran by Jesus (administrator) on JESUS-PC (04-03-2016 21:49:45)
Running from C:\Users\Jesus\Desktop
Loaded Profiles: Jesus (Available Profiles: Jesus & fbwuser29C8 & fbwuserFBEA & fbwuser5783)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-05-20] (Synaptics, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM-x32\...\Run: [VAIOSurvey] => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Run: [f.lux] => C:\Users\Jesus\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4051FF07-D6F1-440B-9B46-6DB26F2E76C3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{43913E9A-76E5-43E6-9D7A-2F904D587F4E}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9479664B-AAA3-4ACD-B723-E223B4D01FF5}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sonystyle.ca/vaio
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
SearchScopes: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000 -> DefaultScope {05FB1E52-C923-4F6C-AE91-AD5AF927BD88} URL = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
SearchScopes: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000 -> {05FB1E52-C923-4F6C-AE91-AD5AF927BD88} URL = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
SearchScopes: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000 -> {EC29F814-3FE6-4F8C-BFB9-567E9C5F6372} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-02-01] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-02-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-06-13] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M7684315B-37F3-49FE-9DFE-325686680F51&SearchSource=55&CUI=&UM=8&UP=SPBF496382-60B6-4495-848A-59B622EFC2AC&SSPV="
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-13]
CHR Extension: (Google Docs) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-13]
CHR Extension: (Google Drive) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Turn Off the Lights) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-02-29]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [1371136 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2442368 2016-02-17] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-02-17] ()
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [826368 2008-04-30] (Intel(R) Corporation) [File not signed]
R2 RtkAudioService; C:\Windows\RtkAudioService.exe [139808 2008-07-15] (Realtek Semiconductor)
S3 SOHCImp; C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
R3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
R3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2360048 2011-02-04] (RealVNC Ltd)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19456 2008-01-30] (ArcSoft, Inc.)
U1 Beep; no ImagePath
S1 DMICall; C:\Windows\SysWOW64\DRIVERS\DMICall.sys [10216 2008-07-11] (Sony Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-06-13] (DT Soft Ltd)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-06-14] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2015-06-14] (REDC)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-04] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-11-05] (Windows (R) Win 7 DDK provider)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 21:49 - 2016-03-04 21:50 - 00017075 _____ C:\Users\Jesus\Desktop\FRST.txt
2016-03-04 21:49 - 2016-03-04 21:49 - 00000000 ____D C:\Users\Jesus\Desktop\FRST-OlderVersion
2016-03-04 20:36 - 2016-03-04 20:36 - 00023178 _____ C:\ComboFix.txt
2016-03-04 20:20 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-04 20:20 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-04 20:20 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-04 20:20 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-04 20:20 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-04 20:20 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-04 20:20 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-04 20:20 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-04 20:17 - 2016-03-04 20:36 - 00000000 ____D C:\Qoobox
2016-03-04 20:17 - 2016-03-04 20:34 - 00000000 ____D C:\Windows\erdnt
2016-03-04 20:10 - 2016-03-04 20:11 - 05658435 ____R (Swearware) C:\Users\Jesus\Desktop\ComboFix.exe
2016-03-04 18:47 - 2016-03-04 18:59 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-03-04 18:35 - 2016-03-04 20:19 - 00000000 ____D C:\ProgramData\ProductData
2016-03-04 18:35 - 2016-03-04 20:07 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Jesus
2016-03-04 18:35 - 2016-03-04 18:35 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\ProductData
2016-03-04 18:28 - 2016-03-04 18:28 - 00006094 _____ C:\Users\Jesus\Desktop\JRT.txt
2016-03-04 18:07 - 2016-03-04 18:12 - 00000000 ____D C:\AdwCleaner
2016-03-04 18:06 - 2016-03-04 18:06 - 01518592 _____ C:\Users\Jesus\Desktop\adwcleaner_5.037.exe
2016-03-04 17:39 - 2016-03-04 18:20 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-04 17:33 - 2016-03-04 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-04 17:33 - 2016-03-04 17:33 - 00009312 _____ C:\Users\Jesus\Desktop\rogue.txt
2016-03-04 17:33 - 2016-03-04 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-04 17:33 - 2016-03-04 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-04 17:33 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-04 17:33 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-04 17:33 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-04 17:06 - 2016-03-04 17:06 - 20956744 _____ C:\Users\Jesus\Desktop\RogueKiller.exe
