Would updating to Windows 10 Help?

M

MitchMatch

New Member
So one of the computers in my house has a redirect virus that keeps sending web pages to utrack.pw/i/
Iv'e tried a bunch of different ways to get rid of this but nothing is working for me and when I check online for help the main thing I get is to install spyhunter but Ive heard spyhunter4 is not a legit app so I just wanna know would updating to wins 10 help?
 
johnb35

johnb35

Administrator
Staff member
Spy hunter is crap. I can help you better later when I get home. But you can try running the programs listed in the sticky thread in the security section. Its titled read here before requesting malware removal help.
 
voyagerfan99

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
Upgrading will not help. You'd still have the same issues after the upgrade.

Do the following and post the logs. It may sound like a lot, but just read through the steps and you'll easily be able to follow them.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL
 
M

MitchMatch

New Member
Thanks! Sorry about starting this thread in the wrong area. Junkware could not get past checking firefox on all three tries. Here are the rest.
OTL report

OTL logfile created on: 10/28/2015 1:46:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mitchell\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18053)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.44 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 52.24% Memory free
6.94 Gb Paging File | 4.91 Gb Available in Paging File | 70.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.08 Gb Total Space | 245.45 Gb Free Space | 54.66% Space Free | Partition Type: NTFS
Drive D: | 15.20 Gb Total Space | 1.89 Gb Free Space | 12.41% Space Free | Partition Type: NTFS
Computer Name: THOMAS | User Name: Mitchell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Mitchell\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (IObit)
PRC - C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media Inc.)
PRC - C:\Windows\SysWOW64\WerFault.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\DAEMON Tools Pro\BRD.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\UPnP.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\in_wma.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_wave.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\in_vorbis.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_ogg.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_mpc.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_ape.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\d_iRiverH.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\out_WASAPI.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\out_MMDS.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\in_wmp3.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\in_wav.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\in_mfaudio.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_MP4.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_mkv.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_MPG.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_flac_codec.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_FLV.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_video.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\d_iPhone.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\d_iPod.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\d_WMDM.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_aac.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_AVI.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_flac.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\WMAuth.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\MMHelper.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Equalize.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\f_WMV.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\SQLite3MM.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll ()
MOD - C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (omniserv) -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Softex Inc.)
SRV:64bit: - (Cachedrv server) -- C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe ()
SRV - (AVP15.0.2) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (StartMenuService) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (IObit)
SRV - (AdvancedSystemCareService8) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (MbaeSvc) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG Technologies)
