Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help!!Everytime i click on a page im directed to another pag

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help!!Everytime i click on a page im directed to another pag

Unread postby briannelson » December 7th, 2015, 6:41 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by brian (administrator) on BRIANSLAPTOP (07-12-2015 22:22:16)
Running from C:\Users\brian\Downloads
Loaded Profiles: brian (Available Profiles: brian & postgres)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\brian\AppData\Roaming\AB262841-1432986510-E211-A305-208984932F2E\hnsgB77B.tmp
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(TektonIT) C:\Users\brian\AppData\Roaming\Adobe\Flash Player\Update\rutserv.exe
() C:\Program Files (x86)\116FC117-A4FD-4F86-9840-14C9CD63BFCE\updater_zkurwblqyk.exe
() C:\Users\brian\AppData\Roaming\AB262841-1432986510-E211-A305-208984932F2E\jnsrA028.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(globalUpdate) C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(TektonIT) C:\Users\brian\AppData\Roaming\Adobe\Flash Player\Update\rfusclient.exe
() C:\Program Files (x86)\Weather Updates\weather_updates_helper_service.exe
(FileProperties_CompanyName) C:\Program Files (x86)\dr games\dr_games_notification_service.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TektonIT) C:\Users\brian\AppData\Roaming\Adobe\Flash Player\Update\rfusclient.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-10-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-05-04] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-05-04] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [mbot_gb_145] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [gmsd_gb_336] => [X]
HKLM-x32\...\Run: [gmsd_gb_391] => [X]
HKLM-x32\...\Run: [gmsd_gb_387] => [X]
HKLM-x32\...\Run: [gmsd_gb_433] => [X]
HKLM-x32\...\Run: [gmsd_gb_010010003] => [X]
HKLM-x32\...\Run: [gmsd_gb_010010011] => [X]
HKLM-x32\...\Run: [gmsd_gb_010010016] => [X]
HKLM-x32\...\Run: [gmsd_gb_010010023] => [X]
HKLM-x32\...\Run: [gmsd_gb_010010032] => [X]
HKLM-x32\...\Run: [gmsd_gb_010010040] => [X]
HKLM-x32\...\Run: [gmsd_gb_010010042] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\Run: [NextLive] => C:\windows\SysWOW64\rundll32.exe "C:\Users\brian\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\Run: [WindApp] => "C:\Users\brian\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247056 2015-11-15] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219920 2015-11-15] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~3\{f4ec1~1\1172~1.1\dori.dll => No File
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Startup: C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-07-31]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{4bb0f75f-fe5e-e836-4bb0-0f75ffe5dd7f}\hqghumeaylnlf.exe (Super PC Tools Ltd)
Startup: C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperPcTool.lnk [2015-07-31]
ShortcutTarget: SuperPcTool.lnk -> C:\ProgramData\{f695c111-4a75-e9e5-f695-5c1114a70445}\SuperPcTool.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54644;https=127.0.0.1:54644
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{06711D08-C24C-4CA8-8F2A-D8C302F82996}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{06711D08-C24C-4CA8-8F2A-D8C302F82996}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{797E2B09-5377-4ED6-A9E6-F6F39167B122}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{797E2B09-5377-4ED6-A9E6-F6F39167B122}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{C6F549A8-0445-4187-A961-777BA32287D9}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{C6F549A8-0445-4187-A961-777BA32287D9}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{D13FE1E9-9C18-47E5-A0F7-D29FD89353D1}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{D13FE1E9-9C18-47E5-A0F7-D29FD89353D1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds& ... D411551&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds& ... D411551&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... KmYPg,,&q={searchTerms}
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-gb
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.co.uk/
URLSearchHook: HKU\S-1-5-21-798968787-2063651050-2422860059-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {2797B262-2EA8-4E68-8884-E93EB0375DEE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2797B262-2EA8-4E68-8884-E93EB0375DEE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=0d6a6ed ... toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-798968787-2063651050-2422860059-1001 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-798968787-2063651050-2422860059-1001 -> {2797B262-2EA8-4E68-8884-E93EB0375DEE} URL =
SearchScopes: HKU\S-1-5-21-798968787-2063651050-2422860059-1001 -> {79144D97-56D3-4F5F-8D4F-6D0DD2E77871} URL = hxxp://do-search.com/web/?utm_source=b& ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-798968787-2063651050-2422860059-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-798968787-2063651050-2422860059-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-798968787-2063651050-2422860059-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-07-18] (Intel)