2016-03-04 11:13 - 2016-03-04 11:13 - 00274496 _____ C:\Windows\Minidump\Mini030416-02.dmp
2016-03-04 10:32 - 2016-03-04 10:32 - 00274336 _____ C:\Windows\Minidump\Mini030416-01.dmp
2016-03-03 23:16 - 2016-03-03 23:16 - 00274560 _____ C:\Windows\Minidump\Mini030316-02.dmp
2016-03-03 22:28 - 2016-03-03 22:29 - 00275840 _____ C:\Windows\Minidump\Mini030316-01.dmp
2016-03-03 21:55 - 2016-03-04 18:35 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-03 21:55 - 2016-03-04 17:17 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-03 21:42 - 2016-03-03 21:42 - 00000732 _____ C:\Users\Jesus\AppData\Local\d3d9caps64.dat
2016-03-03 21:38 - 2016-03-04 12:23 - 00480596 _____ C:\Windows\ntbtlog.txt
2016-03-03 11:41 - 2016-03-03 11:45 - 22970368 _____ C:\Users\Jesus\Downloads\Homemade Doughnuts - Techniques and Recipes for Making Sublime Doughnuts in Your Home Kitchen.pdf
2016-03-03 11:39 - 2016-03-03 11:45 - 39518208 _____ C:\Users\Jesus\Downloads\IObit advanced SystemCare Pro 9.0.3.1078 + Key [4realtorrentz].zip
2016-03-03 11:39 - 2016-03-03 11:41 - 00000000 ____D C:\Users\Jesus\Downloads\BackyardLiberty.com
2016-03-03 11:09 - 2016-03-04 21:49 - 00000000 ____D C:\FRST
2016-03-02 20:41 - 2016-03-02 23:54 - 1661174754 _____ C:\Users\Jesus\Downloads\Kung.Fu.Panda.3.2016.HC.1080p.HDRiP.x264.ShAaNiG.mkv
2016-03-02 20:34 - 2016-03-02 20:34 - 00117855 _____ C:\Users\Jesus\Downloads\[kat.cr]kung.fu.panda.3.2016.hc.hdrip.xvid.ac3.evo.torrent
2016-03-02 20:17 - 2016-03-04 18:39 - 00000000 ____D C:\Users\Jesus\Downloads\Bluestacks 2.0.2.5623 Mod Rooted
2016-03-02 20:15 - 2016-03-02 20:15 - 00014794 _____ C:\Users\Jesus\Downloads\[kat.cr]bluestacks.2.0.2.5623.mod.rooted.offline.installer.core.x.torrent
2016-03-02 20:01 - 2016-03-03 14:54 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Kodi
2016-03-02 19:59 - 2016-03-02 19:59 - 00431684 _____ C:\Users\Jesus\AppData\Local\dd_vcredistMSI6202.txt
2016-03-02 19:59 - 2016-03-02 19:59 - 00011366 _____ C:\Users\Jesus\AppData\Local\dd_vcredistUI6202.txt
2016-03-02 19:58 - 2016-03-02 19:58 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-03-02 19:58 - 2016-03-02 19:58 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-03-02 19:53 - 2016-03-02 19:56 - 83064067 _____ C:\Users\Jesus\Downloads\kodi-16.0-Jarvis.exe
2016-02-26 07:58 - 2016-02-26 07:58 - 00000000 ____H C:\asc_rdflag
2016-02-25 17:48 - 2016-02-25 18:40 - 00000000 ____D C:\Users\Jesus\Downloads\Ratatouille (2007) [1080p]
2016-02-25 10:00 - 2016-02-25 15:59 - 00000000 ____D C:\Users\Jesus\Downloads\Top Pot Hand-Forged Doughnuts - Mark Klebeck
2016-02-25 09:56 - 2016-02-25 09:56 - 00005450 _____ C:\Users\Jesus\Downloads\[kat.cr]top.pot.hand.forged.doughnuts.secrets.and.recipes.for.the.home.baker.mark.klebeck.epub.mentalzero.torrent
2016-02-22 09:19 - 2016-01-07 10:27 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-22 09:18 - 2016-01-09 12:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-22 09:18 - 2016-01-09 11:42 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-22 09:17 - 2016-01-29 22:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-22 09:17 - 2016-01-29 21:44 - 01915392 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-22 09:12 - 2016-02-01 12:25 - 01589376 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-22 09:12 - 2016-02-01 12:25 - 01171696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdohlp.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2016-02-22 09:12 - 2016-01-29 22:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbeio.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-22 09:12 - 2016-01-29 22:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax
2016-02-22 09:12 - 2016-01-29 22:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2016-02-22 09:12 - 2016-01-29 22:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2016-02-22 09:12 - 2016-01-29 22:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasads.dll
2016-02-22 09:12 - 2016-01-29 22:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasdatastore.dll
2016-02-22 09:12 - 2016-01-29 22:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-22 09:12 - 2016-01-29 21:48 - 04693952 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-22 09:12 - 2016-01-29 21:44 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-02-22 09:12 - 2016-01-29 21:44 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2016-02-22 09:12 - 2016-01-29 21:44 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2016-02-22 09:12 - 2016-01-29 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-22 09:12 - 2016-01-29 21:44 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 01067008 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2016-02-22 09:12 - 2016-01-29 21:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2016-02-22 09:12 - 2016-01-29 21:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2016-02-22 09:12 - 2016-01-29 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2016-02-22 09:12 - 2016-01-29 20:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-22 09:12 - 2016-01-29 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iashost.exe