SRV - (PrintNotify) -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (RadeonPro Support Service) -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe (Mr. John aka japamd)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Klwtp) -- C:\Windows\SysNative\drivers\klwtp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\drivers\klwfp.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klpd) -- C:\Windows\SysNative\drivers\klpd.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klflt) -- C:\Windows\SysNative\drivers\klflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kldisk) -- C:\Windows\SysNative\drivers\kldisk.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klhk) -- C:\Windows\SysNative\drivers\klhk.sys (Kaspersky Lab ZAO)
DRV:64bit: - (cm_km_w) -- C:\Windows\SysNative\drivers\cm_km_w.sys (Kaspersky Lab UK Ltd)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athwbx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (qcusbser) -- C:\Windows\SysNative\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWB6.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (APXACC) -- C:\Windows\SysNative\drivers\appexDrv.sys (AppEx Networks Corporation)
DRV:64bit: - (ReFS) -- C:\windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys (IObit)
DRV:64bit: - (Wof) -- C:\windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (klelam) -- C:\Windows\SysNative\drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV - (HWiNFO32) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS (REALiX(tm))
DRV - (ESProtectionDriver) -- C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys ()
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{0B54DE0A-6431-41C0-B474-7A7988803D04}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\y, = http://yandex.ru/search/?win=195&clid=2100771-002&text=%s
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\..\SearchScopes\A2A3FED8ACFC3815522BD8DD481C628C: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87.1-signed
FF - prefs.js..extensions.enabledAddons: imageblock%40hemantvats.com:2.1.1-signed
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.7.5
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:8.1.1
FF - prefs.js..extensions.enabledAddons: iobitascsurfingprotection%40iobit.com:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\windows\system32\C2MP\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2: C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015/10/24 09:25:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015/10/24 09:25:57 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mitchell\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015/10/24 09:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\[email protected] [2015/10/24 09:25:57 | 000,000,000 | ---D | M]
[2015/03/24 10:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\Extensions
[2015/10/23 02:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\Firefox\Profiles\2purzlgc.default\extensions
[2015/09/24 22:23:59 | 000,000,000 | ---D | M] ("Flash Video Downloader - YouTube HD Download [4K]") -- C:\Users\Mitchell\AppData\Roaming\mozilla\Firefox\Profiles\2purzlgc.default\extensions\[email protected]
[2015/10/02 06:34:31 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Mitchell\AppData\Roaming\mozilla\Firefox\Profiles\2purzlgc.default\extensions\[email protected]
[2015/06/07 07:29:24 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Mitchell\AppData\Roaming\mozilla\Firefox\Profiles\2purzlgc.default\extensions\[email protected]
[2015/07/17 08:33:58 | 000,470,468 | ---- | M] () (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\2purzlgc.default\extensions\[email protected]
[2015/10/23 02:27:14 | 004,529,677 | ---- | M] () (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\2purzlgc.default\extensions\[email protected]
[2015/05/28 22:42:24 | 000,022,699 | ---- | M] () (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\2purzlgc.default\extensions\[email protected]
[2015/05/28 21:49:59 | 000,013,707 | ---- | M] () (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\2purzlgc.default\extensions\[email protected]
[2015/09/27 02:30:24 | 000,471,265 | ---- | M] () (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\2purzlgc.default\extensions\[email protected]