Chrome:
=======
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb
CHR StartupUrls: Profile 2 -> "hxxp://www.trovi.com/?gd=&ctid=CT3317919&octid=EB_ORIGINAL_CTID&ISID=M7A104311-2746-4FC2-9F59-8A8085F6EF1B&SearchSource=55&CUI=&UM=8&UP=SP3FCD7CC8-85EA-45E2-BBBF-DFB3CB37A196&D=040815&SSPV="
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gem Grab) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgkapbcioidohpahpfnflgbonpbehap [2015-07-31] [UpdateUrl: hxxp://cdn.gemgrab.net/update] <==== ATTENTION
CHR Extension: (Gem Grab) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaihgdaepkpjjmollocjjjkenopkpc [2015-08-03] [UpdateUrl: hxxp://cdn.gemgrab.net/update] <==== ATTENTION
CHR Extension: (Its Results Hub) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpfcmoinbnjlbonfhmiheekenhgdngdc [2015-08-01] [UpdateUrl: hxxp://cdn.itsresultshub.com/update] <==== ATTENTION
CHR Profile: C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Hypothesis Web PDF Annotation) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjfhmglciegochdpefhhlphglcehbmek [2015-08-11] [UpdateUrl: hxxps://mynamedomain.koko//0service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-01]
CHR Extension: (Google Search) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-01]
CHR Extension: (Popcornew) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\engaigpbgdjjmanonjcjkcmomgibneba [2015-05-31]
CHR Extension: (AdBlock Premium) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fndlhnanhedoklpdaacidomdnplcjcpj [2015-01-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Ghostery) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-12-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-01]
CHR Profile: C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Drive) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Adguard AdBlocker) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-12-07]
CHR Extension: (YouTube) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-07]
CHR Extension: (Google Search) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-04]
CHR Extension: (Google Wallet) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Extutil) - C:\Users\brian\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-04-08]
CHR Extension: (Managera) - C:\Users\brian\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-04-08]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-798968787-2063651050-2422860059-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-798968787-2063651050-2422860059-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fpgdgofgnobocjhpgifakcoieimjejbm] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-798968787-2063651050-2422860059-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fpgdgofgnobocjhpgifakcoieimjejbm] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240184 2015-09-06] (Client Connect LTD)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-31] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-31] (globalUpdate) [File not signed] <==== ATTENTION
R2 hipocizi; C:\Users\brian\AppData\Roaming\AB262841-1432986510-E211-A305-208984932F2E\hnsgB77B.tmp [311296 2015-05-30] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RManService; C:\Users\brian\AppData\Roaming\Adobe\Flash Player\Update\rutserv.exe [6062848 2014-10-11] (TektonIT)
R2 updater_zkurwblqyk; C:\Program Files (x86)\116FC117-A4FD-4F86-9840-14C9CD63BFCE\updater_zkurwblqyk.exe [483328 2014-10-21] () [File not signed]
R2 viciwyri; C:\Users\brian\AppData\Roaming\AB262841-1432986510-E211-A305-208984932F2E\jnsrA028.tmp [227840 2015-05-30] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 s116bus; C:\Windows\System32\drivers\s116bus.sys [108296 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\system32\DRIVERS\s116mdfl.sys [19720 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\system32\DRIVERS\s116mdm.sys [144648 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\system32\DRIVERS\s116obex.sys [123656 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\drivers\s116unic.sys [130824 2007-04-03] (MCCI Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-01-05] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61112 2014-02-20] (StdLib)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S1 bezaxgrl; \??\C:\WINDOWS\system32\drivers\bezaxgrl.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
S1 ppfd_vw_1_10_0_22; system32\drivers\ppfd_vw_1_10_0_22.sys [X]
R1 ppfd_vw_1_10_0_24; system32\drivers\ppfd_vw_1_10_0_24.sys [X]
S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
S1 wsfd_vw_1_10_0_20; system32\drivers\wsfd_vw_1_10_0_20.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 22:22 - 2015-12-07 22:22 - 00031398 _____ C:\Users\brian\Downloads\FRST.txt
2015-12-07 22:21 - 2015-12-07 22:22 - 00000000 ____D C:\FRST
2015-12-07 22:21 - 2015-12-07 22:21 - 02369024 _____ (Farbar) C:\Users\brian\Downloads\FRST64.exe
2015-12-07 21:39 - 2015-12-07 21:39 - 00000801 _____ C:\Users\brian\Documents\hosts.txt
2015-12-07 19:41 - 2015-12-07 19:43 - 55560920 _____ (Microsoft Corporation) C:\Users\brian\Downloads\Windows-KB890830-x64-V5.30.exe
2015-12-07 19:41 - 2015-12-07 19:41 - 02551952 _____ (Microsoft Corporation) C:\Users\brian\Downloads\DefaultPack (1).EXE
2015-12-07 19:21 - 2015-12-07 19:21 - 02551952 _____ (Microsoft Corporation) C:\Users\brian\Downloads\DefaultPack.EXE
2015-12-07 19:20 - 2015-12-07 22:21 - 00003476 _____ C:\WINDOWS\System32\Tasks\bvxvhxvh
2015-12-07 19:20 - 2015-12-07 19:20 - 00000000 ____D C:\Users\brian\AppData\Local\bvxvhxvh
2015-12-07 19:11 - 2015-12-07 22:21 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-12-07 19:11 - 2015-12-07 19:11 - 00000000 ____D C:\Users\brian\AppData\Local\SearchProtect
2015-12-07 18:30 - 2015-12-07 18:30 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-07 18:30 - 2015-12-07 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-04 23:16 - 2015-12-04 23:16 - 00927824 _____ (Google Inc.) C:\Users\brian\Downloads\GoogleEarthProSetup.exe
2015-11-30 21:02 - 2015-12-07 22:15 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-30 21:02 - 2015-12-07 21:15 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-30 21:02 - 2015-12-04 16:10 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-30 21:02 - 2015-12-04 16:10 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 21:02 - 2015-11-30 21:02 - 00929872 _____ (Google Inc.) C:\Users\brian\Downloads\ChromeSetup (1).exe
2015-11-21 15:00 - 2015-11-21 15:00 - 00003280 _____ C:\WINDOWS\System32\Tasks\BhxTbeWO6fepXiV
2015-11-21 15:00 - 2015-11-21 15:00 - 00003240 _____ C:\WINDOWS\System32\Tasks\MAzxVg8k0tr5hSj
2015-11-21 15:00 - 2015-11-21 15:00 - 00000000 ____D C:\Users\brian\AppData\Roaming\zxnhAUc