2016-02-22 09:12 - 2016-01-29 20:24 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-22 09:12 - 2016-01-29 20:24 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-22 09:12 - 2016-01-29 20:24 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-22 09:11 - 2016-01-07 10:32 - 02799104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-14 14:08 - 2016-02-14 14:08 - 00053054 _____ C:\Users\Jesus\Downloads\[kat.cr]matilda.1996.720p.bluray.x264.amiable.torrent
2016-02-14 13:30 - 2016-02-14 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-02-14 13:30 - 2016-02-14 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-02-09 13:04 - 2016-02-09 13:04 - 00000000 ____D C:\Users\Jesus\Downloads\35HappyBudgies_FLAC
2016-02-09 11:34 - 2016-02-09 11:54 - 367225681 _____ C:\Users\Jesus\Downloads\35HappyBudgies_FLAC.zip
2016-02-08 22:04 - 2016-02-08 22:13 - 00000000 ____D C:\Users\Jesus\Downloads\Despicable Me (2010) [1080p]
2016-02-08 22:04 - 2016-02-08 22:04 - 00017072 _____ C:\Users\Jesus\Downloads\[kat.cr]despicable.me.2010.1080p.brrip.x264.yify.torrent
2016-02-08 19:46 - 2016-02-08 19:46 - 00011890 _____ C:\Users\Jesus\Downloads\[kat.cr]dispicable.me.2010.mp4.torrent
2016-02-08 19:46 - 2016-02-08 19:46 - 00000000 ____D C:\Users\Jesus\Downloads\Am anfang war das licht
2016-02-07 02:02 - 2016-02-07 02:02 - 00278160 _____ C:\Windows\Minidump\Mini020716-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-04 21:49 - 2016-01-14 21:26 - 02374144 _____ (Farbar) C:\Users\Jesus\Desktop\FRST64.exe
2016-03-04 21:49 - 2016-01-14 21:20 - 00000000 ____D C:\Users\Jesus\Desktop\malware tools
2016-03-04 21:34 - 2015-06-13 14:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-04 21:13 - 2015-06-13 09:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 20:33 - 2006-11-02 07:34 - 00000215 _____ C:\Windows\system.ini
2016-03-04 20:32 - 2015-06-13 09:04 - 00000000 ____D C:\Users\Jesus
2016-03-04 20:14 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-04 20:14 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-04 20:00 - 2015-06-13 10:25 - 00041984 _____ C:\Users\Jesus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-04 18:25 - 2015-06-13 10:28 - 00000000 ____D C:\ProgramData\IObit
2016-03-04 18:25 - 2015-06-13 10:28 - 00000000 ____D C:\Program Files (x86)\IObit
2016-03-04 18:25 - 2015-06-13 10:27 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\IObit
2016-03-04 18:14 - 2015-06-13 09:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 18:14 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 18:13 - 2006-11-02 10:42 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-04 11:13 - 2015-09-11 17:16 - 00000000 ____D C:\Windows\Minidump
2016-03-04 11:12 - 2015-09-11 17:16 - 398804081 _____ C:\Windows\MEMORY.DMP
2016-03-03 15:31 - 2015-06-13 16:23 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\qBittorrent
2016-03-03 14:47 - 2015-06-13 22:15 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\vlc
2016-03-03 11:40 - 2016-01-06 22:27 - 00000000 ____D C:\Users\Jesus\Downloads\Life on Earth BBC
2016-03-02 20:00 - 2015-07-16 07:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-26 07:59 - 2015-06-14 18:00 - 67006464 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2016-02-26 07:59 - 2015-06-14 18:00 - 00020480 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak
2016-02-26 07:58 - 2015-06-14 18:00 - 62107648 _____ C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2016-02-26 07:58 - 2015-06-14 18:00 - 00229376 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak
2016-02-26 07:58 - 2015-06-14 18:00 - 00057344 _____ C:\Windows\system32\config\SAM.iodefrag.bak
2016-02-25 23:48 - 2015-06-13 22:02 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-02-25 23:47 - 2015-06-13 22:02 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-02-25 17:48 - 2015-06-13 16:16 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\uTorrent
2016-02-25 10:00 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf
2016-02-22 10:13 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2016-02-22 10:03 - 2006-11-02 07:46 - 00759542 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-22 09:56 - 2006-11-02 10:21 - 00320824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-22 09:53 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-22 09:53 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-22 09:51 - 2015-06-13 16:43 - 00000000 ____D C:\Windows\system32\MRT
2016-02-22 09:24 - 2006-11-02 07:35 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-19 16:18 - 2015-06-13 09:30 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 16:18 - 2015-06-13 09:30 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-06 09:01 - 2015-06-15 18:20 - 00000000 ____D C:\ProgramData\Oracle
2016-02-06 09:00 - 2015-06-15 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-06 09:00 - 2008-08-12 16:03 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-06 08:59 - 2015-08-27 08:35 - 00000000 ____D C:\Users\Jesus\.oracle_jre_usage
2016-02-06 08:58 - 2015-06-15 18:31 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-04 07:58 - 2015-12-28 11:32 - 00000000 ____D C:\Users\Jesus\Desktop\origami

