Solved Once bitten, not shy

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
I tried to force a QuickTime codec to work on (possibly) corrupted home videos. I used a shady source. Palemoon and Waterfox are now misbehaving.
_____

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Antman (26-10-2016 16:44:43)
Running from D:\Antman\Desktop
Windows 8.1 Pro with Media Center (Update) (X64) (2016-09-11 00:36:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2077013597-3632690625-1065684953-500 - Administrator - Enabled)
Antman (S-1-5-21-2077013597-3632690625-1065684953-1001 - Administrator - Enabled) => C:\Users\Antman
Guest (S-1-5-21-2077013597-3632690625-1065684953-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2077013597-3632690625-1065684953-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.00 - ASUSTeK Computer Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Application Compatibility Toolkit (Version: 8.100.26641 - Microsoft) Hidden
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
Auslogics BoostSpeed Premium (HKLM-x32\...\Auslogics BoostSpeed Premium 8.0.1.0) (Version: - )
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
Bullzip PDF Printer 10.25.0.2552 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.25.0.2552 - Bullzip)
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Click-N-Type (HKLM-x32\...\{CC02581D-B1F9-4B22-8E82-024B9D8EB702}) (Version: 3.03.0415 - Lake Software)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
CrazyTalk Animator Standard (HKLM-x32\...\{789567FD-CAA2-4E1C-B38E-9072B3015FFD}) (Version: 1.2.2010.1 - Reallusion Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DFX (HKLM-x32\...\DFX) (Version: 12.021.0.0 - Power Technology)
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1002 - PassMark Software)
FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: 7.0.5 - LopeSoft)
GiliSoft RAMDisk 6.4.0 (HKLM-x32\...\{30AB2FCD-FBF2-4bed-1111-13E6A1468621}_is1) (Version: 6.4.0 - Gilisoft International LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GuideTool (HKLM-x32\...\GuideTool) (Version: - )
HDHomeRun (HKLM\...\{1447F2EE-B042-40AB-8BEB-478FEB1F9A3A}) (Version: 1.0.19686.0 - Silicondust)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
jetAudio Plus (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
K-Lite Mega Codec Pack 12.4.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.4.2 - KLCP)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCEBuddy 2.x (HKLM\...\{0D3796AA-D867-4278-AEBC-3616AD1F7C3A}) (Version: 2.4.5 - MCEBuddy)
Microsoft DaRT 8.1 (HKLM\...\{4AE2D8A6-430A-4EE8-94BC-C88DD416E258}) (Version: 8.1.22.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
My Channel Logos (HKLM-x32\...\{6D535A45-2019-4CAC-A353-9B4D708642A0}) (Version: 3.1.0.0 - My Channel Logos)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Opera Stable 40.0.2308.90 (HKLM-x32\...\Opera 40.0.2308.90) (Version: 40.0.2308.90 - Opera Software)
Pale Moon 26.5.0 (x64 en-US) (HKLM\...\Pale Moon 26.5.0 (x64 en-US)) (Version: 26.5.0 - Moonchild Productions)
Photo BUZZER (64-Bit) (HKLM\...\EMOTION_PROJECTS_1_2_CDF5610E_is1) (Version: 1.14 - Franzis Verlag GmbH)
Photo Pos Pro 3 (HKLM\...\Photo Pos Pro 3) (Version: 3.20 - PowerOfSoftware Ltd.)
PlayReady PC Runtime amd64 (HKLM\...\{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}) (Version: 1.3.10 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek)
Send To Toys v2.5 (HKLM-x32\...\Send To Toys_is1) (Version: - Gabriele Ponti)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skypeâ„¢ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Toolkit Documentation (x32 Version: 8.100.26866 - Microsoft) Hidden
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
User State Migration Tool (x32 Version: 8.100.25984 - Microsoft) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Volume Activation Management Tool (x32 Version: 8.100.26629 - Microsoft) Hidden
Volume2 1.1.4 (HKLM-x32\...\Volume2) (Version: 1.1.4 - Alexandr Irza)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Waterfox 49.0.2 (x64 en-US) (HKLM\...\Waterfox 49.0.2 (x64 en-US)) (Version: 49.0.2 - Mozilla)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.6.0.6 - Winaero)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Antman\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Antman\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A3CEDE-B15E-43C1-944C-33CA390C34CE} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {09815097-9713-42B4-BD0F-45022D6C02F5} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2015-03-19] ()
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0C5365D6-82B6-47A5-93A9-8AF02D2ECD56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {0C88306B-C6D5-49B6-BA5B-34B3CAC8302A} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {1FA1BB28-EF5F-4A85-ABDF-618F2460940B} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {310B75AC-85B1-4905-ADC8-6E0050AA70E9} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2015-02-17] (ASUSTeK Computer Inc.)
Task: {3A37B2A5-9094-4966-B8A6-5519563E06A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {6F2DE740-9EF9-4E39-BB48-30438FB90F95} - System32\Tasks\Opera scheduled Autoupdate 1474217424 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-17] (Opera Software)
Task: {717F50D5-6450-4036-B15B-FFDE3C297D49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {77C24FA7-454D-4F0D-872D-F216119F6870} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-09-12] ()
Task: {96A639F8-F7CF-49E5-A6E8-5B41DCD6785A} - System32\Tasks\My Channel Logos Updater => C:\Program Files (x86)\My Channel Logos\mclupdater.exe [2013-12-06] (Microsoft)
Task: {9B51DDD6-0752-478F-B8C1-0FC508CC4F9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {B2B693C5-6421-4021-8EE2-5FAA09F626D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {BBF811F5-DF91-4E60-8658-F59E2D146599} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {C9DD5303-9920-4A1F-8A05-783F92CFBE7A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_185_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://web-start.org//?ssid=1477064264&a=1054667&src=sh&uuid=e581f462-4dcb-46bf-beeb-6079e9189f31"
ShortcutWithArgument: C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://web-start.org//?ssid=1477064264&a=1054667&src=sh&uuid=e581f462-4dcb-46bf-beeb-6079e9189f31"

==================== Loaded Modules (Whitelisted) ==============

2016-09-13 17:14 - 2015-03-19 11:11 - 01271096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-09-13 17:11 - 2014-02-20 04:27 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-09-13 08:03 - 2016-09-13 08:03 - 00222208 _____ () C:\Program Files (x86)\Gilisoft\RAMDisk\gsRAMService.exe
2016-08-09 18:56 - 2016-08-09 18:56 - 00034304 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
2016-08-09 18:53 - 2016-08-09 18:53 - 00705024 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Globals.dll
2016-08-09 18:55 - 2016-08-09 18:55 - 00199168 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Util.dll
2016-08-09 18:57 - 2016-08-09 18:57 - 00030720 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Configuration.dll
2016-08-09 18:53 - 2016-08-09 18:53 - 00102912 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Engine.dll
2016-08-09 18:52 - 2016-08-09 18:52 - 00006144 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.EMailEngine.dll
2016-08-09 18:57 - 2016-08-09 18:57 - 00158720 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.MetaData.dll
2016-08-30 19:40 - 2016-10-13 08:09 - 01595896 _____ () C:\Program Files (x86)\DFX\DFX.exe
2016-08-30 19:33 - 2016-08-30 19:33 - 00161784 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2016-08-30 19:36 - 2016-08-30 19:36 - 00176120 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2016-08-30 20:02 - 2016-08-30 20:02 - 00098296 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2016-09-13 17:13 - 2015-02-11 16:07 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2016-09-19 00:20 - 2016-09-19 00:20 - 00062976 _____ () C:\Windows\assembly\GAC_MSIL\GuideToolAddin\1.0.0.0__7ec3342a8179f1ce\GuideToolAddin.dll
2016-09-19 00:20 - 2016-09-19 00:20 - 00012288 _____ () C:\Windows\assembly\GAC_MSIL\GuideToolAddin.Proxy\1.0.0.0__36d158e618c5e293\GuideToolAddin.Proxy.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 02:49 - 2015-11-11 02:49 - 01557160 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2016-10-26 10:38 - 2016-09-23 21:05 - 04128256 _____ () C:\Program Files\Pale Moon\mozjs.dll
2016-09-13 17:13 - 2015-02-11 16:07 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2016-09-13 17:13 - 2015-02-11 16:07 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2016-09-13 17:14 - 2015-03-19 18:12 - 04440064 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2016-09-13 17:13 - 2013-08-29 15:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2016-09-13 17:13 - 2013-06-24 15:59 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2016-09-13 17:13 - 2015-02-11 16:07 - 00828928 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2016-09-13 17:14 - 2015-03-18 23:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2016-09-13 17:14 - 2015-03-18 23:11 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2016-09-13 17:13 - 2014-09-08 22:14 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00711680 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2016-09-13 17:14 - 2015-03-19 11:42 - 00857088 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00803840 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2016-09-13 17:14 - 2015-03-19 11:49 - 00814080 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2016-10-26 06:51 - 2016-10-26 06:51 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-09-13 17:11 - 2014-02-20 04:27 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-08-30 19:57 - 2016-08-30 19:57 - 00083960 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{29E0F7B7-C012-409E-908D-B2DEDAB90CFB}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{6639DF85-77F4-4B0A-8C32-EE674F4CF892}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_view.exe
FirewallRules: [{8A952F2B-FB9A-40EA-B2C1-FB749814081E}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{C84EB135-F0F9-400C-84E1-F466B128B332}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_nas_install.exe
FirewallRules: [{A1AADBCF-A924-4D87-AAA9-D6B7B6B00702}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe
FirewallRules: [{38C8E4A7-B268-454D-A52C-317D284DD40E}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{EBEEB452-1580-4B0B-92BC-876817CDE997}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{EE758A43-EBA2-4C45-B8A0-7E2DC4B8F108}] => (Allow) C:\Windows\ehome\ehRecvr.exe
FirewallRules: [TCP Query User{670C5C8B-0568-4C8D-B940-2CECAD62586A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2B838DB0-EF27-4BDC-87BC-8BB6F58DFF37}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0BA41CB7-61F7-4DDD-AA46-F0CA551AFEC7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E41C1B4F-E8E4-4B71-8C70-C9B45D74F5F3}] => (Allow) LPort=2869
FirewallRules: [{D70D07C2-B2BC-4A5E-8CAF-8C94BEF04EAE}] => (Allow) LPort=1900
FirewallRules: [{2E14BCBB-7F90-45B2-970D-902053AB80B9}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FFF621FC-5694-4524-A2E5-6D7E75CC533C}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{44CD0594-5787-421A-94D7-9FEB94F7A5D5}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE9A6F1C-25A6-4C03-8638-D70C8F1C3A24}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F38DED8F-8022-4C19-8B8B-56076CD6EC6D}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B137A56-59E0-4522-BBB8-F8DD0C8356A9}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{31D00B24-6778-4DF1-ACB9-0F394FE56380}] => (Allow) C:\Windows\ehome\ehexthost.exe
FirewallRules: [{DA4E5189-B1E2-4C72-9DBC-AF2F8A135132}] => (Allow) C:\Windows\ehome\ehexthost.exe
FirewallRules: [{CC7CB425-C3BA-4034-86B2-22487DE78505}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{F06A1CF3-8261-4983-BBE3-B3CEF2754556}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{676C70C7-DAE9-4BDE-A089-949A9BB1B5CA}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{9504DEE8-0220-4952-920D-7041A8DE4A76}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{B50F7AA9-506D-4673-A1D3-D5371A83D2F1}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{B5DF9774-A606-4C57-8C38-61F08D3BA3B4}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{8AA22675-2760-4974-8B12-9982861C41BC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2DF0974C-02E3-4B18-86C5-524CEF2813BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-10-2016 15:22:03 Installed inSSIDer 4
11-10-2016 16:10:43 Windows Update
12-10-2016 16:32:42 Installed 8GadgetPack
20-10-2016 03:43:00 Scheduled Checkpoint
21-10-2016 11:32:50 Removed QuickTime 7
25-10-2016 15:49:07 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2016 08:04:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (5196) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/26/2016 08:04:56 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5196) testing: An attempt to open the file "C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/26/2016 08:04:46 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (5196) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/26/2016 08:04:46 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5196) testing: An attempt to open the file "C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/26/2016 07:18:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (10/26/2016 06:08:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (10/25/2016 04:10:50 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070301.