[2015/05/28 22:42:24 | 000,043,801 | ---- | M] () (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\2purzlgc.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2015/09/29 12:28:14 | 000,962,762 | ---- | M] () (No name found) -- C:\Users\Mitchell\AppData\Roaming\mozilla\firefox\profiles\2purzlgc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/09/27 02:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/10/17 22:07:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2015/09/30 22:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2015/09/30 22:04:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage: http://www.yandex.ru/?win=195&clid=2100767-002
O1 HOSTS File: ([2015/10/02 06:40:08 | 000,002,347 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 0.0.0.0.0
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 mfr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 static.a-ads.com
O1 - Hosts: 127.0.0.1 atlas.aamedia.ro
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 ad4.abradio.cz
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 57 more lines...
O2:64bit: - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Content Blocker Plugin) - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (Virtual Keyboard Plugin) - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Content Blocker Plugin) - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [Advanced SystemCare 8] C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk = C:\Users\Mitchell\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Virtual Keyboard - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Virtual Keyboard - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\atlscript.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B493C87-1087-4029-BD5A-39FD2F6E918F}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23897452-4B4C-4463-81B8-B75A217AFCC0}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6CCFA43-580A-4611-B6B3-E43C4590E53C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\chrome.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27:64bit: - HKLM IFEO\hpsf.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O27 - HKLM IFEO\hpsf.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/10/28 12:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/10/28 12:11:06 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2015/10/28 12:11:06 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2015/10/28 12:11:06 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\windows\SysNative\drivers\mbam.sys
[2015/10/28 11:26:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/10/24 11:44:53 | 000,190,648 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kneps.sys
[2015/10/24 11:44:52 | 000,817,848 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys
[2015/10/24 11:44:52 | 000,159,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys
[2015/10/24 11:44:52 | 000,085,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klwtp.sys
[2015/10/24 11:44:52 | 000,077,680 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klwfp.sys
[2015/10/24 11:44:52 | 000,039,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klim6.sys
[2015/10/24 11:44:52 | 000,024,944 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klpd.sys
[2015/10/24 11:44:51 | 000,478,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kl1.sys
[2015/10/24 11:44:51 | 000,064,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kldisk.sys
[2015/10/24 11:44:46 | 000,040,304 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klkbdflt.sys
[2015/10/24 11:44:46 | 000,039,792 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klmouflt.sys
[2015/10/24 11:44:43 | 000,226,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klhk.sys
[2015/10/24 11:44:40 | 000,247,016 | ---- | C] (Kaspersky Lab UK Ltd) -- C:\windows\SysNative\drivers\cm_km_w.sys
[2015/10/24 09:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
[2015/10/24 09:26:24 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\klfphc.dll
[2015/10/24 09:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2015/10/24 09:25:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2015/10/24 09:06:15 | 000,040,248 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\TURegOpt.exe
[2015/10/24 09:06:10 | 000,029,496 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\authuitu.dll
[2015/10/24 09:06:10 | 000,025,400 | ---- | C] (AVG Technologies) -- C:\windows\SysWow64\authuitu.dll
[2015/10/23 06:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2015/10/22 14:56:13 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\Documents\MEGAsync Downloads
[2015/10/22 14:53:26 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Local\Mega Limited