==================== Files in the root of some directories =======

2016-03-03 21:42 - 2016-03-03 21:42 - 0000732 _____ () C:\Users\Jesus\AppData\Local\d3d9caps64.dat
2015-06-13 10:25 - 2016-03-04 20:00 - 0041984 _____ () C:\Users\Jesus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-02 19:59 - 2016-03-02 19:59 - 0431684 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI6202.txt
2015-07-16 07:23 - 2015-07-16 07:24 - 0440850 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI6D36.txt
2015-12-20 08:03 - 2015-12-20 08:03 - 0438832 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI762B.txt
2016-03-02 19:59 - 2016-03-02 19:59 - 0011366 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI6202.txt
2015-07-16 07:23 - 2015-07-16 07:24 - 0011598 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI6D36.txt
2015-12-20 08:03 - 2015-12-20 08:03 - 0013702 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI762B.txt
2015-06-14 18:39 - 2015-06-14 18:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-04 18:20

==================== End of FRST.txt ============================

Everett · Mar 4, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-03-2016
Ran by Jesus (2016-03-04 21:50:48)
Running from C:\Users\Jesus\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2015-06-13 16:02:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3862297630-1303015323-3635741390-500 - Administrator - Disabled)
fbwuser29C8 (S-1-5-21-3862297630-1303015323-3635741390-1001 - Limited - Disabled) => C:\Users\fbwuser29C8
fbwuser5783 (S-1-5-21-3862297630-1303015323-3635741390-1003 - Limited - Disabled) => C:\Users\fbwuser5783
fbwuserFBEA (S-1-5-21-3862297630-1303015323-3635741390-1002 - Limited - Disabled) => C:\Users\fbwuserFBEA
Guest (S-1-5-21-3862297630-1303015323-3635741390-501 - Limited - Disabled)
Jesus (S-1-5-21-3862297630-1303015323-3635741390-1000 - Administrator - Enabled) => C:\Users\Jesus