2015-11-21 15:00 - 2015-11-21 15:00 - 00000000 ____D C:\Users\brian\AppData\Roaming\eLXdZcX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 22:22 - 2013-08-22 13:36 - 00000000 ____D C:\Windows
2015-12-07 22:21 - 2015-04-01 16:21 - 00001328 _____ C:\WINDOWS\Tasks\dr_games_notification_service.job
2015-12-07 22:21 - 2015-04-01 16:21 - 00000690 _____ C:\WINDOWS\Tasks\dr_games_updating_service.job
2015-12-07 22:18 - 2014-03-18 10:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-07 22:18 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-07 22:18 - 2013-05-04 21:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-12-07 22:16 - 2015-02-24 10:30 - 00005526 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-6.job
2015-12-07 22:16 - 2015-02-24 10:30 - 00003146 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-6.job
2015-12-07 22:16 - 2015-02-24 10:30 - 00002120 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-10_user.job
2015-12-07 22:16 - 2014-08-01 17:48 - 00000000 __RDO C:\Users\brian\OneDrive
2015-12-07 22:15 - 2015-05-27 22:21 - 00000558 _____ C:\WINDOWS\Tasks\weather_updates_helper_service.job
2015-12-07 22:15 - 2015-04-01 17:21 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-12-07 22:15 - 2015-02-24 10:31 - 00002454 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5_user.job
2015-12-07 22:15 - 2015-02-24 10:31 - 00002454 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5.job
2015-12-07 22:15 - 2015-02-24 10:30 - 00005190 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-7.job
2015-12-07 22:15 - 2015-02-24 10:30 - 00004102 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-12.job
2015-12-07 22:15 - 2015-02-24 10:30 - 00003146 _____ C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-7.job
2015-12-07 22:15 - 2015-02-24 10:30 - 00000936 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-12-07 22:13 - 2014-10-22 13:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-07 21:46 - 2015-06-24 15:37 - 00000366 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job
2015-12-07 21:41 - 2013-09-07 13:05 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-798968787-2063651050-2422860059-1001
2015-12-07 20:09 - 2015-02-24 10:30 - 00000940 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-12-07 18:29 - 2013-09-12 21:22 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-07 18:23 - 2015-05-27 16:16 - 00000366 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[74c7].job
2015-12-07 18:23 - 2015-05-22 13:58 - 00000366 _____ C:\WINDOWS\Tasks\Periodic Synchronize Task.job
2015-12-07 17:00 - 2014-11-11 17:00 - 00000000 ____D C:\Users\brian\AppData\Roaming\winservices
2015-12-07 12:20 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-07 10:35 - 2013-09-09 20:13 - 00000000 ____D C:\Users\brian\Documents\speedratings
2015-12-07 08:42 - 2014-11-24 16:55 - 00000637 _____ C:\Users\brian\AppData\Local\recently-fix.db
2015-12-07 08:29 - 2014-08-03 11:57 - 00003798 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D699083C-DF7B-4540-A30B-95C022F1E1BD}
2015-12-03 08:26 - 2015-01-29 07:57 - 00000000 ____D C:\Users\brian\Documents\Timesheets
2015-12-03 08:24 - 2013-09-07 12:56 - 00000000 ____D C:\Users\brian\AppData\Local\Packages
2015-11-27 13:23 - 2013-08-22 15:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-27 13:22 - 2013-09-09 19:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-22 23:50 - 2015-10-17 23:18 - 00000000 ___RD C:\Users\brian\Downloads\DeviceDoctor.ZipOpener_mkdtfchztkfbm!App
2015-11-22 00:21 - 2015-11-01 10:55 - 00003478 _____ C:\WINDOWS\System32\Tasks\bvxvgxvyy
2015-11-21 15:00 - 2015-03-25 15:00 - 00000000 ____D C:\Users\brian\AppData\Roaming\mBvPlSK
2015-11-17 17:00 - 2015-06-16 16:04 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-11-16 13:15 - 2015-09-13 13:36 - 00004210 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Pending Update
2015-11-16 13:15 - 2015-09-13 13:36 - 00004200 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core
2015-11-15 12:25 - 2015-11-01 10:55 - 00000000 ____D C:\Users\brian\AppData\Local\bvxvgxvyy
2015-11-10 18:13 - 2014-10-22 13:02 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-08 12:48 - 2013-09-08 00:33 - 00000000 ____D C:\ldiag
2015-11-07 12:50 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2015-06-18 13:58 - 2015-08-14 14:18 - 0000024 _____ () C:\Users\brian\AppData\Roaming\appdataFr25.bin
2014-10-27 18:35 - 2014-10-27 18:36 - 0001270 _____ () C:\Users\brian\AppData\Roaming\Bubble Dock.boostrap.log
2014-10-27 18:36 - 2014-10-27 18:36 - 0005772 _____ () C:\Users\brian\AppData\Roaming\Bubble Dock.installation.log
2014-10-27 18:46 - 2014-10-27 18:46 - 1993136 _____ (CinemaProV27.10) C:\Users\brian\AppData\Roaming\GIBON.exe
2014-10-27 18:46 - 2014-10-27 18:46 - 1509296 _____ (CinemaProV27.10) C:\Users\brian\AppData\Roaming\LWELT.exe
2014-10-27 18:39 - 2014-10-27 18:39 - 1491872 _____ (Object Browser) C:\Users\brian\AppData\Roaming\NI.exe
2014-10-27 18:50 - 2014-10-27 18:50 - 1491872 _____ (smart-saverplus) C:\Users\brian\AppData\Roaming\PEQ.exe
2014-10-27 18:39 - 2014-10-27 18:39 - 1975200 _____ (Object Browser) C:\Users\brian\AppData\Roaming\SDUEAI.exe
2014-10-27 20:01 - 2014-10-27 20:01 - 0000044 _____ () C:\Users\brian\AppData\Roaming\WB.CFG
2014-10-27 18:35 - 2014-10-27 18:35 - 0000097 _____ () C:\Users\brian\AppData\Roaming\WindApp.boostrap.log
2014-10-27 18:36 - 2014-10-27 18:36 - 0000374 _____ () C:\Users\brian\AppData\Roaming\WindApp.installation.log
2014-10-27 18:50 - 2014-10-27 18:50 - 1975200 _____ (smart-saverplus) C:\Users\brian\AppData\Roaming\YLPBU.exe
2014-11-11 17:00 - 2014-11-11 17:00 - 0667648 _____ () C:\Users\brian\AppData\Roaming\~vpfzavp.exe
2015-03-26 07:37 - 2015-03-26 07:37 - 0000000 _____ () C:\Users\brian\AppData\Local\.a852.db
2015-03-26 17:00 - 2015-03-26 17:00 - 0000000 _____ () C:\Users\brian\AppData\Local\.w852.db
2014-10-21 22:03 - 2014-10-21 22:03 - 0000133 _____ () C:\Users\brian\AppData\Local\888pokerCoach_SettingsPath.txt
2015-05-31 12:37 - 2015-05-31 12:37 - 0613255 _____ (CMI Limited) C:\Users\brian\AppData\Local\nsg288F.tmp
2014-10-27 18:29 - 2014-10-27 18:28 - 0612321 _____ (CMI Limited) C:\Users\brian\AppData\Local\nsl44D5.tmp
2014-10-27 19:36 - 2014-10-27 19:36 - 0627760 _____ (CMI Limited) C:\Users\brian\AppData\Local\nsl4DC1.tmp
2014-11-24 16:55 - 2015-12-07 08:42 - 0000637 _____ () C:\Users\brian\AppData\Local\recently-fix.db
2013-05-04 20:58 - 2013-05-04 20:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-04 21:33 - 2013-05-04 21:33 - 0000198 ____H () C:\ProgramData\Lenovo-32089.vbs
2014-09-30 14:57 - 2014-09-30 14:57 - 0431104 _____ () C:\ProgramData\uninstall_Winservices.exe