[2015/10/22 14:53:22 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
[2015/10/22 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Local\MEGAsync
[2015/10/22 02:46:13 | 004,268,032 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athwbx.sys
[2015/10/21 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\Documents\MGR
[2015/10/13 17:49:46 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Local\Eushully
[2015/10/12 16:51:23 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Roaming\Will
[2015/10/12 16:27:48 | 000,615,424 | ---- | C] (nobukichi) -- C:\windows\tsakuninst.exe
[2015/10/12 15:27:23 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Local\AreaZero
[2015/10/12 15:24:50 | 000,615,424 | ---- | C] (nobukichi) -- C:\windows\tsauninst.exe
[2015/10/11 20:31:55 | 000,000,000 | ---D | C] -- C:\windows\MRLH
[2015/10/08 15:10:13 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Roaming\SUPERAntiSpyware.com
[2015/10/08 15:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2015/10/08 15:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2015/10/08 15:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2015/10/08 14:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes Anti-Exploit
[2015/10/08 14:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Exploit
[2015/10/08 14:24:40 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/10/08 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/10/08 12:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/10/08 12:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2015/10/08 12:48:46 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Roaming\Sun
[2015/10/08 12:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\.oracle_jre_usage
[2015/10/02 09:02:26 | 000,242,688 | ---- | C] (QUALCOMM Incorporated) -- C:\windows\SysNative\drivers\qcusbser.sys
[2015/10/02 08:56:44 | 000,808,960 | ---- | C] (AMD) -- C:\windows\SysNative\coinst_13.352.dll
[2015/10/02 08:56:38 | 000,190,976 | ---- | C] (AMD) -- C:\windows\SysNative\atitmm64.dll
[2015/10/02 08:56:32 | 000,031,232 | ---- | C] (AMD) -- C:\windows\SysNative\atimuixx.dll
[2015/10/02 08:56:30 | 000,590,848 | ---- | C] (AMD) -- C:\windows\SysNative\atieclxx.exe
[2015/10/02 08:56:30 | 000,240,128 | ---- | C] (AMD) -- C:\windows\SysNative\atiesrxx.exe
[2015/10/02 08:56:21 | 000,065,024 | ---- | C] (Khronos Group) -- C:\windows\SysNative\OpenCL.dll
[2015/10/02 08:56:21 | 000,058,880 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\OpenCL.dll
[2015/10/02 08:55:17 | 000,083,160 | ---- | C] (Realtek Semiconductor.) -- C:\windows\SysNative\RtCRX64.dll
[2015/10/02 08:48:57 | 000,885,504 | ---- | C] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2015/10/02 08:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
[2015/10/02 08:37:36 | 000,034,080 | ---- | C] (IObit) -- C:\windows\SysNative\SmartDefragBootTime.exe
[2015/10/02 08:37:35 | 000,128,288 | ---- | C] (IObit) -- C:\windows\SysWow64\IObitSmartDefragExtension.dll
[2015/10/02 08:37:34 | 000,128,288 | ---- | C] (IObit) -- C:\windows\SysNative\IObitSmartDefragExtension.dll
[2015/10/02 08:37:31 | 000,021,184 | ---- | C] (IObit) -- C:\windows\SysNative\drivers\SmartDefragDriver.sys
[2015/10/02 08:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
[2015/10/02 08:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2015/10/02 08:33:02 | 000,026,528 | ---- | C] (REALiX(tm)) -- C:\windows\SysWow64\drivers\HWiNFO64A.SYS
[2015/10/02 08:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2015/10/02 06:34:31 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Roaming\Apple Computer
[2015/10/02 06:34:21 | 000,000,000 | ---D | C] -- C:\windows\tasks\ImCleanDisabled
[2015/10/02 06:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2015/10/02 06:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IObit
[2015/10/02 06:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
[2015/10/02 06:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2015/10/02 06:34:02 | 000,000,000 | ---D | C] -- C:\Users\Mitchell\AppData\Roaming\IObit
[2015/10/01 01:21:08 | 000,000,000 | ---D | C] -- C:\windows\pss
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2015/10/28 13:43:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/10/28 12:12:26 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/10/28 11:42:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/10/28 11:40:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/10/28 11:40:10 | 2958,184,448 | -HS- | M] () -- C:\hiberfil.sys