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
ArcSoft Magic-I Visual Effects (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM-x32\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version: - ArcSoft)
Business Plan Pro 15th Anniversary Edition (HKLM-x32\...\{3E9E68FB-49FA-410A-8787-424F2A506E0F}) (Version: 11.25.0009 - Palo Alto Software, Inc.)
Click to Disc (HKLM-x32\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.00.06190 - Sony Corporation)
Click to Disc (x32 Version: 1.2.00.06190 - Sony Corporation) Hidden
Click to Disc Editor (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 1.2.00 - Sony Corporation)
Click to Disc Editor (x32 Version: 1.2.00 - Sony Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CrystalDiskInfo 6.5.2 Shizuku Edition (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.5.2 - Crystal Dew World)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
f.lux (HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - )
Hotspot Shield 5.2.1 (HKLM-x32\...\HotspotShield) (Version: 5.2.1 - AnchorFree Inc.)
Hotspot Shield 5.2.1 Embedded (x32 Version: 5.2.1.0 - Buildbot) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{26921B2E-3E62-47F9-A514-1FC4A83BD738}) (Version: 12.00.0004 - Intel(R) Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.2 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\Kodi) (Version: - XBMC-Foundation)
Macro Recorder 5.7.8 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.8 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM-x32\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.2.00.17290 - Sony Corporation)
OpenMG Secure Module 5.1.00 (HKLM-x32\...\InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}) (Version: 5.1.00.05200 - Sony Corporation)
OpenMG Secure Module 5.1.00 (x32 Version: 5.1.00.05200 - Sony Corporation) Hidden
Pavtube Video Converter Ultimate Ver 4.8.6.6 (HKLM-x32\...\{682B3199-76C3-4745-B7AE-FC13F6676421}_is1) (Version: - )
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 3.3.2 (HKLM-x32\...\qBittorrent) (Version: 3.3.2 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.1.00.07300 - Sony Corporation)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 3.2.02.06170 - Sony Corporation)
Sony Video Shared Library (HKLM-x32\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.4.00 - Sony Corporation)
SuperBeam version 1.2.0 (HKLM-x32\...\{1E690789-503A-4733-B224-7FE1DA597F2A}_is1) (Version: 1.2.0 - MukaBits)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.7.0 - Synaptics)
TreeMaker 5.0 (HKLM-x32\...\TreeMaker_is1) (Version: - TreeMaker Team)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Update for Office 2007 (KB934528) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version: - )
Update for Office System 2007 Setup (KB929722) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - )
VAIO Content Folder Setting (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.0.00.17290 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{FD72E69E-CF34-4071-BFD6-FD081A365E2C}) (Version: 3.2.00.06115 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.2.00.06115 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM-x32\...\{FE697886-F392-4E0D-A0C0-47587BF60992}) (Version: 3.2.00.06062 - Sony Corporation)
VAIO Content Metadata Manager Setting (x32 Version: 3.2.00.06062 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{CB8A8696-93EC-414E-A752-850AB133F68A}) (Version: 3.2.00.06112 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.2.00.06112 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.1.00.07110 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.2.00.06200 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.2.00.06200 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.1.00.07280 - Sony Corporation)
VAIO Help and Support (HKLM-x32\...\{D47FE987-EA3D-424B-9886-B752501D7CE7}) (Version: 6.01.0806.64.ENCA - Sony Corporation)
VAIO Launcher (HKLM-x32\...\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}) (Version: 2.1.00.06130 - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}) (Version: 1.1.00.05240 - Sony Corporation)
VAIO Media plus (x32 Version: 1.1.00.05240 - Sony Corporation) Hidden
VAIO Movie Story (HKLM-x32\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.3.00.06240 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.3.00.06240 - Sony Corporation) Hidden
VAIO MusicBox (HKLM-x32\...\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}) (Version: 2.1.00.06110 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM-x32\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (HKLM-x32\...\{E1D25278-B51A-4163-BC3D-20A4D2D09F98}) (Version: 1.00.0229 - Sony)
VAIO OOBE and Welcome Center (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 6.10.0820.64.ENCA - Sony Corporation)
VAIO Original Function Setting (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.4.00.04230 - Sony Corporation)
VAIO Power Management (HKLM-x32\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.1.00.08060 - Sony Corporation)
VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (HKLM-x32\...\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}) (Version: 4.0.0.07150 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.2.00.05200 - Sony Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VNC Enterprise Edition E4.6.1 (HKLM\...\RealVNC_is1) (Version: E4.6.1 - RealVNC Ltd)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.7.0 (HKLM\...\VNCPrinter_is1) (Version: 1.7.0 - RealVNC Ltd.)
WinDVD for VAIO (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.513 - InterVideo Inc.)
WinDVD for VAIO (x32 Version: 8.0-B9.513 - InterVideo Inc.) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WizTree v1.06 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0740DD42-4088-436A-BE9C-FACCBA54A606} - System32\Tasks\pc shutdown => C:\Windows\System32\shutdown.exe [2008-01-20] (Microsoft Corporation)
Task: {14F8B2CC-84BA-4F6B-8369-83054F6FBCE9} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {2366A3F1-90CA-437B-8326-6414B8BD9C6E} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2008-06-27] (Sony Corporation)
Task: {34CDABAF-6B1A-4216-9047-428368C5928B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {504D00C1-BF23-44BB-990E-85DE843E7D97} - System32\Tasks\Uninstaller_SkipUac_Jesus => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-12] (IObit)
Task: {6AD4527D-0182-4925-AAEB-937035C7E7AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-01] (Adobe Systems Incorporated)
Task: {75396622-D73E-4D2C-B458-98171F7A11AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-13] (Google Inc.)
Task: {B6020190-E20D-4FE2-BA59-626574977FE7} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-07-15] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2007-09-06 12:27 - 2007-09-06 12:27 - 01331712 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-04-30 21:45 - 2008-04-30 21:45 - 00335872 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2016-01-06 11:16 - 2011-02-04 22:22 - 00030720 _____ () C:\Windows\System32\VNCpm.dll
2015-06-13 16:03 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-02-17 14:43 - 2016-02-17 14:43 - 00166528 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2016-02-03 20:52 - 2016-02-03 20:52 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll
2009-03-27 15:02 - 2009-03-27 15:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll
2009-03-27 15:02 - 2009-03-27 15:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll
2008-08-12 16:04 - 2008-07-28 19:45 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2008-08-12 16:04 - 2008-07-28 19:45 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2015-06-13 16:10 - 2015-03-28 19:31 - 00107520 _____ () C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2016-02-19 16:18 - 2016-02-17 23:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
2015-06-13 16:18 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-06-13 16:18 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2016-03-04 20:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesus\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9DED1E44-BC0E-4640-ABE6-AFA5FA6E0648}] => (Allow) LPort=80
FirewallRules: [{BF5F4EA5-BD98-45ED-A623-3A928C7C1F91}] => (Allow) LPort=80
FirewallRules: [{DD1F1458-79D6-4B78-B9B0-C4DAEA5114C0}] => (Allow) LPort=80
FirewallRules: [{2A60FB7E-5749-4678-B0E0-49D233376251}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{F0789806-1A29-4E57-988A-8413A1F31DD6}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{CC2EFE52-08DE-4C09-8543-58D3893F3A43}] => (Allow) C:\Users\Jesus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2CE75413-1F4C-49A5-9AB8-F23AD944AE41}] => (Allow) C:\Users\Jesus\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67467198-32B5-41DB-93DF-4975E62BD48F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{D0E621D4-E248-402C-8631-CFAFB716B90C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{A01167FC-C1EF-4AE5-9FF1-F1979E24B570}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{679D0B8F-B7FC-46C2-8002-0F6C562F7BF7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{E8D13ABC-0D31-4282-9C4A-2DB2A2744353}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{63DA2B72-A69D-4CC7-80E4-EED5C9C14731}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{7C7D5D8A-7974-49A2-8EA5-04234D76C865}] => (Allow) C:\Program Files\RealVNC\VNC4\winvnc4.exe
FirewallRules: [{9AECEEF8-5DDA-43B5-845C-3C4B1A88ED86}] => (Allow) C:\Program Files\RealVNC\VNC4\winvnc4.exe
FirewallRules: [{B7A9498D-DDFC-48B0-AEB0-17CC6CB7F704}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{347B30C0-FF95-4C4E-AAAF-B359201B394D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{4732E540-9105-482D-83DC-926F7C64FA1E}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{56410756-1225-44E5-8522-87889F08AA0D}C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [{8160A232-220A-4B99-9593-EFC7722463CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-02-2016 00:00:02 Scheduled Checkpoint
24-02-2016 12:30:45 Scheduled Checkpoint
25-02-2016 10:11:53 Windows Update
26-02-2016 00:22:45 Scheduled Checkpoint
26-02-2016 14:05:16 Scheduled Checkpoint
27-02-2016 10:46:44 Scheduled Checkpoint
28-02-2016 00:00:02 Scheduled Checkpoint
29-02-2016 16:57:48 Scheduled Checkpoint
01-03-2016 10:13:19 Scheduled Checkpoint
02-03-2016 00:00:02 Scheduled Checkpoint
02-03-2016 19:59:52 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
02-03-2016 20:07:38 Windows Update
03-03-2016 09:29:10 Scheduled Checkpoint
04-03-2016 18:24:17 JRT Pre-Junkware Removal
04-03-2016 18:42:36 Installed BlueStacks App Player
04-03-2016 20:08:18 Removed BlueStacks App Player