Error: (10/25/2016 03:50:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070301.

Error: (10/25/2016 03:49:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/25/2016 11:12:26 AM) (Source: MCEBuddy2x) (EventID: 0) (User: )
Description: Failed to shut down service. The error that occurred was: System.InvalidOperationException: UpdatePendingStatus can only be called during the handling of Start, Stop, Pause and Continue commands.
at System.ServiceProcess.ServiceBase.RequestAdditionalTime(Int32 milliseconds)
at MCEBuddy.Service.ServiceModule.StopEngine(Boolean onStop)
at System.ServiceProcess.ServiceBase.DeferredShutdown().


System errors:
=============
Error: (10/26/2016 06:52:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/26/2016 06:51:47 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/26/2016 06:51:45 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (10/26/2016 06:51:45 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/26/2016 06:51:33 AM) (Source: DCOM) (EventID: 10010) (User: Archive-PC)
Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

Error: (10/26/2016 06:51:28 AM) (Source: DCOM) (EventID: 10005) (User: Archive-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/26/2016 06:51:23 AM) (Source: DCOM) (EventID: 10005) (User: Archive-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (10/26/2016 06:51:23 AM) (Source: DCOM) (EventID: 10005) (User: Archive-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (10/26/2016 06:51:23 AM) (Source: DCOM) (EventID: 10005) (User: Archive-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (10/26/2016 06:51:23 AM) (Source: DCOM) (EventID: 10005) (User: Archive-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
Date: 2016-10-26 05:47:01.506
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-24 06:06:49.479
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-22 06:03:13.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-17 05:04:55.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-15 05:45:37.587
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-14 03:56:51.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-12 07:37:42.046
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-10 00:07:33.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-08 07:41:15.861
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-07 05:38:51.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 42%
Total physical RAM: 11205.18 MB
Available physical RAM: 6395.56 MB
Total Virtual: 15301.18 MB
Available Virtual: 9880.9 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:232.37 GB) (Free:194.23 GB) NTFS
Drive d: (Users) (Fixed) (Total:2794.53 GB) (Free:1845.2 GB) NTFS
Drive e: (Media) (Fixed) (Total:4657.4 GB) (Free:499.31 GB) NTFS
Drive r: (GSRAMDISK) (Fixed) (Total:1.99 GB) (Free:1.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 02EEE85A)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 638E5A20)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4657.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

Attachments

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Antman (administrator) on ARCHIVE-PC (26-10-2016 16:44:16)
Running from D:\Antman\Desktop
Loaded Profiles: Antman (Available Profiles: Antman)
Platform: Windows 8.1 Pro with Media Center (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.18\AsusFanControlService.exe
() C:\Program Files (x86)\Gilisoft\RAMDisk\gsRAMService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(hxxp://winaero.com) D:\Antman\AntTools\WinaeroTweaker\WinaeroTweakerHelper.exe
(Lake Software) C:\Program Files (x86)\Click-N-Type\Click-N-Type.exe
(Alexandr Irza) D:\Antman\AntTools\Volume2\Volume2.exe
() C:\Program Files (x86)\DFX\DFX.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Microsoft Corporation) C:\Windows\ehome\ehshell.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehexthost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [Volume2] => D:\Antman\AntTools\Volume2\Volume2.exe [4781056 2015-08-10] (Alexandr Irza)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1595896 2016-10-13] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Run: [WinaeroTweakerHelper] => D:\Antman\AntTools\WinaeroTweaker\WinaeroTweakerHelper.exe [337963 2015-03-17] (hxxp://winaero.com)
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [HideSCAVolume] 1
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\MountPoints2: {5971436d-78d9-11e6-826a-40167ead0147} - "G:\setup.exe"
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\MountPoints2: {9d0f4cfe-89cc-11e6-827e-40167ead0147} - "H:\autorun.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Click-N-Type.LNK [2016-09-11]
ShortcutTarget: Click-N-Type.LNK -> C:\Program Files (x86)\Click-N-Type\Click-N-Type.exe (Lake Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6D08C4BA-66B3-4655-8986-FDBA96C29305}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF DefaultProfile: 6jl8cgho.default
FF ProfilePath: C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default [2016-10-26]
FF Extension: (AdBlocker Ultimate) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (CL Pics) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-10-12]
FF Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (QuickDrag) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (Simple White) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (uBlock Origin) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-10-26]
FF Extension: (Zoom Page) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-10-23]
FF Extension: (YouTube High Definition) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-10-05]
FF Extension: (Tab Mix Plus) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-09-26]
FF ProfilePath: C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default [2016-10-26]
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default -> Google
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default -> Google
FF Extension: (NoSquint) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\[email protected] [2016-10-26]
FF Extension: (QuickDrag) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\[email protected] [2016-10-26]
FF Extension: (uBlock Origin) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\[email protected] [2016-10-26]
FF Extension: (YouTube High Definition) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-10-26]
FF Extension: (Tab Mix Plus) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-26]
FF Extension: (No Name) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-26] [not signed]
FF Extension: (No Name) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\extensions\[email protected] [2016-10-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> about:blank
CHR StartupUrls: Default -> "about:blank"
CHR Profile: C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default [2016-10-26]
CHR Extension: (Google Slides) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-25]
CHR Extension: (Magic Actions for YouTubeâ„¢) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-10-25]
CHR Extension: (craigslist pop for power users) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja [2016-10-25]
CHR Extension: (Google Docs) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-25]
CHR Extension: (Google Drive) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-25]
CHR Extension: (YouTube) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-25]
CHR Extension: (True Keyâ„¢ by Intel Security) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciahhpibjeonlihjdefecmhminjpmfkk [2016-10-25]
CHR Extension: (uBlock Origin) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-25]
CHR Extension: (Google Sheets) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-25]
CHR Extension: (Drag and Go) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikcnhlohebodlpkmjepipngegjbfpg [2016-10-25]
CHR Extension: (Google Voice (by Google)) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-10-25]
CHR Extension: (Zoom) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2016-10-25]
CHR Extension: (TabsPlus) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikomkkhhpfoeamojhhgpfkpkdlfhfii [2016-10-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-25]
CHR Extension: (AutoZoom) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch [2016-10-25]
CHR Extension: (Gmail) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]