[2015/10/28 11:39:42 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\spu_storage.bin
[2015/10/26 12:26:04 | 000,497,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2015/10/26 05:00:27 | 000,414,559 | ---- | M] () -- C:\windows\SysNative\ApnDatabase.xml
[2015/10/26 04:16:43 | 000,000,262 | ---- | M] () -- C:\windows\tasks\ASC8_SkipUac_Mitchell.job
[2015/10/24 19:01:38 | 000,000,892 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player PPAPI Notifier.job
[2015/10/24 11:43:42 | 000,190,648 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kneps.sys
[2015/10/24 11:43:42 | 000,085,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klwtp.sys
[2015/10/24 11:43:42 | 000,077,680 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klwfp.sys
[2015/10/24 11:43:41 | 000,024,944 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klpd.sys
[2015/10/24 11:43:40 | 000,817,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klif.sys
[2015/10/24 11:43:40 | 000,039,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klim6.sys
[2015/10/24 11:43:39 | 000,159,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klflt.sys
[2015/10/24 11:43:39 | 000,064,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kldisk.sys
[2015/10/24 11:43:38 | 000,478,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\kl1.sys
[2015/10/24 09:47:05 | 000,039,792 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klmouflt.sys
[2015/10/24 09:47:04 | 000,040,304 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klkbdflt.sys
[2015/10/24 09:46:59 | 000,226,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\klhk.sys
[2015/10/24 09:46:48 | 000,247,016 | ---- | M] (Kaspersky Lab UK Ltd) -- C:\windows\SysNative\drivers\cm_km_w.sys
[2015/10/24 02:25:22 | 000,000,358 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMitchell.job
[2015/10/23 13:01:12 | 507,700,262 | ---- | M] () -- C:\windows\MEMORY.DMP
[2015/10/22 14:56:03 | 000,001,038 | ---- | M] () -- C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
[2015/10/22 07:52:18 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/10/22 07:52:18 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/10/22 07:52:18 | 000,000,530 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task cf9539b6-39fc-4116-bf8b-811109690dd1.job
[2015/10/22 07:52:18 | 000,000,530 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9bc93637-dd7a-4939-8399-0219e29d2574.job
[2015/10/22 02:46:13 | 004,268,032 | ---- | M] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athwbx.sys
[2015/10/21 06:17:05 | 000,007,609 | ---- | M] () -- C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg
[2015/10/15 20:05:16 | 000,891,920 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/10/15 20:05:16 | 000,731,100 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/10/15 20:05:16 | 000,153,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/10/08 12:33:38 | 000,002,398 | ---- | M] () -- C:\Users\Mitchell\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/10/05 09:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2015/10/05 09:50:10 | 000,109,272 | ---- | M] (Malwarebytes) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) -- C:\windows\SysNative\drivers\mbam.sys
[2015/10/04 06:54:43 | 000,001,547 | ---- | M] () -- C:\Users\Mitchell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015/10/02 09:02:26 | 000,242,688 | ---- | M] (QUALCOMM Incorporated) -- C:\windows\SysNative\drivers\qcusbser.sys
[2015/10/02 08:56:44 | 000,808,960 | ---- | M] (AMD) -- C:\windows\SysNative\coinst_13.352.dll
[2015/10/02 08:56:44 | 000,234,804 | ---- | M] () -- C:\windows\SysNative\ativvaxy_cik.dat
[2015/10/02 08:56:44 | 000,233,008 | ---- | M] () -- C:\windows\SysNative\ativvaxy_cik_nd.dat
[2015/10/02 08:56:44 | 000,230,912 | ---- | M] () -- C:\windows\SysNative\clinfo.exe
[2015/10/02 08:56:44 | 000,138,832 | ---- | M] () -- C:\windows\SysNative\samu_krnl_isv_ci.sbin
[2015/10/02 08:56:44 | 000,138,832 | ---- | M] () -- C:\windows\SysNative\samu_krnl_ci.sbin
[2015/10/02 08:56:44 | 000,082,112 | ---- | M] () -- C:\windows\SysNative\ativce02.dat
[2015/10/02 08:56:44 | 000,042,544 | ---- | M] () -- C:\windows\SysNative\kapp_ci.sbin
[2015/10/02 08:56:44 | 000,038,544 | ---- | M] () -- C:\windows\SysNative\kapp_si.sbin
[2015/10/02 08:56:43 | 003,471,376 | ---- | M] () -- C:\windows\SysWow64\atiumdva.cap
[2015/10/02 08:56:40 | 003,437,632 | ---- | M] () -- C:\windows\SysNative\atiumd6a.cap
[2015/10/02 08:56:38 | 000,190,976 | ---- | M] (AMD) -- C:\windows\SysNative\atitmm64.dll
[2015/10/02 08:56:32 | 000,031,232 | ---- | M] (AMD) -- C:\windows\SysNative\atimuixx.dll
[2015/10/02 08:56:30 | 000,734,861 | ---- | M] () -- C:\windows\SysNative\atiicdxx.dat
[2015/10/02 08:56:30 | 000,590,848 | ---- | M] (AMD) -- C:\windows\SysNative\atieclxx.exe
[2015/10/02 08:56:30 | 000,240,128 | ---- | M] (AMD) -- C:\windows\SysNative\atiesrxx.exe
[2015/10/02 08:56:22 | 000,577,864 | ---- | M] () -- C:\windows\SysWow64\atiapfxx.blb
[2015/10/02 08:56:22 | 000,577,864 | ---- | M] () -- C:\windows\SysNative\atiapfxx.blb
[2015/10/02 08:56:21 | 000,065,024 | ---- | M] (Khronos Group) -- C:\windows\SysNative\OpenCL.dll
[2015/10/02 08:56:21 | 000,058,880 | ---- | M] (Khronos Group) -- C:\windows\SysWow64\OpenCL.dll
[2015/10/02 08:56:14 | 000,415,232 | ---- | M] () -- C:\windows\SysNative\amdmiracast.dll
[2015/10/02 08:56:09 | 000,134,144 | ---- | M] () -- C:\windows\SysNative\amdhdl64.dll
[2015/10/02 08:56:09 | 000,123,392 | ---- | M] () -- C:\windows\SysWow64\amdhdl32.dll
[2015/10/02 08:55:17 | 000,083,160 | ---- | M] (Realtek Semiconductor.) -- C:\windows\SysNative\RtCRX64.dll
[2015/10/02 08:48:57 | 000,885,504 | ---- | M] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2015/10/02 08:33:02 | 000,026,528 | ---- | M] (REALiX(tm)) -- C:\windows\SysWow64\drivers\HWiNFO64A.SYS
[2015/10/02 06:40:08 | 000,002,347 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2015/10/01 09:38:28 | 000,001,034 | ---- | M] () -- C:\Users\Mitchell\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2015/10/26 05:00:27 | 000,414,559 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2015/10/24 09:05:55 | 000,002,240 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
[2015/10/23 06:15:17 | 000,001,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[2015/10/22 14:56:03 | 000,001,038 | ---- | C] () -- C:\Users\Mitchell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
[2015/10/21 06:17:05 | 000,007,609 | ---- | C] () -- C:\Users\Mitchell\AppData\Local\Resmon.ResmonCfg
[2015/10/19 22:05:32 | 507,700,262 | ---- | C] () -- C:\windows\MEMORY.DMP
[2015/10/08 15:10:20 | 000,000,530 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task cf9539b6-39fc-4116-bf8b-811109690dd1.job
[2015/10/08 15:10:20 | 000,000,530 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 9bc93637-dd7a-4939-8399-0219e29d2574.job
[2015/10/08 12:32:42 | 000,000,916 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/10/08 12:32:40 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/10/02 08:56:44 | 000,234,804 | ---- | C] () -- C:\windows\SysNative\ativvaxy_cik.dat
[2015/10/02 08:56:44 | 000,233,008 | ---- | C] () -- C:\windows\SysNative\ativvaxy_cik_nd.dat
[2015/10/02 08:56:44 | 000,230,912 | ---- | C] () -- C:\windows\SysNative\clinfo.exe
[2015/10/02 08:56:44 | 000,138,832 | ---- | C] () -- C:\windows\SysNative\samu_krnl_isv_ci.sbin
[2015/10/02 08:56:44 | 000,138,832 | ---- | C] () -- C:\windows\SysNative\samu_krnl_ci.sbin
[2015/10/02 08:56:44 | 000,082,112 | ---- | C] () -- C:\windows\SysNative\ativce02.dat
[2015/10/02 08:56:44 | 000,042,544 | ---- | C] () -- C:\windows\SysNative\kapp_ci.sbin
[2015/10/02 08:56:44 | 000,038,544 | ---- | C] () -- C:\windows\SysNative\kapp_si.sbin
[2015/10/02 08:56:42 | 003,471,376 | ---- | C] () -- C:\windows\SysWow64\atiumdva.cap
[2015/10/02 08:56:39 | 003,437,632 | ---- | C] () -- C:\windows\SysNative\atiumd6a.cap
[2015/10/02 08:56:30 | 000,734,861 | ---- | C] () -- C:\windows\SysNative\atiicdxx.dat
[2015/10/02 08:56:22 | 000,577,864 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2015/10/02 08:56:22 | 000,577,864 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2015/10/02 08:56:13 | 000,415,232 | ---- | C] () -- C:\windows\SysNative\amdmiracast.dll
[2015/10/02 08:56:09 | 000,134,144 | ---- | C] () -- C:\windows\SysNative\amdhdl64.dll
[2015/10/02 08:56:09 | 000,123,392 | ---- | C] () -- C:\windows\SysWow64\amdhdl32.dll
[2015/10/02 08:37:45 | 000,000,262 | ---- | C] () -- C:\windows\tasks\ASC8_SkipUac_Mitchell.job
[2015/08/07 20:03:28 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2015/04/22 20:52:45 | 000,107,008 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2015/04/22 20:48:58 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2015/04/22 07:24:06 | 000,000,256 | -H-- | C] () -- C:\windows\SysWow64\LTAW14FN.BIN
[2015/04/22 07:24:06 | 000,000,256 | -H-- | C] () -- C:\windows\SysWow64\FJLTAFOU.BIN
[2015/04/04 16:17:24 | 000,000,000 | -HS- | C] () -- C:\Users\Mitchell\AppData\Local\LumaEmu
[2015/04/03 09:59:10 | 000,000,056 | ---- | C] () -- C:\windows\kgt2k.INI
[2015/04/02 16:17:10 | 000,778,752 | ---- | C] () -- C:\windows\SysWow64\RGSS102E.dll
[2015/04/02 16:17:10 | 000,761,856 | ---- | C] () -- C:\windows\SysWow64\RGSS104J.dll
[2015/04/02 16:17:10 | 000,758,272 | ---- | C] () -- C:\windows\SysWow64\RGSS104E.dll
[2015/04/02 16:17:10 | 000,685,056 | ---- | C] () -- C:\windows\SysWow64\RGSS103J.dll
[2015/04/02 16:17:09 | 000,781,312 | ---- | C] () -- C:\windows\SysWow64\RGSS102J.dll
[2015/04/02 16:17:09 | 000,771,584 | ---- | C] () -- C:\windows\SysWow64\RGSS100J.dll
[2015/03/26 14:20:41 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini
[2014/01/27 04:22:44 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2014/01/27 04:22:44 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2014/01/27 04:22:40 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2014/01/27 04:22:28 | 000,995,342 | ---- | C] () -- C:\windows\SysWow64\amdocl_as32.exe
[2014/01/27 04:22:28 | 000,798,734 | ---- | C] () -- C:\windows\SysWow64\amdocl_ld32.exe
========== ZeroAccess Check ==========
[2013/12/11 17:05:38 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/10/23 09:42:03 | 022,372,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/10/23 09:42:03 | 019,795,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 20:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 19:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 20:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2015/04/07 15:00:09 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Acapela Group
[2015/04/01 10:20:02 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\AMD
[2015/06/02 10:51:44 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\AVG
[2015/04/20 06:04:34 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Battle.net
[2015/04/27 07:42:10 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Clickteam
[2015/10/26 15:51:19 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\DAEMON Tools Pro
[2015/09/26 23:23:37 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\DRPSu
[2015/10/07 23:40:24 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\dungmachi
[2015/09/21 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Easy2Convert
[2015/04/22 07:27:42 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Fujitsu
[2015/04/01 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Injustice
[2015/10/28 11:29:35 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\IObit
[2015/03/27 09:28:37 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\JetBrains
[2015/09/22 21:18:24 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Kalypso Media
[2015/04/01 07:29:58 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\library_dir
[2015/10/28 13:56:47 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\MediaMonkey
[2015/03/24 10:45:24 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\MotioninJoy
[2015/04/07 15:35:23 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\OpenOffice
[2015/08/03 03:52:49 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Opera Software
[2015/05/02 06:51:11 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\org.sakuradite.browser
[2015/04/22 14:48:08 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\org.sakuradite.reader
[2015/06/21 12:23:39 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\PlayFirst
[2015/10/19 07:15:17 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Pro Cycling Manager 2015
[2015/08/08 05:19:42 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\RadeonPro
[2015/04/23 18:09:28 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Raptr
[2015/05/01 07:55:01 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\RenPy
[2015/06/09 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Steam
[2015/06/08 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\The Creative Assembly
[2015/06/02 11:01:02 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\TuneUp Software
[2015/10/12 16:51:23 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\Will
[2015/03/24 10:44:19 | 000,000,000 | ---D | M] -- C:\Users\Mitchell\AppData\Roaming\{65C209F0-0153-4404-950E-20CDBC159EC5}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 74 bytes -> C:\Users\Mitchell\SkyDrive:ms-properties
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:439E3411
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 220 bytes -> C:\Users\Mitchell\OneDrive:ms-properties
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:80E965A3
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F