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2016 07:41:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (03/04/2016 07:41:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/04/2016 07:41:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (03/04/2016 07:41:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\system32\Secur32.dll4

Error: (03/04/2016 07:41:34 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4

Error: (03/04/2016 07:41:32 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: EmdCache4

Error: (03/04/2016 07:41:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (03/04/2016 06:58:01 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files (x86)\BlueStacks\HD-CreateSymlink.exe because this image is a 64bit assembly; try using 64bit ngen instead.

Error: (03/04/2016 06:15:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2016 06:15:08 PM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

System errors:
=============
Error: (03/04/2016 09:48:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/04/2016 08:33:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/04/2016 08:32:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/04/2016 08:27:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (03/04/2016 08:20:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: IMF Service1

Error: (03/04/2016 08:10:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: BlueStacks Updater Service1

Error: (03/04/2016 06:25:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: VNC Server Version 41

Error: (03/04/2016 06:15:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: DMICall

Error: (03/04/2016 06:15:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: VAIO Power Management%%1053

Error: (03/04/2016 06:15:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000VAIO Power Management

CodeIntegrity:
===================================
Date: 2016-03-04 21:50:42.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:41.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:41.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:41.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:40.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:40.284
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:39.925
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:39.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:02.131
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-03-04 21:50:01.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 65%
Total physical RAM: 3934.13 MB
Available physical RAM: 1337.62 MB
Total Virtual: 8047.54 MB
Available Virtual: 5218.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.68 GB) (Free:45.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive h: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:642.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: D24DBD37)
Partition 1: (Not Active) - (Size=9.2 GB) - (Type=27)
Partition 2: (Active) - (Size=223.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CBCE2081)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Mar 4, 2016

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Everett · Mar 4, 2016

Fix result of Farbar Recovery Scan Tool (x64) Version:04-03-2016
Ran by Jesus (2016-03-04 22:11:12) Run:1
Running from C:\Users\Jesus\Desktop
Loaded Profiles: Jesus (Available Profiles: Jesus & fbwuser29C8 & fbwuserFBEA & fbwuser5783)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M7684315B-37F3-49FE-9DFE-325686680F51&SearchSource=55&CUI=&UM=8&UP=SPBF496382-60B6-4495-848A-59B622EFC2AC&SSPV="
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
U1 Beep; no ImagePath
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2016-03-03 21:42 - 2016-03-03 21:42 - 0000732 _____ () C:\Users\Jesus\AppData\Local\d3d9caps64.dat
2015-06-13 10:25 - 2016-03-04 20:00 - 0041984 _____ () C:\Users\Jesus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-02 19:59 - 2016-03-02 19:59 - 0431684 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI6202.txt
2015-07-16 07:23 - 2015-07-16 07:24 - 0440850 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI6D36.txt
2015-12-20 08:03 - 2015-12-20 08:03 - 0438832 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistMSI762B.txt
2016-03-02 19:59 - 2016-03-02 19:59 - 0011366 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI6202.txt
2015-07-16 07:23 - 2015-07-16 07:24 - 0011598 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI6D36.txt
2015-12-20 08:03 - 2015-12-20 08:03 - 0013702 _____ () C:\Users\Jesus\AppData\Local\dd_vcredistUI762B.txt
2015-06-14 18:39 - 2015-06-14 18:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eedgghdcpmmmilkmfpnklknlenbiolec" => key removed successfully
Beep => service removed successfully
catchme => service removed successfully
IpInIp => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
C:\Users\Jesus\AppData\Local\d3d9caps64.dat => moved successfully
C:\Users\Jesus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Jesus\AppData\Local\dd_vcredistMSI6202.txt => moved successfully
C:\Users\Jesus\AppData\Local\dd_vcredistMSI6D36.txt => moved successfully
C:\Users\Jesus\AppData\Local\dd_vcredistMSI762B.txt => moved successfully
C:\Users\Jesus\AppData\Local\dd_vcredistUI6202.txt => moved successfully
C:\Users\Jesus\AppData\Local\dd_vcredistUI6D36.txt => moved successfully
C:\Users\Jesus\AppData\Local\dd_vcredistUI762B.txt => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