Files to move or delete:
====================
C:\ProgramData\uninstall_Winservices.exe
C:\Users\brian\ASYCFILT.DLL


Some files in TEMP:
====================
C:\Users\brian\AppData\Local\Temp\10216.exe
C:\Users\brian\AppData\Local\Temp\10599.exe
C:\Users\brian\AppData\Local\Temp\10942.exe
C:\Users\brian\AppData\Local\Temp\11138.exe
C:\Users\brian\AppData\Local\Temp\12299.exe
C:\Users\brian\AppData\Local\Temp\13234.exe
C:\Users\brian\AppData\Local\Temp\14519.exe
C:\Users\brian\AppData\Local\Temp\15001.exe
C:\Users\brian\AppData\Local\Temp\15597.exe
C:\Users\brian\AppData\Local\Temp\16840.exe
C:\Users\brian\AppData\Local\Temp\17497.exe
C:\Users\brian\AppData\Local\Temp\17757.exe
C:\Users\brian\AppData\Local\Temp\17824.exe
C:\Users\brian\AppData\Local\Temp\19560.exe
C:\Users\brian\AppData\Local\Temp\19828.exe
C:\Users\brian\AppData\Local\Temp\21587.exe
C:\Users\brian\AppData\Local\Temp\2410.exe
C:\Users\brian\AppData\Local\Temp\24224.exe
C:\Users\brian\AppData\Local\Temp\25247.exe
C:\Users\brian\AppData\Local\Temp\25409.exe
C:\Users\brian\AppData\Local\Temp\2608.exe
C:\Users\brian\AppData\Local\Temp\26829.exe
C:\Users\brian\AppData\Local\Temp\26884.exe
C:\Users\brian\AppData\Local\Temp\27728.exe
C:\Users\brian\AppData\Local\Temp\29673.exe
C:\Users\brian\AppData\Local\Temp\29830.exe
C:\Users\brian\AppData\Local\Temp\30805.exe
C:\Users\brian\AppData\Local\Temp\31912.exe
C:\Users\brian\AppData\Local\Temp\32202.exe
C:\Users\brian\AppData\Local\Temp\32457.exe
C:\Users\brian\AppData\Local\Temp\32721.exe
C:\Users\brian\AppData\Local\Temp\3397.exe
C:\Users\brian\AppData\Local\Temp\3488.exe
C:\Users\brian\AppData\Local\Temp\3528.exe
C:\Users\brian\AppData\Local\Temp\4219.exe
C:\Users\brian\AppData\Local\Temp\4687.exe
C:\Users\brian\AppData\Local\Temp\4770.exe
C:\Users\brian\AppData\Local\Temp\5823.exe
C:\Users\brian\AppData\Local\Temp\5874.exe
C:\Users\brian\AppData\Local\Temp\6287.exe
C:\Users\brian\AppData\Local\Temp\6632.exe
C:\Users\brian\AppData\Local\Temp\8082.exe
C:\Users\brian\AppData\Local\Temp\846.exe
C:\Users\brian\AppData\Local\Temp\8680.exe
C:\Users\brian\AppData\Local\Temp\9263.exe
C:\Users\brian\AppData\Local\Temp\9684.exe
C:\Users\brian\AppData\Local\Temp\avg261C.exe
C:\Users\brian\AppData\Local\Temp\avg28D9.exe
C:\Users\brian\AppData\Local\Temp\avg4ED1.exe
C:\Users\brian\AppData\Local\Temp\avg5254.exe
C:\Users\brian\AppData\Local\Temp\avg55BE.exe
C:\Users\brian\AppData\Local\Temp\avg6214.exe
C:\Users\brian\AppData\Local\Temp\avg686C.exe
C:\Users\brian\AppData\Local\Temp\avg74B3.exe
C:\Users\brian\AppData\Local\Temp\avg9557.exe
C:\Users\brian\AppData\Local\Temp\avg96BE.exe
C:\Users\brian\AppData\Local\Temp\avg9FFE.exe
C:\Users\brian\AppData\Local\Temp\avgC02A.exe
C:\Users\brian\AppData\Local\Temp\avgDCCB.exe
C:\Users\brian\AppData\Local\Temp\avgDFE9.exe
C:\Users\brian\AppData\Local\Temp\avgF3D4.exe
C:\Users\brian\AppData\Local\Temp\avgF9CF.exe
C:\Users\brian\AppData\Local\Temp\bitool.dll
C:\Users\brian\AppData\Local\Temp\flv.exe
C:\Users\brian\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\brian\AppData\Local\Temp\mpam-843053ab.exe
C:\Users\brian\AppData\Local\Temp\OnlineBackup.exe
C:\Users\brian\AppData\Local\Temp\Pokerstars Cracked Ebook Pdf Downloader__3687_i1387170881_il278869.exe
C:\Users\brian\AppData\Local\Temp\pokerstars cracked ebook__3515_i1385985900_il5380629.exe
C:\Users\brian\AppData\Local\Temp\Setup.exe
C:\Users\brian\AppData\Local\Temp\SIInvoker.exe
C:\Users\brian\AppData\Local\Temp\supoptsetup.exe
C:\Users\brian\AppData\Local\Temp\Uninstall.exe
C:\Users\brian\AppData\Local\Temp\unzip.exe
C:\Users\brian\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-12 15:58

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by brian (2015-12-07 22:23:39)
Running from C:\Users\brian\Downloads
Windows 8.1 (X64) (2014-08-01 17:42:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-798968787-2063651050-2422860059-500 - Administrator - Disabled)
brian (S-1-5-21-798968787-2063651050-2422860059-1001 - Administrator - Enabled) => C:\Users\brian
Guest (S-1-5-21-798968787-2063651050-2422860059-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-798968787-2063651050-2422860059-1003 - Limited - Enabled)
postgres (S-1-5-21-798968787-2063651050-2422860059-1005 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20071 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.50 - Conexant)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Lenovo App Shop (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 45246 - Intel)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version: - ) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.90.9 - Client Connect LTD) <==== ATTENTION
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sky Go Desktop (HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\149925710.go.sky.com) (Version: - go.sky.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-798968787-2063651050-2422860059-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-798968787-2063651050-2422860059-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-798968787-2063651050-2422860059-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

==================== Restore Points =========================

01-08-2015 10:45:37 Adblock Plus for IE
14-08-2015 14:20:25 Removed PaperPort Image Printer 64-bit
04-09-2015 21:45:46 Removed Google Earth.
07-12-2015 18:22:37 Removed Google Earth Pro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2014-10-27 19:01 - 00001993 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
0.0.0.0 cdn.bisrv.com