Opera:
=======
OPR Extension: (NoSquint Plus) - C:\Users\Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\akokhfndkofiigglekpbfkengpifpaph [2016-09-29]
OPR Extension: (uBlock Origin) - C:\Users\Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-10-23]
OPR Extension: (Magic Actions for YouTubeâ„¢) - C:\Users\Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2016-10-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-09-16] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-02-20] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-09-08] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.18\AsusFanControlService.exe [395064 2015-03-18] (ASUSTeK Computer Inc.)
R2 gsRAMService; C:\Program Files (x86)\Gilisoft\RAMDisk\gsRAMService.exe [222208 2016-09-13] () [File not signed]
S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [155784 2015-08-26] ()
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [28296 2015-08-26] (Silicondust USA Inc)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2016-08-09] () [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305032 2016-07-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-02-20] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-21] (MCCI Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 GsRamDsk; C:\Windows\System32\drivers\GsRamDsk.sys [55288 2016-09-13] ()
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2015-03-18] (ASUSTeK Computer Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RegHiveRecovery; C:\Windows\system32\drivers\RegHiveRecovery.sys [48304 2014-02-20] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 16:42 - 2016-10-26 16:44 - 00000000 ____D C:\FRST
2016-10-26 10:38 - 2016-10-26 10:38 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2016-10-26 10:38 - 2016-10-26 10:38 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Moonchild Productions
2016-10-26 10:38 - 2016-10-26 10:38 - 00000000 ____D C:\Program Files\Pale Moon
2016-10-26 07:59 - 2016-10-26 07:59 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-26 07:59 - 2016-10-26 07:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-26 07:59 - 2016-10-26 07:59 - 00000000 ____D C:\Program Files\CCleaner
2016-10-26 06:35 - 2016-10-26 15:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 06:35 - 2016-10-26 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-26 06:35 - 2016-10-26 06:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-26 06:35 - 2016-10-26 06:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-26 06:35 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-26 06:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-26 06:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-25 16:40 - 2016-10-26 15:45 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-25 16:40 - 2016-10-26 06:51 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-25 16:40 - 2016-10-25 16:40 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-25 16:40 - 2016-10-25 16:40 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-25 16:40 - 2016-10-25 16:40 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-25 16:40 - 2016-10-25 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-25 11:11 - 2016-10-25 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-10-25 11:09 - 2016-10-25 11:09 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-10-25 11:09 - 2016-10-25 11:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-25 11:09 - 2016-09-09 14:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-10-25 11:09 - 2016-09-09 14:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-10-25 11:09 - 2016-09-09 14:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-10-25 11:09 - 2016-09-09 14:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-10-21 16:02 - 2016-10-26 06:43 - 00000000 ____D C:\Windows\Trend Micro
2016-10-21 16:02 - 2016-10-21 16:02 - 00000000 ____D C:\ProgramData\Trend Micro
2016-10-21 16:00 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-10-21 11:34 - 2016-10-21 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-10-21 11:34 - 2016-10-21 11:34 - 00000000 ____D C:\ProgramData\Apple Computer
2016-10-21 11:34 - 2016-10-21 11:34 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-10-20 18:54 - 2016-10-20 18:54 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1474217424
2016-10-19 00:55 - 2016-10-24 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2016-10-19 00:55 - 2016-10-19 00:55 - 00000000 ____D C:\Program Files (x86)\DiskCheckup
2016-10-17 00:49 - 2016-10-26 13:58 - 00000000 ____D C:\Users\Antman\AppData\LocalLow\uTorrent
2016-10-13 08:07 - 2016-10-13 08:07 - 00000000 ____D C:\ProgramData\DFX
2016-10-11 16:12 - 2016-09-30 20:15 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-11 16:12 - 2016-09-30 20:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-11 16:11 - 2016-10-11 16:11 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 16:11 - 2016-10-11 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 15:58 - 2016-10-11 15:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-11 15:43 - 2016-09-30 20:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 15:43 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 15:43 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 15:43 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 15:43 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 15:43 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 15:43 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 15:43 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 15:43 - 2016-09-30 01:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 15:43 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 15:43 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 15:43 - 2016-09-30 01:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 15:43 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 15:43 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-11 15:43 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 15:43 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 15:43 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 15:43 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 15:43 - 2016-09-30 01:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 15:43 - 2016-09-30 01:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-11 15:43 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-11 15:43 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 15:43 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 15:43 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 15:43 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 15:43 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 15:43 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 15:43 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 15:43 - 2016-09-17 14:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 15:43 - 2016-09-17 13:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-11 15:43 - 2016-09-17 13:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 15:43 - 2016-09-17 13:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-11 15:43 - 2016-09-17 13:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 15:43 - 2016-09-13 21:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 15:43 - 2016-09-13 21:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-11 15:43 - 2016-09-13 21:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 15:43 - 2016-09-13 21:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-11 15:43 - 2016-09-12 19:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 15:43 - 2016-09-12 18:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-11 15:43 - 2016-09-12 17:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-11 15:43 - 2016-09-09 10:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 15:43 - 2016-09-09 09:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 15:43 - 2016-09-08 16:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-11 15:43 - 2016-09-08 10:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 15:43 - 2016-09-08 10:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 15:43 - 2016-09-07 18:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 15:43 - 2016-09-07 17:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-11 15:43 - 2016-09-07 17:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 15:43 - 2016-09-07 17:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 15:43 - 2016-09-07 17:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-11 15:43 - 2016-08-31 13:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 15:43 - 2016-08-31 12:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 15:43 - 2016-08-27 15:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 15:43 - 2016-08-27 15:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 15:43 - 2016-08-27 15:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2016-10-11 15:43 - 2016-08-27 14:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-11 15:43 - 2016-08-27 14:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-11 15:43 - 2016-08-27 14:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2016-10-11 15:43 - 2016-08-27 12:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-10-11 15:43 - 2016-08-27 12:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-10-11 15:43 - 2016-08-27 12:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-10-11 15:43 - 2016-08-27 11:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-10-11 15:43 - 2016-08-25 16:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-10-11 15:43 - 2016-08-25 15:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-10-11 15:43 - 2016-08-20 18:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 15:43 - 2016-08-20 18:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-11 15:43 - 2016-08-12 20:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 15:43 - 2016-08-12 20:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2016-10-11 15:43 - 2016-08-12 20:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2016-10-11 15:43 - 2016-08-12 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2016-10-11 15:43 - 2016-08-12 18:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-10-11 15:43 - 2016-08-12 18:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-11 15:43 - 2016-08-12 17:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 15:43 - 2016-08-12 17:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-10-11 15:43 - 2016-08-12 16:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 15:43 - 2016-08-11 21:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-10-11 15:43 - 2016-08-11 21:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-10-11 15:43 - 2016-08-11 14:33 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2016-10-11 15:43 - 2016-08-11 14:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-10-11 15:43 - 2016-08-11 14:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2016-10-11 15:43 - 2016-08-11 13:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-10-11 15:43 - 2016-08-11 09:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
2016-10-11 15:43 - 2016-08-11 01:46 - 00420184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-10-11 15:43 - 2016-08-03 11:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-10-11 15:43 - 2016-08-03 11:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2016-10-11 15:43 - 2016-08-03 11:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-10-11 15:43 - 2016-08-03 11:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-10-11 15:43 - 2016-07-30 13:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-10-11 15:43 - 2016-07-30 12:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-10-11 15:43 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2016-10-11 15:43 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
2016-10-11 15:43 - 2016-07-23 14:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-10-11 15:43 - 2016-07-23 14:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-10-10 01:32 - 2016-10-10 01:35 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Mp3tag
2016-10-07 10:06 - 2016-10-07 10:06 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-10-07 10:06 - 2016-10-07 10:06 - 00000000 ____D C:\Program Files\Unlocker
2016-10-05 15:29 - 2016-10-05 15:29 - 00000000 __SHD C:\ProgramData\DIBsection
2016-10-05 08:09 - 2016-10-05 08:10 - 00000000 ____D C:\Users\Antman\PhotoBuzzer Projects 1
2016-10-05 00:31 - 2013-08-22 07:39 - 00016256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BdaSup.sys
2016-10-04 05:58 - 2016-10-04 05:58 - 00209176 _____ C:\Windows\Photo Pos Pro 3 Uninstaller.exe
2016-10-04 05:58 - 2016-10-04 05:58 - 00000000 ____D C:\Program Files\Photo Pos Pro 3
2016-10-04 05:58 - 2016-10-04 05:58 - 00000000 ____D C:\Program Files\Common Files\Thraex Software
2016-10-03 10:31 - 2016-10-03 10:31 - 00000000 ____D C:\Program Files\Photo BUZZER
2016-09-29 11:38 - 2016-09-29 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DaRT 8.1
2016-09-29 11:38 - 2016-09-29 11:38 - 00000000 ____D C:\Program Files\Microsoft DaRT
2016-09-29 11:36 - 2016-09-29 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-09-29 11:36 - 2016-09-29 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-09-29 11:36 - 2014-02-20 05:52 - 00048304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RegHiveRecovery.sys
2016-09-27 06:17 - 2015-03-18 23:11 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2016-09-26 18:44 - 2016-09-26 18:48 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Apple Computer
2016-09-26 18:33 - 2016-09-26 18:33 - 00000000 ____D C:\Users\Antman\AppData\Roaming\COWON
2016-09-26 18:30 - 2016-09-26 18:30 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-26 18:29 - 2016-09-26 18:29 - 00000000 ____D C:\ProgramData\Apple
2016-09-26 18:28 - 2016-09-26 18:28 - 00000000 ____D C:\Users\Antman\AppData\LocalLow\Apple Computer
2016-09-26 13:13 - 2016-10-08 11:43 - 00000000 ____D C:\Program Files\Waterfox
2016-09-26 13:13 - 2016-09-26 13:13 - 00000000 ____D C:\Users\Antman\AppData\Roaming\WaterfoxProject