==== End of Fixlog 22:11:12 ====

Broni · Mar 4, 2016

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Everett · Mar 5, 2016

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 71
Java 8 Update 74
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.286
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome (48.0.2564.109)
Google Chrome (48.0.2564.116)
````````Process Check: objlist.exe by Laurent````````
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Everett · Mar 5, 2016

Farbar Service Scanner Version: 27-01-2016
Ran by Jesus (administrator) on 05-03-2016 at 09:07:55
Running from "C:\Users\Jesus\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Everett · Mar 5, 2016

2016-03-05 16:24:23.517 Sophos Virus Removal Tool version 2.5.5
2016-03-05 16:24:23.517 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-03-05 16:24:23.517 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-03-05 16:24:23.517 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
2016-03-05 16:24:23.517 Checking for updates...
2016-03-05 16:24:35.246 Update progress: proxy server not available
2016-03-05 16:25:08.439 Option all = no
2016-03-05 16:25:08.439 Option recurse = yes
2016-03-05 16:25:08.439 Option archive = no
2016-03-05 16:25:08.439 Option service = yes
2016-03-05 16:25:08.439 Option confirm = yes
2016-03-05 16:25:08.439 Option sxl = yes
2016-03-05 16:25:08.455 Option max-data-age = 35
2016-03-05 16:25:08.455 Option EnableSafeClean = yes
2016-03-05 16:25:09.625 Option vdl-logging = yes
2016-03-05 16:25:09.656 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-03-05 16:25:09.656 Machine ID: 745038c669194655bac2965fb0c73cf4
2016-03-05 16:25:09.687 Component SVRTcli.exe version 2.5.5
2016-03-05 16:25:09.687 Component control.dll version 2.5.5
2016-03-05 16:25:09.687 Component SVRTservice.exe version 2.5.5
2016-03-05 16:25:09.687 Component engine\osdp.dll version 1.44.1.2240
2016-03-05 16:25:09.687 Component engine\veex.dll version 3.64.0.2240
2016-03-05 16:25:09.687 Component engine\savi.dll version 9.0.0.2240
2016-03-05 16:25:09.718 Component rkdisk.dll version 1.5.30.0
2016-03-05 16:25:09.718 Version info: Product version 2.5.5
2016-03-05 16:25:09.718 Version info: Detection engine 3.64.0
2016-03-05 16:25:09.718 Version info: Detection data 5.24
2016-03-05 16:25:09.718 Version info: Build date 09/02/2016
2016-03-05 16:25:09.718 Version info: Data files added 289
2016-03-05 16:25:09.718 Version info: Last successful update (not yet updated)
2016-03-05 16:26:00.837 Downloading updates...
2016-03-05 16:26:00.853 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement IDE525 LATEST
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement IDE526 LATEST
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement IDE527 LATEST
2016-03-05 16:26:00.853 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-03-05 16:26:00.853 Update progress: [I19463] Syncing product SAVIW32 67
2016-03-05 16:26:02.597 Update progress: [I19463] Syncing product IDE525 141
2016-03-05 16:26:02.987 Update progress: [I19463] Syncing product IDE526 151
2016-03-05 16:26:04.016 Installing updates...
2016-03-05 16:26:05.452 Error level 1
2016-03-05 16:26:06.216 Update progress: [I19463] Syncing product IDE527 1
2016-03-05 16:27:22.278 Update successful
2016-03-05 16:27:42.085 Option all = no
2016-03-05 16:27:42.085 Option recurse = yes
2016-03-05 16:27:42.085 Option archive = no
2016-03-05 16:27:42.085 Option service = yes
2016-03-05 16:27:42.085 Option confirm = yes
2016-03-05 16:27:42.085 Option sxl = yes
2016-03-05 16:27:42.085 Option max-data-age = 35
2016-03-05 16:27:42.085 Option EnableSafeClean = yes
2016-03-05 16:27:42.413 Option vdl-logging = yes
2016-03-05 16:27:42.444 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-03-05 16:27:42.444 Machine ID: 745038c669194655bac2965fb0c73cf4
2016-03-05 16:27:42.444 Component SVRTcli.exe version 2.5.5
2016-03-05 16:27:42.444 Component control.dll version 2.5.5
2016-03-05 16:27:42.444 Component SVRTservice.exe version 2.5.5
2016-03-05 16:27:42.444 Component engine\osdp.dll version 1.44.1.2240
2016-03-05 16:27:42.444 Component engine\veex.dll version 3.64.0.2240
2016-03-05 16:27:42.444 Component engine\savi.dll version 9.0.0.2240
2016-03-05 16:27:42.444 Component rkdisk.dll version 1.5.30.0
2016-03-05 16:27:42.444 Version info: Product version 2.5.5
2016-03-05 16:27:42.444 Version info: Detection engine 3.64.0
2016-03-05 16:27:42.444 Version info: Detection data 5.24
2016-03-05 16:27:42.444 Version info: Build date 09/02/2016
2016-03-05 16:27:42.444 Version info: Data files added 290
2016-03-05 16:27:42.444 Version info: Last successful update 05/03/2016 11:27:22 AM

2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll

id:00001694:file
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-03-05 16:28:18.747 The following items will be cleaned up:
2016-03-05 16:28:18.747 Mal/VMProtBad-A

Broni · Mar 5, 2016

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