< End of report >





AdwCleaner report

# AdwCleaner v5.015 - Logfile created 28/10/2015 at 11:37:48
# Updated 26/10/2015 by Xplode
# Database : 2015-10-26.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Mitchell - THOMAS
# Running from : C:\Users\Mitchell\Downloads\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\2purzlgc.default\Extensions\[email protected]

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\2purzlgc.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
[-] Key Deleted : HKCU\Software\Classes\CLSID\{AD4409E5-23C2-412B-849D-8FC0635B4073}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{AEE9D70C-6C9E-4B27-9F2C-8F14E95BEEF6}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{DD20920E-515A-4342-85E3-FC9A9FDA55C2}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{92FDEF05-B35E-4806-B87F-8B66AB649997}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9F0BF664-B611-4C53-AEEA-FDBFCE6E3CA3}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A8BD93E8-F6AE-4F02-828D-DE47FEC4D375}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Avg Secure Update
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update

***** [ Web browsers ] *****

[-] [C:\Users\Mitchell\AppData\Roaming\Mozilla\Firefox\Profiles\2purzlgc.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4157 bytes] ##########






Malwarebytes Anti-Malware

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327974
Time Elapsed: 26 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [a8ad5c001a71191da8237a317c87e21e],
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [d1849fbde5a6092d814a5b5021e28779],

Registry Values: 2
RiskWare.IFEOHijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", Quarantined, [a8ad5c001a71191da8237a317c87e21e]
RiskWare.IFEOHijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", Quarantined, [d1849fbde5a6092d814a5b5021e28779]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
johnb35

johnb35

Administrator
Staff member
Did you run Junkware removal tool yet? You should have ran it before running the OTL program. A lot of unnecessary software installed that will need to be removed. If you haven't ran junkware removal tool yet please do so now and then rerun OTL and post both logs, OTL.txt and extras.txt.
 
M

MitchMatch

New Member
yea Junkware refuses to finish the scan. Closes when it starts to scans Firefox, right after Internet Explorer and does not get to Chrome. Five people use this pc so we have most of the browsers is that a problem?
 
johnb35

johnb35

Administrator
Staff member
Boot to safe mode and run Junkware removal tool. No problem with having all the browsers on the system. I'm more concerned with certain software you have installed.
 
johnb35

johnb35

Administrator
Staff member
Ok, lets see if you have a rootkit going on. Download and run this.

Please download and run TDSSkiller

When the program opens, click on change parameters, click on detect tdlfs file system, click ok, click on the start scan button.

tdssstartscan_zps32a151cd.jpg


TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

2663-2-eng.png


To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

2663_3_en.png


Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.
 
M

MitchMatch

New Member
Ok nothing was found in the scan should I try it from safe mode too? Here is the log.
seems i cant paste it
also Im going to have to get off for the night soory and thank you for your help today
 

Attachments

  • TDSSKiller.3.1.0.5_28.10.2015_19.34.49_log.txt
    483 KB · Views: 1
johnb35

johnb35

Administrator
Staff member
No, you don't need to try it from safe mode. When you get a chance rerun OTL but this time copy and paste the following into the custom scan/fixes box at the bottom and then click on the run fix button up top.

Code: 
:OTL
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:439E3411
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:BDD83DC4
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:80E965A3
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F

After running that, reboot system and test for redirects and let me know.
 
M

MitchMatch

New Member
Ok so I have not run into the utrack page again, so I wanna say thanks for that! I still cant run junkware, and new tabs pop up when I click on links, so no more redirects but having tabs opening
 
voyagerfan99

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
MitchMatch said:
Ok so I have not run into the utrack page again, so I wanna say thanks for that! I still cant run junkware, and new tabs pop up when I click on links, so no more redirects but having tabs opening
Click to expand...
What browser are you using?
 
voyagerfan99

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
Check your add-ons and make sure you know what all of them are. If there are any you don't recognize, remove them.
 
voyagerfan99

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
Are you still getting pop-ups now? I'd also try re-running JRT now that you removed those add-ons.
 
You must log in or register to reply here.
Top