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 16:29 - 2016-09-11 02:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-26 13:58 - 2016-09-13 07:29 - 00000000 ____D C:\Users\Antman\AppData\Roaming\uTorrent
2016-10-26 11:40 - 2016-09-10 20:42 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2077013597-3632690625-1065684953-1001
2016-10-26 10:44 - 2016-09-11 21:56 - 00000000 ____D C:\Users\Antman\AppData\Roaming\MPC-HC
2016-10-26 08:12 - 2016-09-19 01:31 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Mozilla
2016-10-26 08:04 - 2016-09-11 00:33 - 00000000 ____D C:\Windows\Panther
2016-10-26 08:04 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-10-26 06:57 - 2014-11-21 04:43 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-26 06:51 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-26 06:50 - 2016-09-10 21:59 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-10-26 06:42 - 2016-09-11 00:22 - 00000000 ____D C:\Program Files (x86)\DFX
2016-10-25 15:37 - 2016-09-10 23:05 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 11:11 - 2016-09-10 21:58 - 00000000 ____D C:\Program Files\AMD
2016-10-25 11:05 - 2016-09-25 11:00 - 00000000 ____D C:\AMD
2016-10-25 09:57 - 2016-09-10 21:20 - 00000000 ____D C:\Users\Antman\AppData\Roaming\ClassicShell
2016-10-24 01:34 - 2016-09-11 14:26 - 00000000 ____D C:\Program Files (x86)\AusLogics BoostSpeed
2016-10-23 15:13 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-22 20:30 - 2016-09-23 05:22 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-20 18:54 - 2016-09-18 12:50 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-14 06:58 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-10-13 08:01 - 2016-09-11 04:51 - 00000000 ____D C:\Program Files (x86)\JetAudio
2016-10-13 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-10-13 07:17 - 2016-09-10 21:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-13 07:17 - 2013-08-22 11:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-10-13 07:17 - 2013-08-22 11:36 - 00000000 ___SD C:\Program Files (x86)\Windows Sidebar
2016-10-12 03:29 - 2016-09-23 05:22 - 00003862 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-12 03:29 - 2016-09-11 02:33 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-12 03:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-12 03:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-11 20:25 - 2016-09-10 23:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-11 20:25 - 2016-09-10 21:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-11 20:25 - 2014-11-21 12:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-11 20:25 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-10-11 16:12 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-10-11 16:11 - 2016-09-10 22:38 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 16:11 - 2016-09-10 21:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-11 12:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2016-10-10 07:26 - 2016-09-12 06:34 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-10-10 01:34 - 2016-09-11 14:19 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2016-10-05 15:23 - 2016-09-13 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2016-10-05 08:09 - 2016-09-10 20:36 - 00000000 ____D C:\Users\Antman
2016-09-28 15:25 - 2016-09-12 08:09 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B8B01775-E636-4893-A1DB-47E5BBA983FF}

==================== Files in the root of some directories =======

2016-10-21 16:09 - 2016-10-21 16:09 - 0194298 _____ () C:\Users\Antman\AppData\Local\ars.cache
2016-10-21 16:09 - 2016-10-21 16:09 - 0523077 _____ () C:\Users\Antman\AppData\Local\census.cache
2016-10-21 16:00 - 2016-10-21 16:00 - 0000036 _____ () C:\Users\Antman\AppData\Local\housecall.guid.cache
2016-10-21 16:06 - 2016-10-21 16:06 - 0000010 _____ () C:\Users\Antman\AppData\Local\sponge.last.runtime.cache
2016-09-12 07:11 - 2016-09-12 07:57 - 0000091 ___SH () C:\ProgramData\.zreglib
2016-09-10 23:33 - 2014-04-30 10:53 - 0019535 _____ () C:\ProgramData\empty.ico

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-19 05:05

==================== End of FRST.txt ============================
 

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-10-26 16:51:34
-----------------------------
16:51:34.568 OS Version: Windows x64 6.2.9200
16:51:34.569 Number of processors: 4 586 0x3001
16:51:34.569 ComputerName: ARCHIVE-PC UserName: Antman
16:51:34.976 Initialize success
16:51:35.103 VM: initialized successfully
16:51:35.104 VM: Amd CPU supported
16:59:51.279 AVAST engine defs: 16102601
17:01:29.356 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b
17:01:29.358 Disk 0 Vendor: Samsung_SSD_850_EVO_250GB EMT01B6Q Size: 238475MB BusType: 11
17:01:29.360 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000002c
17:01:29.363 Disk 1 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 11
17:01:29.365 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000002d
17:01:29.368 Disk 2 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 11
17:01:29.371 Disk 3 \Device\Harddisk3\DR3 -> \Device\0000002e
17:01:29.373 Disk 3 Vendor: TOSHIBA_MD04ACA500 FP2A Size: 4769307MB BusType: 11
17:01:29.383 Disk 0 MBR read successfully
17:01:29.387 Disk 0 MBR scan
17:01:29.396 Disk 0 unknown MBR code
17:01:29.401 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
17:01:29.449 Disk 0 scanning C:\Windows\system32\drivers
17:01:37.594 Service scanning
17:01:55.009 Modules scanning
17:01:55.022 Disk 0 trace - called modules:
17:01:55.039 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys amd_sata.sys hal.dll
17:01:55.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000dfe595e0]
17:01:55.056 3 CLASSPNP.SYS[fffff80050411170] -> nt!IofCallDriver -> [0xffffe000df5a98e0]
17:01:55.062 5 amd_xata.sys[fffff8004fbb25da] -> nt!IofCallDriver -> \Device\0000002b[0xffffe000df5917c0]
17:01:55.388 AVAST engine scan C:\Windows
17:01:57.241 AVAST engine scan C:\Windows\system32
17:05:11.544 AVAST engine scan C:\Windows\system32\drivers
17:05:26.887 AVAST engine scan C:\Users\Antman
17:07:20.937 AVAST engine scan C:\ProgramData
17:07:50.959 Disk 0 statistics 3414715/0/0 @ 24.73 MB/s
17:07:50.965 Scan finished successfully
17:09:25.226 Disk 0 MBR has been saved successfully to "D:\Antman\Desktop\MBR.dat"
17:09:25.251 The log file has been saved successfully to "D:\Antman\Desktop\aswMBR.txt"
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.



2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.


Zoek Scan


Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.



Zemana Scan



Run a full scan with Zemana AntiMalware!
Install and select deep scan.


Remove any infections found.
Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply

Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply
 

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
Zhp Cleaner did not close Palemoon64 and di dnot prompt for a restart. I restarted manually. No report opened on boot.
 

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
~ ZHPCleaner v2016.10.26.178 by Nicolas Coolman (2016/10/26)
~ Run by Antman (Administrator) (26/10/2016 19:34:44)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : D:\Antman\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Antman\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Pro with Media Center, 64-bit (Build 9600)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (3)
MOVED file: C:\Windows\Installer\wix{8321A46B-5A07-4EE9-863B-BE9AA419992E}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime


---\\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Summary of the elements found (2)
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime


---\\ Other deletions. (25)
~ Registry Keys Tracing deleted (25)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully


---\\ Statistics
~ Items scanned : 3154
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 3


~ End of clean in 00h00mn13s
~====================
ZHPCleaner-[R]-26102016-19_34_57.txt
ZHPCleaner--26102016-19_33_42.txt
 
  • Like
Reactions: Malnutrition

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
Zemana AntiMalware 2.50.2.133 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/10/26
Operating System : Windows 8.1 64-bit
Processor : 4X AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
BIOS Mode : UEFI
CUID : 12D0BBE220157F0E7F78DA
Scan Type : Deep Scan
Duration : 8m 8s
Scanned Objects : 200522
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : CROSSOVER,0,2

Detected Objects
-------------------------------------------------------

Firefox Search
Status : Scanned
Object : Ecosia - http://ac.ecosia.org
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : Ecosia - http://ecosia.org
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : Disconnect - http://mycroftproject.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

F.B Purity - Cleans up Facebook (WX)
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\6jl8cgho.default\extensions\[email protected]
MD5 : 6103D6AA4C60169BED5D8EBAFEFB8A4C
Publisher : -
Size : 126771
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - F.B Purity - Cleans up Facebook (WX)
File - %appdata%\mozilla\firefox\profiles\6jl8cgho.default\extensions\[email protected]

True Keyâ„¢ by Intel Security
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\ciahhpibjeonlihjdefecmhminjpmfkk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - True Keyâ„¢ by Intel Security


Cleaning Result
-------------------------------------------------------
Cleaned : 5
Reported as safe : 0
Failed : 0
 