There are 3 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006B8982-A110-425C-98A9-4CBEEF34D7AC} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Core => C:\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe <==== ATTENTION
Task: {014D567A-25F4-4113-842C-230A29FAD2C7} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\brian\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {01D64298-4E27-4465-9E14-43CA808665C4} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5_user => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5.exe <==== ATTENTION
Task: {02FF8FB9-AE7B-44C6-AD03-466F5E0A97DE} - System32\Tasks\bvxvdxvx => C:\Users\brian\AppData\Local\bvxvdxvx\bvxvdxvx.exe [2015-09-06] () <==== ATTENTION
Task: {0954A4CD-BA3C-435E-8FED-975FF9C0625F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {154939D4-696D-462B-9E7C-73AF0085FE82} - System32\Tasks\Run_Bobby_Browser => C:\Users\brian\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {157D56D6-B227-46C7-8C7E-A3F33CCFB494} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {163A996A-8C36-4427-9DD8-57510AEC38E7} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\brian\AppData\Roaming\~vpfzavp.exe [2014-11-11] ()
Task: {198FB89D-9428-4A57-93D6-7F622DB452CB} - System32\Tasks\avaavaxvyy => C:\Users\brian\AppData\Local\avaavaxvyy\avaavaxvyy.exe [2015-03-31] () <==== ATTENTION
Task: {1993DE79-C03A-4181-BBF7-7DEA025F823E} - System32\Tasks\Lenovo\Lenovo-32089 => C:\ProgramData\Lenovo-32089.vbs [2013-05-04] ()
Task: {1F697C7D-1598-4C54-B9ED-22F58253CA78} - System32\Tasks\avabvbxvh => C:\Users\brian\AppData\Local\avabvbxvh\avabvbxvh.exe [2015-05-13] () <==== ATTENTION
Task: {258C0E21-5FC0-43C2-B82A-5A82A3ED427F} - System32\Tasks\RgthjlGdTYxXbMq => C:\Users\brian\AppData\Roaming\mBvPlSK\oORzgcn.exe [2015-03-25] ( )
Task: {268F78C5-305A-43D5-81F8-CDF68BD865CB} - System32\Tasks\dr_games_notification_service => C:\Program Files (x86)\dr games\dr_games_notification_service.exe [2015-04-01] (FileProperties_CompanyName) <==== ATTENTION
Task: {2758366E-CA02-47BC-A5E9-8F03EDE45745} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-31] (globalUpdate) <==== ATTENTION
Task: {350B80A7-FE04-42EF-9175-586AFD49AED6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-27] (Microsoft Corporation)
Task: {3565F1AD-C751-410B-BEA9-CC1EA148058B} - System32\Tasks\bvxvyxvec => C:\Users\brian\AppData\Local\bvxvyxvec\bvxvyxvec.exe [2015-08-03] () <==== ATTENTION
Task: {3657F07B-A538-46BA-91A9-8FD27C3971B2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-08-08] (Lenovo)
Task: {36EA3038-178A-475A-84DB-27937DEDF734} - System32\Tasks\bvxvexvbg => C:\Users\brian\AppData\Local\bvxvexvbg\bvxvexvbg.exe [2015-09-21] () <==== ATTENTION
Task: {37865CF4-1147-46F0-8C57-2BA5A9AE5E53} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-6 => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-6.exe <==== ATTENTION
Task: {3C3511CC-AB7C-4548-9FF9-8E2848CF0AA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {3C6D4318-98C3-4B42-857E-264029A02957} - System32\Tasks\SuperClick Auto Updater 1.10.0.16 Pending Update => C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe <==== ATTENTION
Task: {46893396-5D74-4F6D-8C0E-CFBE16BB7597} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe <==== ATTENTION
Task: {4B4CFA00-DD23-431B-9138-A170053C2D14} - System32\Tasks\bvxvhxvh => C:\Users\brian\AppData\Local\bvxvhxvh\bvxvhxvh.exe [2015-11-15] () <==== ATTENTION
Task: {4B9504D6-9744-408E-B045-4BE312098AC4} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {4B9C5072-F6DB-4D3A-BBFB-E29BD8EA8202} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {4B9ED386-8622-4ECD-89FA-1EACBB5A9A46} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {5856CBC4-DC5C-4AEE-85CC-969F2826972D} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{fc044dcf-eda0-c205-fc04-44dcfeda373f}\hqghumeaylnlf.exe [2014-05-27] (Super PC Tools Ltd) <==== ATTENTION
Task: {595BD2AB-B699-4F7A-A1CE-7B8874EEED15} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-12 => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-12.exe <==== ATTENTION
Task: {5B48156C-7A9D-4FCB-8E67-4FAA0301CC98} - System32\Tasks\WIN-statsSystem => C:\Users\brian\AppData\Local\Microsoft\WinU\~hswjpnd.exe [2014-10-01] ()
Task: {5E8BC32D-CE1E-4795-B0F0-2EEF181CB1DD} - System32\Tasks\Periodic Synchronize Task => c:\programdata\{fbd4dcec-65c4-00d2-fbd4-4dcec65c73b1}\hqghumeaylnlf.exe [2014-05-22] (Super PC Tools Ltd) <==== ATTENTION
Task: {61C5A292-07E0-4F56-A925-80BD657A5945} - System32\Tasks\avabvyxvdy => C:\Users\brian\AppData\Local\avabvyxvdy\avabvyxvdy.exe [2015-04-28] () <==== ATTENTION
Task: {66E02CFA-B947-40D3-BF93-D442F4BB4C9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-30] (Google Inc.)
Task: {6781C0F5-D3AF-40F7-97F9-4A74DFFF3D46} - System32\Tasks\SuperClick Auto Updater 1.10.0.16 Core => C:\Program Files (x86)\SuperClick_1.10.0.16\Update\SuperClickAutoUpdateClient.exe <==== ATTENTION
Task: {6D986A7F-BE1F-43D5-850A-D233CABE9342} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-10_user => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-10.exe <==== ATTENTION
Task: {74EC9730-6FEE-41C3-869E-E63A3E6375F5} - System32\Tasks\BhxTbeWO6fepXiV => C:\Users\brian\AppData\Roaming\zxnhAUc\i9qPkTg.exe [2015-11-21] ( )
Task: {76A4830C-F6D8-4C30-8C6B-53D9702A3EA5} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-31] (globalUpdate) <==== ATTENTION
Task: {776983BC-B27E-410B-96D3-535ED24967DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {7DD0B27C-DE1B-49F2-8735-0FC3F30B05F6} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Pending Update => C:\Program Files (x86)\PhraseProfessor_1.10.0.22\Update\PhraseProfessorAutoUpdateClient.exe <==== ATTENTION
Task: {81CD83EE-FACA-41E1-A192-7019C895A46B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {8556A454-ED80-4756-815C-9A891FFAF329} - System32\Tasks\weather_updates_helper_service => C:\Program Files (x86)\Weather Updates\weather_updates_helper_service.exe [2015-05-27] () <==== ATTENTION
Task: {866E5E0E-E98B-4452-8332-075624991298} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {96C51DEE-FB83-4D1B-8B5A-273F2EB30F8F} - System32\Tasks\{2417EE03-90F1-4A25-A4EE-1104F749554B} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\franfile\ST6UNST.000"
Task: {9906B0B7-0765-4EFB-ACB9-5F990FF7F532} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-31] (AnyProtect.com) <==== ATTENTION