=========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Everett · Mar 5, 2016

After the sophos cleaned the first threat it continued to can and there is a second threat. I will post the log for that one too:

2016-03-05 16:24:23.517 Sophos Virus Removal Tool version 2.5.5
2016-03-05 16:24:23.517 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-03-05 16:24:23.517 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-03-05 16:24:23.517 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 WOW64
2016-03-05 16:24:23.517 Checking for updates...
2016-03-05 16:24:35.246 Update progress: proxy server not available
2016-03-05 16:25:08.439 Option all = no
2016-03-05 16:25:08.439 Option recurse = yes
2016-03-05 16:25:08.439 Option archive = no
2016-03-05 16:25:08.439 Option service = yes
2016-03-05 16:25:08.439 Option confirm = yes
2016-03-05 16:25:08.439 Option sxl = yes
2016-03-05 16:25:08.455 Option max-data-age = 35
2016-03-05 16:25:08.455 Option EnableSafeClean = yes
2016-03-05 16:25:09.625 Option vdl-logging = yes
2016-03-05 16:25:09.656 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-03-05 16:25:09.656 Machine ID: 745038c669194655bac2965fb0c73cf4
2016-03-05 16:25:09.687 Component SVRTcli.exe version 2.5.5
2016-03-05 16:25:09.687 Component control.dll version 2.5.5
2016-03-05 16:25:09.687 Component SVRTservice.exe version 2.5.5
2016-03-05 16:25:09.687 Component engine\osdp.dll version 1.44.1.2240
2016-03-05 16:25:09.687 Component engine\veex.dll version 3.64.0.2240
2016-03-05 16:25:09.687 Component engine\savi.dll version 9.0.0.2240
2016-03-05 16:25:09.718 Component rkdisk.dll version 1.5.30.0
2016-03-05 16:25:09.718 Version info: Product version 2.5.5
2016-03-05 16:25:09.718 Version info: Detection engine 3.64.0
2016-03-05 16:25:09.718 Version info: Detection data 5.24
2016-03-05 16:25:09.718 Version info: Build date 09/02/2016
2016-03-05 16:25:09.718 Version info: Data files added 289
2016-03-05 16:25:09.718 Version info: Last successful update (not yet updated)
2016-03-05 16:26:00.837 Downloading updates...
2016-03-05 16:26:00.853 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement IDE525 LATEST
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement IDE526 LATEST
2016-03-05 16:26:00.853 Update progress: [I49502] Found supplement IDE527 LATEST
2016-03-05 16:26:00.853 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-03-05 16:26:00.853 Update progress: [I19463] Syncing product SAVIW32 67
2016-03-05 16:26:02.597 Update progress: [I19463] Syncing product IDE525 141
2016-03-05 16:26:02.987 Update progress: [I19463] Syncing product IDE526 151
2016-03-05 16:26:04.016 Installing updates...
2016-03-05 16:26:05.452 Error level 1
2016-03-05 16:26:06.216 Update progress: [I19463] Syncing product IDE527 1
2016-03-05 16:27:22.278 Update successful
2016-03-05 16:27:42.085 Option all = no
2016-03-05 16:27:42.085 Option recurse = yes
2016-03-05 16:27:42.085 Option archive = no
2016-03-05 16:27:42.085 Option service = yes
2016-03-05 16:27:42.085 Option confirm = yes
2016-03-05 16:27:42.085 Option sxl = yes
2016-03-05 16:27:42.085 Option max-data-age = 35
2016-03-05 16:27:42.085 Option EnableSafeClean = yes
2016-03-05 16:27:42.413 Option vdl-logging = yes
2016-03-05 16:27:42.444 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-03-05 16:27:42.444 Machine ID: 745038c669194655bac2965fb0c73cf4
2016-03-05 16:27:42.444 Component SVRTcli.exe version 2.5.5
2016-03-05 16:27:42.444 Component control.dll version 2.5.5
2016-03-05 16:27:42.444 Component SVRTservice.exe version 2.5.5
2016-03-05 16:27:42.444 Component engine\osdp.dll version 1.44.1.2240
2016-03-05 16:27:42.444 Component engine\veex.dll version 3.64.0.2240
2016-03-05 16:27:42.444 Component engine\savi.dll version 9.0.0.2240
2016-03-05 16:27:42.444 Component rkdisk.dll version 1.5.30.0
2016-03-05 16:27:42.444 Version info: Product version 2.5.5
2016-03-05 16:27:42.444 Version info: Detection engine 3.64.0
2016-03-05 16:27:42.444 Version info: Detection data 5.24
2016-03-05 16:27:42.444 Version info: Build date 09/02/2016
2016-03-05 16:27:42.444 Version info: Data files added 290
2016-03-05 16:27:42.444 Version info: Last successful update 05/03/2016 11:27:22 AM

2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll

id:00001694:file
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-3862297630-1303015323-3635741390-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-03-05 16:28:16.080 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2016-03-05 16:28:18.747 The following items will be cleaned up:
2016-03-05 16:28:18.747 Mal/VMProtBad-A

Solved TECHBROWSING.COM appearing when chrome restores previous pages.

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 56,041 +516

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 56,041 +516

Posts: 51 +1

Posts: 56,041 +516

Posts: 51 +1

Posts: 51 +1

Posts: 56,041 +516

Attachments

Posts: 51 +1

Posts: 56,041 +516

Posts: 51 +1

Posts: 51 +1

Posts: 51 +1

Posts: 56,041 +516

Posts: 51 +1

Similar threads