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Antman (administrator) on ARCHIVE-PC (26-10-2016 20:11:38)
Running from D:\Antman\Desktop
Loaded Profiles: Antman (Available Profiles: Antman)
Platform: Windows 8.1 Pro with Media Center (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.18\AsusFanControlService.exe
() C:\Program Files (x86)\Gilisoft\RAMDisk\gsRAMService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrec.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
() C:\Windows\SysWOW64\notepad.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(hxxp://winaero.com) D:\Antman\AntTools\WinaeroTweaker\WinaeroTweakerHelper.exe
(Lake Software) C:\Program Files (x86)\Click-N-Type\Click-N-Type.exe
(Alexandr Irza) D:\Antman\AntTools\Volume2\Volume2.exe
() C:\Program Files (x86)\DFX\DFX.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
() C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Moonchild Productions) C:\Program Files\Pale Moon\plugin-container.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Windows\System32\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)
HKLM-x32\...\Run: [Volume2] => D:\Antman\AntTools\Volume2\Volume2.exe [4781056 2015-08-10] (Alexandr Irza)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1595896 2016-10-13] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Run: [WinaeroTweakerHelper] => D:\Antman\AntTools\WinaeroTweaker\WinaeroTweakerHelper.exe [337963 2015-03-17] (hxxp://winaero.com)
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [HideSCAVolume] 1
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\MountPoints2: {5971436d-78d9-11e6-826a-40167ead0147} - "G:\setup.exe"
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\MountPoints2: {9d0f4cfe-89cc-11e6-827e-40167ead0147} - "H:\autorun.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Click-N-Type.LNK [2016-09-11]
ShortcutTarget: Click-N-Type.LNK -> C:\Program Files (x86)\Click-N-Type\Click-N-Type.exe (Lake Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6D08C4BA-66B3-4655-8986-FDBA96C29305}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF DefaultProfile: 6jl8cgho.default
FF ProfilePath: C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default [2016-10-26]
FF Extension: (AdBlocker Ultimate) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (CL Pics) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (QuickDrag) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (Simple White) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-09-26]
FF Extension: (uBlock Origin) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-10-26]
FF Extension: (Zoom Page) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\[email protected] [2016-10-23]
FF Extension: (YouTube High Definition) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-10-05]
FF Extension: (Tab Mix Plus) - C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-09-26]
FF ProfilePath: C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default [2016-10-26]
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default -> Google
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default -> Google
FF Extension: (NoSquint) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\[email protected] [2016-10-26]
FF Extension: (QuickDrag) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\[email protected] [2016-10-26]
FF Extension: (uBlock Origin) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\[email protected] [2016-10-26]
FF Extension: (YouTube High Definition) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-10-26]
FF Extension: (Tab Mix Plus) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-26]
FF Extension: (No Name) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-10-26] [not signed]
FF Extension: (No Name) - C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default\extensions\[email protected] [2016-10-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> about:blank
CHR StartupUrls: Default -> "about:blank"
CHR Profile: C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default [2016-10-26]
CHR Extension: (Google Slides) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-25]
CHR Extension: (Magic Actions for YouTubeâ„¢) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-10-25]
CHR Extension: (craigslist pop for power users) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja [2016-10-25]
CHR Extension: (Google Docs) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-25]
CHR Extension: (Google Drive) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-25]
CHR Extension: (YouTube) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-25]
CHR Extension: (uBlock Origin) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-25]
CHR Extension: (Google Sheets) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-25]
CHR Extension: (Drag and Go) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaikcnhlohebodlpkmjepipngegjbfpg [2016-10-25]
CHR Extension: (Google Voice (by Google)) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2016-10-25]
CHR Extension: (Zoom) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2016-10-25]
CHR Extension: (TabsPlus) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikomkkhhpfoeamojhhgpfkpkdlfhfii [2016-10-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-25]
CHR Extension: (AutoZoom) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch [2016-10-25]
CHR Extension: (Gmail) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]

Opera:
=======
OPR Extension: (NoSquint Plus) - C:\Users\Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\akokhfndkofiigglekpbfkengpifpaph [2016-09-29]
OPR Extension: (uBlock Origin) - C:\Users\Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-10-23]
OPR Extension: (Magic Actions for YouTubeâ„¢) - C:\Users\Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlffnljnicbkfhnlomjhjlebndachaka [2016-10-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-09-16] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-02-20] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-09-08] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.18\AsusFanControlService.exe [395064 2015-03-18] (ASUSTeK Computer Inc.)
R2 gsRAMService; C:\Program Files (x86)\Gilisoft\RAMDisk\gsRAMService.exe [222208 2016-09-13] () [File not signed]
S4 HDHomeRun RECORD; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe [155784 2015-08-26] ()
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [28296 2015-08-26] (Silicondust USA Inc)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MCEBuddy2x; C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe [34304 2016-08-09] () [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13823216 2016-10-04] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305032 2016-07-18] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-02-20] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-21] (MCCI Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2016-08-09] (Advanced Micro Devices)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\system32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 GsRamDsk; C:\Windows\System32\drivers\GsRamDsk.sys [55288 2016-09-13] ()
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2015-03-18] (ASUSTeK Computer Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RegHiveRecovery; C:\Windows\system32\drivers\RegHiveRecovery.sys [48304 2014-02-20] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40552 2013-08-22] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-10-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-26] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 20:00 - 2016-10-26 20:11 - 00031297 _____ C:\Windows\ZAM.krnl.trace
2016-10-26 20:00 - 2016-10-26 20:11 - 00003898 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-10-26 20:00 - 2016-10-26 20:00 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-10-26 20:00 - 2016-10-26 20:00 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-10-26 20:00 - 2016-10-26 20:00 - 00001180 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-10-26 20:00 - 2016-10-26 20:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-10-26 20:00 - 2016-10-26 20:00 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-10-26 19:57 - 2016-10-26 19:57 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-10-26 19:57 - 2016-10-26 19:42 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-10-26 19:42 - 2016-10-26 19:54 - 00000000 ____D C:\zoek_backup
2016-10-26 19:37 - 2016-10-26 19:37 - 00481832 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-26 19:27 - 2016-10-26 19:40 - 00000000 ____D C:\Users\Antman\AppData\Roaming\ZHP
2016-10-26 16:42 - 2016-10-26 20:11 - 00000000 ____D C:\FRST
2016-10-26 10:38 - 2016-10-26 10:38 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2016-10-26 10:38 - 2016-10-26 10:38 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Moonchild Productions
2016-10-26 10:38 - 2016-10-26 10:38 - 00000000 ____D C:\Program Files\Pale Moon
2016-10-26 07:59 - 2016-10-26 07:59 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-26 07:59 - 2016-10-26 07:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-26 07:59 - 2016-10-26 07:59 - 00000000 ____D C:\Program Files\CCleaner
2016-10-26 06:35 - 2016-10-26 19:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 06:35 - 2016-10-26 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-26 06:35 - 2016-10-26 06:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-26 06:35 - 2016-10-26 06:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-26 06:35 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-26 06:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-26 06:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-25 16:40 - 2016-10-26 19:57 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-25 16:40 - 2016-10-26 19:45 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-25 16:40 - 2016-10-25 16:40 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-25 16:40 - 2016-10-25 16:40 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-25 16:40 - 2016-10-25 16:40 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-25 16:40 - 2016-10-25 16:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-25 11:11 - 2016-10-25 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-10-25 11:09 - 2016-10-25 11:09 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-10-25 11:09 - 2016-10-25 11:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-25 11:09 - 2016-09-09 14:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-10-25 11:09 - 2016-09-09 14:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-10-25 11:09 - 2016-09-09 14:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-10-25 11:09 - 2016-09-09 14:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-10-21 16:02 - 2016-10-26 06:43 - 00000000 ____D C:\Windows\Trend Micro
2016-10-21 16:02 - 2016-10-21 16:02 - 00000000 ____D C:\ProgramData\Trend Micro
2016-10-21 16:00 - 2015-05-29 03:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-10-21 11:34 - 2016-10-21 11:34 - 00000000 ____D C:\ProgramData\Apple Computer
2016-10-20 18:54 - 2016-10-20 18:54 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1474217424
2016-10-19 00:55 - 2016-10-24 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2016-10-19 00:55 - 2016-10-19 00:55 - 00000000 ____D C:\Program Files (x86)\DiskCheckup
2016-10-17 00:49 - 2016-10-26 13:58 - 00000000 ____D C:\Users\Antman\AppData\LocalLow\uTorrent
2016-10-13 08:07 - 2016-10-13 08:07 - 00000000 ____D C:\ProgramData\DFX
2016-10-11 16:12 - 2016-09-30 20:15 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-11 16:12 - 2016-09-30 20:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-11 16:11 - 2016-10-11 16:11 - 00474112 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 16:11 - 2016-10-11 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 15:58 - 2016-10-11 15:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-11 15:43 - 2016-09-30 20:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 15:43 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 15:43 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 15:43 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 15:43 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 15:43 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 15:43 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 15:43 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 15:43 - 2016-09-30 01:41 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 15:43 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 15:43 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 15:43 - 2016-09-30 01:33 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 15:43 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 15:43 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-11 15:43 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 15:43 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 15:43 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 15:43 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 15:43 - 2016-09-30 01:11 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 15:43 - 2016-09-30 01:06 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-11 15:43 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-11 15:43 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 15:43 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 15:43 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 15:43 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 15:43 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 15:43 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 15:43 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 15:43 - 2016-09-17 14:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 15:43 - 2016-09-17 13:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-11 15:43 - 2016-09-17 13:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 15:43 - 2016-09-17 13:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-11 15:43 - 2016-09-17 13:02 - 01446400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 15:43 - 2016-09-13 21:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 15:43 - 2016-09-13 21:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-11 15:43 - 2016-09-13 21:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 15:43 - 2016-09-13 21:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-11 15:43 - 2016-09-12 19:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 15:43 - 2016-09-12 18:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-11 15:43 - 2016-09-12 17:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-11 15:43 - 2016-09-09 10:17 - 04170752 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 15:43 - 2016-09-09 09:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 15:43 - 2016-09-09 09:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 15:43 - 2016-09-08 16:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-11 15:43 - 2016-09-08 10:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 15:43 - 2016-09-08 10:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 15:43 - 2016-09-07 18:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 15:43 - 2016-09-07 17:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-11 15:43 - 2016-09-07 17:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 15:43 - 2016-09-07 17:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 15:43 - 2016-09-07 17:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-11 15:43 - 2016-08-31 13:22 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 15:43 - 2016-08-31 12:33 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 15:43 - 2016-08-27 15:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 15:43 - 2016-08-27 15:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-11 15:43 - 2016-08-27 15:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2016-10-11 15:43 - 2016-08-27 14:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-11 15:43 - 2016-08-27 14:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-11 15:43 - 2016-08-27 14:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2016-10-11 15:43 - 2016-08-27 12:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-10-11 15:43 - 2016-08-27 12:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-10-11 15:43 - 2016-08-27 12:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-10-11 15:43 - 2016-08-27 11:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-10-11 15:43 - 2016-08-25 16:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-10-11 15:43 - 2016-08-25 15:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-10-11 15:43 - 2016-08-20 18:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 15:43 - 2016-08-20 18:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-11 15:43 - 2016-08-12 20:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 15:43 - 2016-08-12 20:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2016-10-11 15:43 - 2016-08-12 20:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2016-10-11 15:43 - 2016-08-12 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2016-10-11 15:43 - 2016-08-12 18:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-10-11 15:43 - 2016-08-12 18:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-11 15:43 - 2016-08-12 17:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 15:43 - 2016-08-12 17:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-10-11 15:43 - 2016-08-12 16:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 15:43 - 2016-08-11 21:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-10-11 15:43 - 2016-08-11 21:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-10-11 15:43 - 2016-08-11 14:33 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2016-10-11 15:43 - 2016-08-11 14:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2016-10-11 15:43 - 2016-08-11 14:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2016-10-11 15:43 - 2016-08-11 13:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-10-11 15:43 - 2016-08-11 09:39 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
2016-10-11 15:43 - 2016-08-11 01:46 - 00420184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-10-11 15:43 - 2016-08-03 11:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-10-11 15:43 - 2016-08-03 11:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2016-10-11 15:43 - 2016-08-03 11:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-10-11 15:43 - 2016-08-03 11:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-10-11 15:43 - 2016-07-30 13:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-10-11 15:43 - 2016-07-30 12:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-10-11 15:43 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2016-10-11 15:43 - 2016-07-26 09:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
2016-10-11 15:43 - 2016-07-23 14:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-10-11 15:43 - 2016-07-23 14:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-10-10 01:32 - 2016-10-10 01:35 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Mp3tag
2016-10-07 10:06 - 2016-10-07 10:06 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-10-07 10:06 - 2016-10-07 10:06 - 00000000 ____D C:\Program Files\Unlocker
2016-10-05 15:29 - 2016-10-05 15:29 - 00000000 __SHD C:\ProgramData\DIBsection
2016-10-05 08:09 - 2016-10-05 08:10 - 00000000 ____D C:\Users\Antman\PhotoBuzzer Projects 1
2016-10-05 00:31 - 2013-08-22 07:39 - 00016256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BdaSup.sys
2016-10-04 05:58 - 2016-10-04 05:58 - 00209176 _____ C:\Windows\Photo Pos Pro 3 Uninstaller.exe
2016-10-04 05:58 - 2016-10-04 05:58 - 00000000 ____D C:\Program Files\Photo Pos Pro 3
2016-10-04 05:58 - 2016-10-04 05:58 - 00000000 ____D C:\Program Files\Common Files\Thraex Software
2016-10-03 10:31 - 2016-10-03 10:31 - 00000000 ____D C:\Program Files\Photo BUZZER
2016-09-29 11:38 - 2016-09-29 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DaRT 8.1
2016-09-29 11:38 - 2016-09-29 11:38 - 00000000 ____D C:\Program Files\Microsoft DaRT
2016-09-29 11:36 - 2016-09-29 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-09-29 11:36 - 2016-09-29 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-09-29 11:36 - 2014-02-20 05:52 - 00048304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RegHiveRecovery.sys
2016-09-27 06:17 - 2015-03-18 23:11 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2016-09-26 18:44 - 2016-09-26 18:48 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Apple Computer
2016-09-26 18:33 - 2016-09-26 18:33 - 00000000 ____D C:\Users\Antman\AppData\Roaming\COWON
2016-09-26 18:30 - 2016-09-26 18:30 - 00000000 ____D C:\Windows\system32\appmgmt
2016-09-26 18:29 - 2016-09-26 18:29 - 00000000 ____D C:\ProgramData\Apple
2016-09-26 18:28 - 2016-09-26 18:28 - 00000000 ____D C:\Users\Antman\AppData\LocalLow\Apple Computer
2016-09-26 13:13 - 2016-10-08 11:43 - 00000000 ____D C:\Program Files\Waterfox
2016-09-26 13:13 - 2016-09-26 13:13 - 00000000 ____D C:\Users\Antman\AppData\Roaming\WaterfoxProject

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 20:03 - 2014-11-21 04:43 - 00867660 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-26 20:03 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-10-26 20:01 - 2016-09-10 20:36 - 00000000 ____D C:\Users\Antman
2016-10-26 19:57 - 2016-09-10 21:59 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-10-26 19:57 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-26 19:54 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-26 19:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-10-26 19:43 - 2016-09-10 20:42 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2077013597-3632690625-1065684953-1001
2016-10-26 19:37 - 2016-09-23 05:22 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-26 19:29 - 2016-09-11 02:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-26 18:29 - 2016-09-23 05:22 - 00003862 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-26 18:29 - 2016-09-11 02:33 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 18:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-26 18:29 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 13:58 - 2016-09-13 07:29 - 00000000 ____D C:\Users\Antman\AppData\Roaming\uTorrent
2016-10-26 10:44 - 2016-09-11 21:56 - 00000000 ____D C:\Users\Antman\AppData\Roaming\MPC-HC
2016-10-26 08:12 - 2016-09-19 01:31 - 00000000 ____D C:\Users\Antman\AppData\Roaming\Mozilla
2016-10-26 08:04 - 2016-09-11 00:33 - 00000000 ____D C:\Windows\Panther
2016-10-26 06:42 - 2016-09-11 00:22 - 00000000 ____D C:\Program Files (x86)\DFX
2016-10-25 15:37 - 2016-09-10 23:05 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 11:11 - 2016-09-10 21:58 - 00000000 ____D C:\Program Files\AMD
2016-10-25 11:05 - 2016-09-25 11:00 - 00000000 ____D C:\AMD
2016-10-25 09:57 - 2016-09-10 21:20 - 00000000 ____D C:\Users\Antman\AppData\Roaming\ClassicShell
2016-10-24 01:34 - 2016-09-11 14:26 - 00000000 ____D C:\Program Files (x86)\AusLogics BoostSpeed
2016-10-23 15:13 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-20 18:54 - 2016-09-18 12:50 - 00000000 ____D C:\Program Files (x86)\Opera
2016-10-14 06:58 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-10-13 08:01 - 2016-09-11 04:51 - 00000000 ____D C:\Program Files (x86)\JetAudio
2016-10-13 07:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-10-13 07:17 - 2013-08-22 11:36 - 00000000 ___SD C:\Program Files (x86)\Windows Sidebar
2016-10-11 20:25 - 2016-09-10 23:55 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-11 20:25 - 2016-09-10 21:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-11 20:25 - 2014-11-21 12:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-11 20:25 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-10-11 16:12 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-10-11 16:11 - 2016-09-10 22:38 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 16:11 - 2016-09-10 21:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-11 12:35 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2016-10-10 07:26 - 2016-09-12 06:34 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-10-10 01:34 - 2016-09-11 14:19 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2016-10-05 15:23 - 2016-09-13 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2016-09-28 15:25 - 2016-09-12 08:09 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B8B01775-E636-4893-A1DB-47E5BBA983FF}

==================== Files in the root of some directories =======

2016-10-21 16:09 - 2016-10-21 16:09 - 0194298 _____ () C:\Users\Antman\AppData\Local\ars.cache
2016-10-21 16:09 - 2016-10-21 16:09 - 0523077 _____ () C:\Users\Antman\AppData\Local\census.cache
2016-10-21 16:00 - 2016-10-21 16:00 - 0000036 _____ () C:\Users\Antman\AppData\Local\housecall.guid.cache
2016-10-21 16:06 - 2016-10-21 16:06 - 0000010 _____ () C:\Users\Antman\AppData\Local\sponge.last.runtime.cache
2016-09-12 07:11 - 2016-09-12 07:57 - 0000091 ___SH () C:\ProgramData\.zreglib
2016-09-10 23:33 - 2014-04-30 10:53 - 0019535 _____ () C:\ProgramData\empty.ico