Task: {9EAEF683-40CA-411C-BE56-D6314D205BEE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {9EDCA2C6-47DC-419D-A1F0-13B4BAE20EC5} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5 => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5.exe <==== ATTENTION
Task: {A1FEE75A-0AE9-49F9-A802-A0189D7A079F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {A77A7A2F-5B2A-48C4-8628-52A54145A0E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AEB3CDFF-F1A5-4FD7-A0AF-601A881A1131} - System32\Tasks\dr_games_updating_service => C:\Program Files (x86)\dr games\dr_games_updating_service.exe [2015-04-01] () <==== ATTENTION
Task: {BD5617BB-12FD-41C0-8E80-73825CF6B53F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {C4D3A209-C4AC-4E16-A324-7C9C931BD631} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-7 => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-7.exe <==== ATTENTION
Task: {C874F498-CBE4-40B6-A180-DE939ED449D8} - System32\Tasks\bvxvbxvd => C:\Users\brian\AppData\Local\bvxvbxvd\bvxvbxvd.exe [2015-08-16] () <==== ATTENTION
Task: {C9CD164F-1F27-41FB-B6CA-88D5ED8C28DC} - System32\Tasks\avaavaevy => C:\Users\brian\AppData\Local\avaavaevy\avaavaevy.exe [2015-04-12] () <==== ATTENTION
Task: {CB7CB00D-AE48-4735-82B2-A14AC788A3F5} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-31] (AnyProtect.com) <==== ATTENTION
Task: {CCF3B5E2-BA80-4AFE-965F-2D60176EDFCA} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-05-31] (AnyProtect.com) <==== ATTENTION
Task: {D9C7EA2E-E309-4D01-BE3C-C0A6D51098FE} - System32\Tasks\bvxvgxvyy => C:\Users\brian\AppData\Local\bvxvgxvyy\bvxvgxvyy.exe [2015-10-25] () <==== ATTENTION
Task: {DB6CFD31-0FD1-4944-ABBF-83B1D62373C4} - System32\Tasks\MAzxVg8k0tr5hSj => C:\Users\brian\AppData\Roaming\eLXdZcX\WPoAA6x.exe [2015-11-21] ( )
Task: {DCA49AEC-1E1D-4686-87FE-025BE33B6AF0} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Core => C:\Program Files (x86)\PhraseProfessor_1.10.0.22\Update\PhraseProfessorAutoUpdateClient.exe <==== ATTENTION
Task: {E2974545-DC29-462E-A04D-99D12774461A} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-6 => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-6.exe <==== ATTENTION
Task: {E2A216C7-CCAA-4333-BD6B-A5E1B2DDA181} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.24 Pending Update => C:\Program Files (x86)\PhraseProfessor_1.10.0.24\Update\PhraseProfessorAutoUpdateClient.exe <==== ATTENTION
Task: {E900E26A-9495-4934-8B20-6723FD9F0010} - System32\Tasks\BoBrowser => C:\Users\brian\AppData\Local\BoBrowser\Application\bobrowser.exe <==== ATTENTION
Task: {EA78A9B0-A2D6-4AE9-8879-7E678D12AEE6} - System32\Tasks\WIN-statsAdmin => C:\Users\brian\AppData\Local\Microsoft\WinU\~bqqhqkf.exe [2014-08-06] () <==== ATTENTION
Task: {F5029530-0DB1-43AC-84DF-6F8765CA7A51} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{acb21ad7-d9a5-f6f4-acb2-21ad7d9a6b5f}\hqghumeaylnlf.exe [2014-07-07] (Super PC Tools Ltd) <==== ATTENTION
Task: {F87BDCA8-1F24-419C-9AA7-941F6A996C55} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Core => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe <==== ATTENTION
Task: {FF4BDB12-DD30-4F15-A573-E69314991BE0} - System32\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-7 => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-7.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-6.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-7.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-10_user.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-12.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-12.exe݁/agentregpath='winservice86' /appid=64755 /srcid='002201' /subid='0' /zdata='0' /bic=4A7683D7CE694B1F85386EDD0043FE84IE /verifier=ab669d3513872425e428fc7ebc1a78d0 /installerversion=1_36_01_22 /installationtime=1424776549 /statsdomain=hxxp:/stats.ourinfoonlinestack.com /errorsdomain=hxxp:/errors.ourinfoonlinestack.com /url=hxxp:/update.ourinfoonlinestack.com/verify/index.html /crregname='winservice86' /torpedofilepath C:\Program Files (x86)\winservice86' /asw='0_-2105540351_0_256' /processid='E36E424A1B4244AC8E57FB588C602DCDPI' /installationtime='1424776549' /installername='C:\Users\brian\AppData\Local\Temp\nsb97C8.tmp\Suoxoyhm.exe' /mac='2654056967+602931718+2C:D0:5A:D8:81:FD' /macs='aefd8bb887ac010a55e6dd88e3d311bd' /sid='S-1-5-21-798968787-2063651050-2422860059-1001' /jsmainfunc=main /ffid=taylorralston@hotmail.com /chid=onhcengeacabehdkdhbdcigfolmmakof /guid1=8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7 /guid2=f146d56a-493d-404f-8b1a-db108e8a8ab1 /guid3=d240fbba-0f8a-4b79-8b35-d12161bc5f37 /guid4=43c82bea-cc19-479b-9829-87d51b4504b7 /guid5=9873dfc1-b67b-4edf-a5a6-3f238b495e8e /guid6=77cd381f-6b8d-46a2-9c9a-2169772b52a5 /guid7=467ed708-0ee6-4175-9ccc-ace8dd033d89 /guid8=c2a69466-1b6a-479d-a186-8814fde96b52 /guid9=99aa4c2c-e3e7-4bb2-b632-ba9bc0825061 /guid10=bf83907b-189a-486e-8fff-d75554578db4 /guid11=e12e92ad-b266-417b-9754-9782ba407e45 /guid12=aedde827-dcb6-43a0-bb03-c81ec8d0ba56 /guid13=228a4466-ef61-4dbd-8b80-7931cf119545 /guid14=88b00ed3-4c53-45f6-84c8-5ca6dc337c67 /guid15=e251dada-d684-4c10-aa4d-9707fa46921f /schedulereinstall=1 /useminfeatures=1 /crossrideragentinstallation=1 /compilationbot=1 /deployagent=0 /maxextfilename=1293297481.mxaddon /installto=529 /verifiertaskname='8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-12' /fallbackurl='file:/C:\Program Files (x86)\winservice86\vhf\index.htm <==== ATTENTION
Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5_user.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-6.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-7.job => C:\Program Files (x86)\winservice86\8b5b3f65-3f7a-4b60-8ad1-a20cecb53ee7-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{fc044dcf-eda0-c205-fc04-44dcfeda373f}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{acb21ad7-d9a5-f6f4-acb2-21ad7d9a6b5f}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\dr_games_notification_service.job => C:\Program Files (x86)\dr games\dr_games_notification_service.exeǤ/url='hxxp:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='dr games' /appid='73143' /srcid='2913' /bic='6eb050f56bc6c681cb50ceeba34fb837' /verifier='9e0d2daedab4c01576f393580664a79a' /installerversion='1.50.3.10' /statsdomain='hxxp:/stats.buildomserv.com/data.gif?' /errorsdomain='hxxp:/stats.buildomserv.com/data.gif?' /monetizationdomain='hxxp:/logs.buildomserv.com/monetization.gif <==== ATTENTION