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-19 05:05

==================== End of FRST.txt ============================
 

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Antman (26-10-2016 20:12:01)
Running from D:\Antman\Desktop
Windows 8.1 Pro with Media Center (Update) (X64) (2016-09-11 00:36:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2077013597-3632690625-1065684953-500 - Administrator - Enabled)
Antman (S-1-5-21-2077013597-3632690625-1065684953-1001 - Administrator - Enabled) => C:\Users\Antman
Guest (S-1-5-21-2077013597-3632690625-1065684953-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2077013597-3632690625-1065684953-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
ACP Application (Version: 2016.0916.1502.32 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.00 - ASUSTeK Computer Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Application Compatibility Toolkit (Version: 8.100.26641 - Microsoft) Hidden
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
Auslogics BoostSpeed Premium (HKLM-x32\...\Auslogics BoostSpeed Premium 8.0.1.0) (Version: - )
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software)
Bullzip PDF Printer 10.25.0.2552 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.25.0.2552 - Bullzip)
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Click-N-Type (HKLM-x32\...\{CC02581D-B1F9-4B22-8E82-024B9D8EB702}) (Version: 3.03.0415 - Lake Software)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
CloneDVDmobile (HKLM-x32\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
CrazyTalk Animator Standard (HKLM-x32\...\{789567FD-CAA2-4E1C-B38E-9072B3015FFD}) (Version: 1.2.2010.1 - Reallusion Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DFX (HKLM-x32\...\DFX) (Version: 12.021.0.0 - Power Technology)
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1002 - PassMark Software)
FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: 7.0.5 - LopeSoft)
GiliSoft RAMDisk 6.4.0 (HKLM-x32\...\{30AB2FCD-FBF2-4bed-1111-13E6A1468621}_is1) (Version: 6.4.0 - Gilisoft International LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GuideTool (HKLM-x32\...\GuideTool) (Version: - )
HDHomeRun (HKLM\...\{1447F2EE-B042-40AB-8BEB-478FEB1F9A3A}) (Version: 1.0.19686.0 - Silicondust)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
jetAudio Plus (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
K-Lite Mega Codec Pack 12.4.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.4.2 - KLCP)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MCEBuddy 2.x (HKLM\...\{0D3796AA-D867-4278-AEBC-3616AD1F7C3A}) (Version: 2.4.5 - MCEBuddy)
Microsoft DaRT 8.1 (HKLM\...\{4AE2D8A6-430A-4EE8-94BC-C88DD416E258}) (Version: 8.1.22.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
My Channel Logos (HKLM-x32\...\{6D535A45-2019-4CAC-A353-9B4D708642A0}) (Version: 3.1.0.0 - My Channel Logos)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Opera Stable 40.0.2308.90 (HKLM-x32\...\Opera 40.0.2308.90) (Version: 40.0.2308.90 - Opera Software)
Pale Moon 26.5.0 (x64 en-US) (HKLM\...\Pale Moon 26.5.0 (x64 en-US)) (Version: 26.5.0 - Moonchild Productions)
Photo BUZZER (64-Bit) (HKLM\...\EMOTION_PROJECTS_1_2_CDF5610E_is1) (Version: 1.14 - Franzis Verlag GmbH)
Photo Pos Pro 3 (HKLM\...\Photo Pos Pro 3) (Version: 3.20 - PowerOfSoftware Ltd.)
PlayReady PC Runtime amd64 (HKLM\...\{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}) (Version: 1.3.10 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek)
Send To Toys v2.5 (HKLM-x32\...\Send To Toys_is1) (Version: - Gabriele Ponti)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skypeâ„¢ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Toolkit Documentation (x32 Version: 8.100.26866 - Microsoft) Hidden
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
User State Migration Tool (x32 Version: 8.100.25984 - Microsoft) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Volume Activation Management Tool (x32 Version: 8.100.26629 - Microsoft) Hidden
Volume2 1.1.4 (HKLM-x32\...\Volume2) (Version: 1.1.4 - Alexandr Irza)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Waterfox 49.0.2 (x64 en-US) (HKLM\...\Waterfox 49.0.2 (x64 en-US)) (Version: 49.0.2 - Mozilla)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.6.0.6 - Winaero)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26837 - Microsoft) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.50.133 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\Antman\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\Antman\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A3CEDE-B15E-43C1-944C-33CA390C34CE} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {09815097-9713-42B4-BD0F-45022D6C02F5} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2015-03-19] ()
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0C5365D6-82B6-47A5-93A9-8AF02D2ECD56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {0C88306B-C6D5-49B6-BA5B-34B3CAC8302A} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {1FA1BB28-EF5F-4A85-ABDF-618F2460940B} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {310B75AC-85B1-4905-ADC8-6E0050AA70E9} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2015-02-17] (ASUSTeK Computer Inc.)
Task: {3A37B2A5-9094-4966-B8A6-5519563E06A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {6F2DE740-9EF9-4E39-BB48-30438FB90F95} - System32\Tasks\Opera scheduled Autoupdate 1474217424 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-17] (Opera Software)
Task: {717F50D5-6450-4036-B15B-FFDE3C297D49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {77C24FA7-454D-4F0D-872D-F216119F6870} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-09-12] ()
Task: {96A639F8-F7CF-49E5-A6E8-5B41DCD6785A} - System32\Tasks\My Channel Logos Updater => C:\Program Files (x86)\My Channel Logos\mclupdater.exe [2013-12-06] (Microsoft)
Task: {9B51DDD6-0752-478F-B8C1-0FC508CC4F9B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {B2B693C5-6421-4021-8EE2-5FAA09F626D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {BBF811F5-DF91-4E60-8658-F59E2D146599} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {C9DD5303-9920-4A1F-8A05-783F92CFBE7A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-09-13 17:14 - 2015-03-19 11:11 - 01271096 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-09-13 17:11 - 2014-02-20 04:27 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-26 20:00 - 2016-10-26 20:00 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-09-13 08:03 - 2016-09-13 08:03 - 00222208 _____ () C:\Program Files (x86)\Gilisoft\RAMDisk\gsRAMService.exe
2016-08-09 18:56 - 2016-08-09 18:56 - 00034304 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Service.exe
2016-08-09 18:53 - 2016-08-09 18:53 - 00705024 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Globals.dll
2016-08-09 18:55 - 2016-08-09 18:55 - 00199168 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Util.dll
2016-08-09 18:57 - 2016-08-09 18:57 - 00030720 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Configuration.dll
2016-08-09 18:53 - 2016-08-09 18:53 - 00102912 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.Engine.dll
2016-08-09 18:52 - 2016-08-09 18:52 - 00006144 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.EMailEngine.dll
2016-08-09 18:57 - 2016-08-09 18:57 - 00158720 _____ () C:\Program Files\MCEBuddy2x\MCEBuddy.MetaData.dll
2016-09-10 21:57 - 2011-05-23 22:49 - 00194560 _____ () C:\Windows\SysWOW64\notepad.exe
2016-08-30 19:40 - 2016-10-13 08:09 - 01595896 _____ () C:\Program Files (x86)\DFX\DFX.exe
2016-08-30 19:33 - 2016-08-30 19:33 - 00161784 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe
2016-08-30 19:36 - 2016-08-30 19:36 - 00176120 _____ () C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp64.exe
2016-08-30 20:02 - 2016-08-30 20:02 - 00098296 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared64.dll
2016-09-13 17:13 - 2015-02-11 16:07 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2016-10-26 10:38 - 2016-09-23 21:05 - 04128256 _____ () C:\Program Files\Pale Moon\mozjs.dll
2016-10-26 17:29 - 2016-10-26 17:29 - 27068608 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll
2016-09-10 21:57 - 2011-05-23 22:49 - 00194560 _____ () C:\Windows\SYSTEM32\notepad.exe
2016-09-13 17:13 - 2015-02-11 16:07 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2016-09-13 17:13 - 2015-02-11 16:07 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2016-09-13 17:14 - 2015-03-19 18:12 - 04440064 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2016-09-13 17:13 - 2013-08-29 15:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2016-09-13 17:13 - 2013-06-24 15:59 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2016-09-13 17:13 - 2015-02-11 16:07 - 00828928 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2016-09-13 17:14 - 2015-03-18 23:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2016-09-13 17:14 - 2015-03-18 23:11 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2016-09-13 17:13 - 2014-09-08 22:14 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00711680 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2016-09-13 17:14 - 2015-03-19 11:42 - 00857088 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00803840 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2016-09-13 17:14 - 2015-03-19 11:49 - 00814080 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2016-10-26 19:57 - 2016-10-26 19:57 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-09-13 17:11 - 2014-02-20 04:27 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-08-30 19:57 - 2016-08-30 19:57 - 00083960 _____ () C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2016-09-13 17:14 - 2015-03-19 11:11 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-10-26 19:43 - 2016-10-26 19:43 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2077013597-3632690625-1065684953-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{29E0F7B7-C012-409E-908D-B2DEDAB90CFB}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{6639DF85-77F4-4B0A-8C32-EE674F4CF892}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_view.exe
FirewallRules: [{8A952F2B-FB9A-40EA-B2C1-FB749814081E}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{C84EB135-F0F9-400C-84E1-F466B128B332}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_nas_install.exe
FirewallRules: [{A1AADBCF-A924-4D87-AAA9-D6B7B6B00702}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_record.exe
FirewallRules: [{38C8E4A7-B268-454D-A52C-317D284DD40E}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{EBEEB452-1580-4B0B-92BC-876817CDE997}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{EE758A43-EBA2-4C45-B8A0-7E2DC4B8F108}] => (Allow) C:\Windows\ehome\ehRecvr.exe
FirewallRules: [TCP Query User{670C5C8B-0568-4C8D-B940-2CECAD62586A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2B838DB0-EF27-4BDC-87BC-8BB6F58DFF37}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0BA41CB7-61F7-4DDD-AA46-F0CA551AFEC7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E41C1B4F-E8E4-4B71-8C70-C9B45D74F5F3}] => (Allow) LPort=2869
FirewallRules: [{D70D07C2-B2BC-4A5E-8CAF-8C94BEF04EAE}] => (Allow) LPort=1900
FirewallRules: [{2E14BCBB-7F90-45B2-970D-902053AB80B9}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FFF621FC-5694-4524-A2E5-6D7E75CC533C}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{44CD0594-5787-421A-94D7-9FEB94F7A5D5}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DE9A6F1C-25A6-4C03-8638-D70C8F1C3A24}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F38DED8F-8022-4C19-8B8B-56076CD6EC6D}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7B137A56-59E0-4522-BBB8-F8DD0C8356A9}] => (Allow) C:\Users\Antman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{31D00B24-6778-4DF1-ACB9-0F394FE56380}] => (Allow) C:\Windows\ehome\ehexthost.exe
FirewallRules: [{DA4E5189-B1E2-4C72-9DBC-AF2F8A135132}] => (Allow) C:\Windows\ehome\ehexthost.exe
FirewallRules: [{CC7CB425-C3BA-4034-86B2-22487DE78505}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{F06A1CF3-8261-4983-BBE3-B3CEF2754556}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{676C70C7-DAE9-4BDE-A089-949A9BB1B5CA}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{9504DEE8-0220-4952-920D-7041A8DE4A76}] => (Allow) C:\Program Files (x86)\GuideTool\GuideTool.exe
FirewallRules: [{B50F7AA9-506D-4673-A1D3-D5371A83D2F1}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{B5DF9774-A606-4C57-8C38-61F08D3BA3B4}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{8AA22675-2760-4974-8B12-9982861C41BC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{2DF0974C-02E3-4B18-86C5-524CEF2813BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-10-2016 15:22:03 Installed inSSIDer 4
11-10-2016 16:10:43 Windows Update
12-10-2016 16:32:42 Installed 8GadgetPack
20-10-2016 03:43:00 Scheduled Checkpoint
21-10-2016 11:32:50 Removed QuickTime 7
25-10-2016 15:49:07 Restore Operation
26-10-2016 19:42:48 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2016 07:42:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/26/2016 07:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: Qt5Widgets.dll, version: 5.4.1.0, time stamp: 0x555bbfbd
Exception code: 0xc0000005
Fault offset: 0x001bb582
Faulting process id: 0x8f0
Faulting application start time: 0x01d22fe1fc67cf41
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\Qt5Widgets.dll
Report Id: 42828488-9bd5-11e6-8293-40167ead0147
Faulting package full name:
Faulting package-relative application ID:

Error: (10/26/2016 08:04:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (5196) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/26/2016 08:04:56 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5196) testing: An attempt to open the file "C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/26/2016 08:04:46 AM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (5196) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/26/2016 08:04:46 AM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (5196) testing: An attempt to open the file "C:\Users\Antman\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/26/2016 07:18:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (10/26/2016 06:08:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (10/25/2016 04:10:50 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070301.

Error: (10/25/2016 03:50:37 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070301.


System errors:
=============
Error: (10/26/2016 07:58:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/26/2016 07:57:50 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/26/2016 07:57:48 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (10/26/2016 07:57:48 PM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.

Error: (10/26/2016 07:54:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2016 07:54:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2016 07:54:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2016 07:54:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2016 07:54:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/26/2016 07:38:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2016-10-26 05:47:01.506
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-24 06:06:49.479
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-22 06:03:13.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-17 05:04:55.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-15 05:45:37.587
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-14 03:56:51.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-12 07:37:42.046
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-10 00:07:33.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-08 07:41:15.861
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-07 05:38:51.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 39%
Total physical RAM: 11205.18 MB
Available physical RAM: 6749.89 MB
Total Virtual: 15301.18 MB
Available Virtual: 10477.61 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:232.37 GB) (Free:194.38 GB) NTFS
Drive d: (Users) (Fixed) (Total:2794.53 GB) (Free:1847.61 GB) NTFS
Drive e: (Media) (Fixed) (Total:4657.4 GB) (Free:498.92 GB) NTFS
Drive r: (GSRAMDISK) (Fixed) (Total:1.99 GB) (Free:1.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 02EEE85A)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 638E5A20)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=42)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 4657.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
What do you want, professional responses to your requests?



Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Antman on 10/26/16 at 19:42:19.44.
Microsoft Windows 8.1 Pro with Media Center 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Antman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/26/16 19:42:54 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Windows Sidebar deleted successfully
C:\Users\Antman\AppData\Local\icsxml deleted successfully
C:\Users\Antman\AppData\Local\ms-drivers deleted successfully
C:\Users\Antman\AppData\Local\Skype deleted successfully
C:\Users\Antman\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_2616_1954_.backup

ProfilePath: C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default

user.js not found
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_2616_1954_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default\jetpack deleted
"C:\PROGRA~3\D83C629D-C688-4A07-8615-94974D65F157\47E47EA8-82D0-4166-A58D-4CC7C88D86D3" deleted
"C:\Users\Antman\AppData\Roaming\vlc\vlcrc" deleted
"C:\PROGRA~3\D83C629D-C688-4A07-8615-94974D65F157" deleted
"C:\Users\Antman\AppData\Roaming\vlc" deleted
"C:\PROGRA~3\D83C629D-C688-4A07-8615-94974D65F157\6E8D6B19-A55D-4AE3-8986-A29F363D9E8A" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Antman\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ac02ly3s.default
- NoSquint - %ProfilePath%\extensions\[email protected]
- QuickDrag - %ProfilePath%\extensions\[email protected]
- Undetermined - %ProfilePath%\extensions\[email protected]
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

ProfilePath: C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default
- AdBlocker Ultimate - %ProfilePath%\extensions\[email protected]
- CL Pics - %ProfilePath%\extensions\[email protected]
- Undetermined - %ProfilePath%\extensions\[email protected]
- Wikiwand: Wikipedia Modernized - %ProfilePath%\extensions\[email protected]
- QuickDrag - %ProfilePath%\extensions\[email protected]
- Simple White - %ProfilePath%\extensions\[email protected]
- Undetermined - %ProfilePath%\extensions\[email protected]
- Zoom Page - %ProfilePath%\extensions\[email protected]
- YouTube High Definition - %ProfilePath%\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Antman\AppData\Roaming\Mozilla\Firefox\Profiles\6jl8cgho.default
CD9AD396445215BA2B050EED7194193B - C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll - Silverlight Plug-In
C940C1079C9202591865EAEDC010926C - C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================


craigslist pop for power users - Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikbdokcmcbbeaadpdbhlcdcgghdkhja
True Keyâ„¢ by Intel Security - Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciahhpibjeonlihjdefecmhminjpmfkk
uBlockâ‚€ - Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm
Google Voice (by Google) - Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo
TabsPlus - Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikomkkhhpfoeamojhhgpfkpkdlfhfii
AutoZoom - Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocdkpkoaonnchdakgkmmcmnihhhgbjch
Chrome Media Router - Antman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
NoSquint Plus - Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\akokhfndkofiigglekpbfkengpifpaph
uBlockâ‚€ - Antman\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== shortcuts in Users Start Menu ======================

C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Click-N-Type.LNK - C:\Program Files (x86)\Click-N-Type\Click-N-Type.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk - C:\Program Files\Unlocker\README.TXT
C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk - C:\Program Files\Unlocker\Unlocker.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk - C:\Program Files\Unlocker\uninst.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk - C:\Program Files\Unlocker\Unlocker.url

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk - C:\Program Files\Pale Moon\palemoon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk - C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup\DiskCheckup on the Web.lnk - C:\Program Files (x86)\DiskCheckup\DiskCheckup.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup\Uninstall DiskCheckup.lnk - C:\Program Files (x86)\DiskCheckup\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DaRT 8.1\Crash Analyzer.lnk - C:\Program Files (x86)\Microsoft DaRT\v8.1\crashanalyze.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DaRT 8.1\DaRT Recovery Image.lnk - C:\Program Files (x86)\Microsoft DaRT\v8.1\DaRTImage.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DaRT 8.1\DaRT Remote Connection Viewer.lnk - C:\Program Files (x86)\Microsoft DaRT\v8.1\DartRemoteViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk - C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk - C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk - C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion\LiveUpdate.lnk - C:\Program Files (x86)\Common Files\Reallusion\LiveUpdate\RLLiveUpdate.exe /MANUAL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\ADK Getting Started Guide.lnk - C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Docs\ADK_GetStarted.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Deployment and Imaging Tools Environment.lnk - C:\Windows\system32\cmd.exe /k "C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\DandISetEnv.bat "
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Volume Activation Management Tool 3.1.lnk - C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\VAMT3\VAMT.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Windows System Image Manager.lnk - C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\WSIM\imgmgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Application Compatibility Toolkit\Application Compatibility Manager.lnk - C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Application Compatibility Toolkit\Application Compatibility Manager\ACM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Application Compatibility Toolkit\Developer and Tester Tools\Compatibility Administrator (32-bit).lnk - C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Compatadmin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Application Compatibility Toolkit\Developer and Tester Tools\Compatibility Administrator (64-bit).lnk - C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Application Compatibility Toolkit\Compatibility Administrator (64-bit)\Compatadmin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\GPUView Help.lnk - C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\gpuview\GPUView.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\GPUView.lnk - C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\gpuview\GPUView.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\Windows Performance Analyzer.lnk - C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\wpa.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\Windows Performance Recorder.lnk - C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\WPRUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows Performance Toolkit\Windows Performance Toolkit Help.lnk - C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Docs\WPT.chm

==== shortcuts in Quick Launch ======================

C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GiliSoft RAMDisk 6.4.0.lnk - C:\Program Files (x86)\Gilisoft\RAMDisk\RAMDisk.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\jetAudio.lnk - C:\Program Files (x86)\JetAudio\JetAudio.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe "http://web-start.org//?ssid=1477064264&a=1054667&src=sh&uuid=e581f462-4dcb-46bf-beeb-6079e9189f31"
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Center.lnk - C:\Windows\ehome\ehshell.exe /mcesuperbar://tv?live=true
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MS Outlook.lnk - C:\Windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe "http://web-start.org//?ssid=1477064264&a=1054667&src=sh&uuid=e581f462-4dcb-46bf-beeb-6079e9189f31"
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pale Moon.lnk - C:\Program Files\Pale Moon\palemoon.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Waterfox.lnk - C:\Program Files\Waterfox\waterfox.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Antman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Antman\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Antman\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Antman\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Antman\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Antman\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Antman\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=118 folders=103 1746562231 bytes)

==== Empty Temp Folders ======================

C:\Users\Antman\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 10/26/16 at 19:58:07.96 ======================
 

Antman

PCHF Member
PCHF Member
Oct 2, 2016
320
53
Thanks for helping me out. You are wholly worthy of the title Bob Jones.

I bought a large bucket of 'chocolates from around the world' at Costco. You can have a handful.
 
  • Like
Reactions: Malnutrition

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.




Also, keep your browsing private with these tools:



Self Destructing Cookies.
Self Destructing Cookies Chrome.






Some items to keep you safe on the internet.



VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.




Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
  • Like
Reactions: Antman
Status
Not open for further replies.