Task: C:\WINDOWS\Tasks\dr_games_updating_service.job => C:\Program Files (x86)\dr games\dr_games_updating_service.exe© /campid=2913 /verid=1 /url=hxxp:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=dr_games_updating_service /funurl=hxxp:/stats.buildomserv.com <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Periodic Synchronize Task.job => c:\programdata\{fbd4dcec-65c4-00d2-fbd4-4dcec65c73b1}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\weather_updates_helper_service.job => C:\Program Files (x86)\Weather Updates\weather_updates_helper_service.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-30 11:49 - 2015-05-30 11:49 - 00311296 _____ () C:\Users\brian\AppData\Roaming\AB262841-1432986510-E211-A305-208984932F2E\hnsgB77B.tmp
2014-10-21 19:54 - 2014-10-21 19:54 - 00483328 _____ () C:\Program Files (x86)\116FC117-A4FD-4F86-9840-14C9CD63BFCE\updater_zkurwblqyk.exe
2015-05-30 11:48 - 2015-05-30 11:48 - 00227840 _____ () C:\Users\brian\AppData\Roaming\AB262841-1432986510-E211-A305-208984932F2E\jnsrA028.tmp
2014-04-15 17:27 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 04:18 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-27 22:21 - 2015-05-27 22:21 - 00191719 _____ () C:\Program Files (x86)\Weather Updates\weather_updates_helper_service.exe
2013-01-25 07:09 - 2013-01-25 07:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 07:05 - 2013-01-25 07:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-25 07:12 - 2013-01-25 07:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-04 20:47 - 2012-06-25 17:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-15 16:17 - 2014-11-15 16:17 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-05-04 21:36 - 2013-07-18 22:30 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-05-04 21:36 - 2013-07-18 22:31 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2015-12-07 18:30 - 2015-11-24 08:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-07 18:30 - 2015-11-24 08:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
2015-12-07 18:30 - 2015-11-24 08:00 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-798968787-2063651050-2422860059-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 199.203.131.151 - 82.163.143.181
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\StartupApproved\StartupFolder: => "SuperPcTool.lnk"
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\StartupApproved\Run: => "NextLive"
HKU\S-1-5-21-798968787-2063651050-2422860059-1001\...\StartupApproved\Run: => "YTDownloader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02555487-79B7-4169-8A58-9974A977740C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FA94E18E-020E-4E5B-8D26-9617CF103962}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0F733E7C-AFF2-4007-8486-5B693AFA4A00}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D72A13CB-381D-4D3F-8D0F-D462DCDD6880}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{304682CF-9887-448B-A96F-0C3FC9FFD980}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{5C5218C5-94F2-49F6-A791-EF7EEFB8E7AD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B97BA2B3-1CCB-4D21-9B8C-4E1BF8A30F57}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E3C24807-4773-4E3F-A5A7-C9F7AB85C02C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{80FCCA61-27AD-46B5-BE06-349D6DDB3EE3}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Allow) C:\program files (x86)\pacificpoker\bin\poker.exe
FirewallRules: [UDP Query User{87F72E94-44FB-4CF1-95A6-6BC61DD77DF4}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Allow) C:\program files (x86)\pacificpoker\bin\poker.exe
FirewallRules: [{D56FBC62-B770-4D03-90C1-2569605E3CE7}] => (Allow) C:\Users\brian\AppData\Roaming\Adobe\Flash Player\Update\rutserv.exe
FirewallRules: [{F98CE3CE-C16E-4144-B07C-7B425F304AA9}] => (Allow) LPort=5432
FirewallRules: [{CEDC673E-A18F-4FFE-B1AC-DE96D462C42F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6063338E-F106-4765-92F2-6A99022F7D1C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{614ADD33-18CB-4426-A852-9C2ABF5F8627}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DDE8D4AB-FA84-45A5-9897-BB737DEBE955}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0B4E37D7-5045-4BCB-BBDF-FA28A465C0D3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D63DF0DC-9D9E-4A4C-AEF6-5853D0E530CD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{D4E8DD59-63B6-46C6-B34E-E15CB51FC563}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{96D271FD-2894-4D14-ACEC-33CADBE4A028}] => (Block) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{CC367B85-A0A0-4BB8-8691-E79144BB5346}] => (Block) C:\Program Files (x86)\mystarttb\dtuser.exe
FirewallRules: [{30322D50-F02E-439F-BDC7-A5F7EAF2DAD5}] => (Block) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{EF7DB482-083D-4F46-8DAB-F5C8D67EA47A}] => (Block) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{079FB492-3723-4E2A-90E6-D895852625CF}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{D43048CA-5C83-4E16-AF1F-B63C10070468}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{B5ED5D64-1205-4CCE-8CCD-991F50934EFA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{98F20714-3194-4BDC-AFDB-2210F698FDFB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{76296C1C-58A6-4B40-8A57-30F6B1FA93C7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{98778A8A-70E4-4020-A767-1D37683FB1AC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{ADA32686-8123-4C33-9B0F-89CCB97C9813}] => (Block) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{57E2D66B-D248-43B6-A492-5BF234425A0E}] => (Block) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{411AD474-F77D-4662-88FC-928746481531}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Internal Microphone (Conexant SmartAudio HD)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Lenovo EasyCamera
Description: Lenovo EasyCamera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Vimicro
Service: vm332avs
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2015 10:16:59 PM) (Source: MsiInstaller) (EventID: 11706) (User: BRIANSLAPTOP)
Description: Product: Nuance PaperPort 12 -- Error 1706.No valid source could be found for product Nuance PaperPort 12. The Windows Installer cannot continue.

Error: (12/07/2015 10:14:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10953

Error: (12/07/2015 10:14:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10953

Error: (12/07/2015 10:14:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/07/2015 06:46:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 47.0.2526.73 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6818

Start Time: 01d1311e89ccea84

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: c28596a1-9d12-11e5-beb3-2cd05ad881fd

Faulting package full name:

Faulting package-relative application ID:

Error: (12/07/2015 09:24:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 685844

Error: (12/07/2015 09:24:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 685844

Error: (12/07/2015 09:24:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/07/2015 09:13:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1141

Error: (12/07/2015 09:13:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1141


System errors:
=============
Error: (12/07/2015 10:17:02 PM) (Source: DCOM) (EventID: 10001) (User: BRIANSLAPTOP)
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding740{9C0BA3C1-2B67-45EB-BF69-BED9658D28D2}UnavailableUnavailable

Error: (12/07/2015 10:17:00 PM) (Source: DCOM) (EventID: 10001) (User: BRIANSLAPTOP)
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding740{9C0BA3C1-2B67-45EB-BF69-BED9658D28D2}UnavailableUnavailable

Error: (12/07/2015 10:16:29 PM) (Source: DCOM) (EventID: 10001) (User: BRIANSLAPTOP)
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding740{9C0BA3C1-2B67-45EB-BF69-BED9658D28D2}UnavailableUnavailable

Error: (12/07/2015 05:32:47 PM) (Source: DCOM) (EventID: 10005) (User: BRIANSLAPTOP)
Description: 2TrustedInstallerUnavailable{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (12/07/2015 05:32:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error:
%%2

Error: (12/07/2015 01:32:17 PM) (Source: DCOM) (EventID: 10029) (User: BRIANSLAPTOP)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

Error: (12/07/2015 10:52:45 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (12/07/2015 10:03:57 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

Error: (12/07/2015 09:59:56 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv

Error: (12/07/2015 08:42:07 AM) (Source: DCOM) (EventID: 10029) (User: BRIANSLAPTOP)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv


CodeIntegrity:
===================================
Date: 2015-12-07 19:32:52.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:52.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:52.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:52.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:52.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:51.935
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:47.393
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:47.174
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:46.779
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-07 19:32:46.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 42%
Total physical RAM: 8057.77 MB
Available physical RAM: 4627.39 MB
Total Virtual: 9337.77 MB
Available Virtual: 5762.03 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:828.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EA8607E5)

Partition: GPT.

==================== End of Addition.txt ============================
briannelson
Active Member
 
Posts: 2
Joined: December 7th, 2015, 6:31 pm
Advertisement
Register to Remove

Re: help!!Everytime i click on a page im directed to another

Unread postby capnkrunch » December 9th, 2015, 11:31 pm

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello and welcome to the Malware Removal Forums :)

My name is capnkrunch and I will be helping you with your malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: help!!Everytime i click on a page im directed to another

Unread postby capnkrunch » December 10th, 2015, 7:02 pm

WARNING! Your logs show signs of a Remote Access Infection on your computer.

Your logs indicate that your are infected with Win32/TektonIt. This kind of infection allows the attacker to make changes to your computer as if he or she were sitting right in front of it.

The attacker can steal banking or credit card information, steal logons to your email and social media, host and distribute spam or pornography, or whatever else the he or she wants to do. In addition, any number of changes can be made to ensure persistence of this infection. Unfortunately, the creators of this kind of malware tend to be very smart and creative and so it is impossible for us to ever be sure that we have removed all of them.

What should you do now?
  • Disconnect the infected computer from the internet and from any other networked devices.
  • If this computer was used for online banking or shopping, contact your bank immediately and let them know that your information may have been compromised.
  • From a clean computer change all your passwords. This includes your internet login, email, PayPal, Amazon, Facebook, and any other online activities that require a username and password.
    Do NOT change your passwords from the infected computer, the attacker will be able to get all the new passwords.
  • Back up all your important data except programs. Programs can be reinstalled from their CD's or downloading the installer. The safest practice is to not backup files with the following file extensions as they may be infected:
    .exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab

Please take time to carefully read THIS topic, then let me know how you want to proceed.

I strongly recommend that you format and reinstall Windows. If you decide to clean your computer instead please understand that it can never be trusted again. We can never know and check for all the possible changes the attackers could have made so this computer can never be used for sensitive activities such as banking. Forever is a long time and it is easy to forgot some months down the line and doing so could expose your personal information to attacks. This is why my recommendation is format and reinstall.

Additional reading:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Please take your time to read through all the links I provided before making your decision. When ready, let me know how you want to proceed. Keep in mind that the only way to ensure that your computer is clean is through a format and reinstall.
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: help!!Everytime i click on a page im directed to another

Unread postby capnkrunch » December 12th, 2015, 9:14 pm

Hello briannelson :)

It has been 48 hours since my last post.
  • Do you still need help?
  • Have you had time to read through my post and the provided links?
  • Have you made a decision regarding how you would like to proceed?
    • Back up your data, reformat and reinstall Windows
    • Attempt to clean your system
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.

Keep in mind, I strongly recommend a reformat and reinstall. It is relatively quick (it may take a few hours to get your machine set up how you like it) and leaves you with a clean and trustworthy computer. Attempting to clean a system as badly infected as yours may take weeks and there's no guarentee we will be able to resolve your symptoms. More importantly, no matter how many scans we run you will never be able to trust that machine again until a reformat and reinstall is done.
User avatar
capnkrunch
MRU Graduate
MRU Graduate
 
Posts: 664
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: help!!Everytime i click on a page im directed to another

Unread postby pgmigg » December 14th, 2015, 12:59 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware