Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Pop Ups Going Crazy. One-Click Pop Ups.

This is a discussion on Pop Ups Going Crazy. One-Click Pop Ups. within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I should mention that I'm running Windows 7 and using the Chrome browser. For the past few days I've been


Closed Thread
 
Thread Tools Search this Thread
Old 07-26-2016, 08:14 PM   #1
Registered Member
 
Join Date: Jul 2016
Posts: 4
OS: Windows 7 Premium



I should mention that I'm running Windows 7 and using the Chrome browser.
For the past few days I've been getting crazy pop-ups. It doesn't matter what site I'm on, if I make a single click anywhere on the page a new tab will open and direct me to a site (usually telling me that my computer is infected and i need to download some software) or it'll be an entirely new window pop-up. Every day I've ran AVG, Malwarebytes, Spybot, & FreeFixer. After doing so it seems like my computer will be fixed for a short while and then it will start happening again. I'm not going to any sites that would potentially put that type of stuff on my computer (i.e. porn). I pretty much stick to google searches that would take me to normal secured sites and then Netflix.
Today i decided to try running my computer in Safe Mode w/ Networking and then ran all of those cleaning programs. Just like the past few days, it finds problems, I fix it using the software, and then later in the evening the problem reoccurs. Any suggestions on how to fix this aggravating problem?
Thank you for your time.
cs225 is offline  
Sponsored Links
Advertisement
 
Old 07-27-2016, 10:35 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-27-2016, 02:50 PM   #3
Registered Member
 
Join Date: Jul 2016
Posts: 4
OS: Windows 7 Premium



Thank you for your reply. Here is the ADWCleaner result:

# AdwCleaner v5.201 - Logfile created 27/07/2016 at 16:44:24
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Insane - INSANE-PC
# Running from : C:\Users\Insane\Documents\Downloads (Chrome)\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[-] File Deleted : C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : FreeFixer background scan

***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [17238 bytes] - [24/07/2016 18:05:03]
C:\AdwCleaner\AdwCleaner[C2].txt - [2074 bytes] - [27/07/2016 16:44:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [17192 bytes] - [24/07/2016 18:02:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [2157 bytes] - [27/07/2016 16:41:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2294 bytes] ##########
cs225 is offline  
Sponsored Links
Advertisement
 
Old 07-27-2016, 02:57 PM   #4
Registered Member
 
Join Date: Jul 2016
Posts: 4
OS: Windows 7 Premium



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Insane (administrator) on INSANE-PC (27-07-2016 16:51:16)
Running from C:\Users\Insane\Desktop
Loaded Profiles: Insane (Available Profiles: Insane)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Airytec) C:\Program Files\Airytec\Switch Off\swoff.exe
() C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Voyetra Turtle Beach, Inc.) C:\Program Files (x86)\Turtle Beach\Riviera\TBRivieraTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Turtle Beach Riviera] => C:\Program Files (x86)\Turtle Beach\Riviera\TBRivieraTray.exe [1613824 2009-08-15] (Voyetra Turtle Beach, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6723856 2016-07-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-06-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [433160 2015-09-04] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\Run: [Airytec Switch Off] => C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec)
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {09fe3d10-f2bf-11e5-8c43-dd7960ef21b2} - L:\windows\AutoRun.exe
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {2631e33a-f451-11e5-bbdf-e1356a19928c} - L:\windows\AutoRun.exe
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {b89c6470-d1da-11e5-b415-98eaa4464048} - L:\TL-Bootstrap.exe
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {fd835980-ae23-11e5-a138-88adb0e19cbc} - K:\menu.exe
HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\DEEP_S~1.SCR [2527256 2013-04-05] (3Planesoft)
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Insane\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
ShellIconOverlayIdentifiers: [4SyncIconOverlayEnable] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => No File
ShellIconOverlayIdentifiers: [4SyncIconOverlayError] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No File
ShellIconOverlayIdentifiers: [4SyncIconOverlayOk] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No File
ShellIconOverlayIdentifiers: [4SyncIconOverlayUpdate] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No File
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk [2016-07-24]
ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files (x86)\Belkin\F9L1101\V1\PBN.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{194B7D03-E3CE-4BA2-8C4B-37993525D5B3}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{2E575FC1-1DB1-46D6-8C2B-6F1C62745C59}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{3508569F-E9E5-4BBF-B803-387110EFF707}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{50C01396-3158-4DB5-8EEE-A0C80E02BB92}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{616335ED-3754-46CB-9BC7-137971DA5460}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{616335ED-3754-46CB-9BC7-137971DA5460}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A5D54DEC-78EC-418D-88A5-601C00B5DCA2}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C60847CA-4DAC-411D-AA4F-6E61BEAED179}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C60847CA-4DAC-411D-AA4F-6E61BEAED179}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F1DD836B-561E-4E0F-9C81-BE33781FFFED}: [NameServer] 8.8.8.8,8.8.8.8,208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F1DD836B-561E-4E0F-9C81-BE33781FFFED}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3048449649-1022383015-3838355439-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3048449649-1022383015-3838355439-1000 -> {36F5FF38-C6A8-48F6-A739-8A48B2A9FFC4} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Browserv3.1.Apps -> {11111111-1111-1111-1111-110611991117} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-05-22] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-05-22] (Oracle Corporation)
BHO-x32: Browserv3.1.Apps -> {11111111-1111-1111-1111-110611991117} -> No File
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Insane\AppData\Roaming\Mozilla\Firefox\Profiles\snghv2uv.default
FF NewTab: about:newtab
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_kngo_16_20&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyyEyEyEyDtByByDyBzy0A0CtA0C0CtAtN0D0Tzu0StCyCtDtAtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDyB0E0ByB0EtBtGyB0Dzy0AtGzz0EyC0BtGyD0B0F0DtG0EyCtDyEtCtB0B0CyDyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0FtAyE0DtCtCtGtC0E0DzytGyE0EzzyBtG0AtDzy0CtGyEtAzytAzz0AyCtDtC0F0F0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzyzyzz%26cr%3D3235001%26a%3Dwncy_kngo_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-05-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-05-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2015-10-28] (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-05-24] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qq.com/npQQGameAssist -> C:\Program Files\Tencent\QQGame\npQQGameAssistPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3048449649-1022383015-3838355439-1000: @1.qq.com/npqqwebgame -> C:\Users\Insane\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-24]
CHR Extension: (TorrentStream Helper) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebaaacomjclfgnkmaeaneljmfgkofphc [2016-03-16]
CHR Extension: (Torrent Turbo Search App) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2016-03-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-13]
CHR Extension: (Torrent Stream) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\icocmgpofpimcojhefbcfbdldkmndpgj [2016-03-16]
CHR Extension: (Video download helper) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Profile: C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-17]
CHR Extension: (No Name) - C:\Users\Insane\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ldcccbolclahdbkahlppenfodnheapah [2015-01-17]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nlbejmccbhkncgokjcmghpfloaajcffj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [637944 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5251808 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712792 2016-07-22] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (BitComet - A free C++ BitTorrent/HTTP/FTP Download Client)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-09-09] () [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2729592 2016-07-19] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103168 2016-07-19] ()
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-08] (AVG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F9L1101\V1\wlansrv.exe [86016 2012-10-05] () [File not signed]
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGo Retro\DriverInstall.exe [103576 2015-11-04] (Wondershare)
S2 QQMicroGameBoxService; C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.9\QQMicroGameBoxService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appliand; C:\Windows\System32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [310016 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [249088 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [280320 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [76544 2016-06-01] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-05-22] (C-Media Inc)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HTCAND64; C:\Windows\SysWOW64\Drivers\ANDROIDUSB.sys [25728 2010-08-07] (Google Inc)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
S3 massfilter_hs; C:\Windows\SysWOW64\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated) [File not signed]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-11-12] (Anchorfree Inc.)
R1 TenCommProtect; C:\Windows\system32\drivers\TenCommProtect64.sys [47736 2016-06-02] (Tencent)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2015-02-02] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 16:51 - 2016-07-27 16:52 - 00023933 _____ C:\Users\Insane\Desktop\FRST.txt
2016-07-27 16:51 - 2016-07-27 16:51 - 00000000 ____D C:\FRST
2016-07-27 16:48 - 2016-07-27 16:48 - 00000000 ____H C:\ProgramData\cm-lock
2016-07-27 16:41 - 2016-07-27 16:41 - 02394112 _____ (Farbar) C:\Users\Insane\Desktop\FRST64.exe
2016-07-27 16:31 - 2016-07-27 16:47 - 00000022 _____ C:\Windows\S.dirmngr
2016-07-24 21:34 - 2016-07-24 22:38 - 00000000 ____D C:\Users\Insane\AppData\Roaming\FreeFixer
2016-07-24 21:34 - 2016-07-24 21:56 - 00000000 ____D C:\Users\Insane\AppData\Local\FreeFixer
2016-07-24 21:34 - 2016-07-24 21:34 - 00000000 ____D C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-07-24 21:34 - 2016-07-24 21:34 - 00000000 ____D C:\Program Files\FreeFixer
2016-07-24 18:02 - 2016-07-27 16:44 - 00000000 ____D C:\AdwCleaner
2016-07-23 16:54 - 2016-07-24 10:10 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-21 21:59 - 2016-07-24 10:09 - 00001780 _____ C:\Users\Insane\Desktop\PeerBlock.lnk
2016-07-21 21:59 - 2016-07-21 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2016-07-21 17:40 - 2011-03-01 17:26 - 00270848 _____ (Teckda) C:\Users\Insane\Desktop\Minecraft.exe
2016-07-18 22:31 - 2016-07-18 22:31 - 00000109 _____ C:\Users\Insane\Desktop\Bills (7-18-16).txt
2016-07-12 20:28 - 2016-07-24 10:09 - 00000785 _____ C:\Users\Insane\Desktop\Start Tor Browser.lnk
2016-07-12 18:58 - 2016-06-11 01:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-12 18:58 - 2016-06-10 23:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-12 18:58 - 2016-06-10 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-12 18:58 - 2016-06-10 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-12 18:58 - 2016-06-10 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-12 18:58 - 2016-06-10 16:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-12 18:58 - 2016-06-10 16:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-12 18:58 - 2016-06-10 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-12 18:58 - 2016-06-10 15:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-12 18:58 - 2016-06-10 15:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-12 18:58 - 2016-06-10 15:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-12 18:58 - 2016-06-10 14:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-12 18:58 - 2016-06-10 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-12 18:58 - 2016-06-10 13:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-12 18:58 - 2016-06-10 13:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-12 18:58 - 2016-06-10 13:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-12 18:58 - 2016-06-10 13:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-12 18:58 - 2016-06-10 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-12 18:58 - 2016-06-10 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-12 18:58 - 2016-06-10 13:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-12 18:58 - 2016-06-10 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-12 18:58 - 2016-06-10 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-12 18:58 - 2016-06-10 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-12 18:58 - 2016-06-10 13:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-12 18:58 - 2016-06-10 13:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-12 18:58 - 2016-06-10 13:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-12 18:58 - 2016-06-10 13:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-12 18:58 - 2016-06-10 13:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-12 18:58 - 2016-06-10 13:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-12 18:58 - 2016-06-10 12:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-12 18:58 - 2016-06-10 12:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-12 18:57 - 2016-06-25 19:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-12 18:57 - 2016-06-25 19:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-12 18:57 - 2016-06-25 19:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-12 18:57 - 2016-06-25 19:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-12 18:57 - 2016-06-25 19:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-12 18:57 - 2016-06-25 19:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-12 18:57 - 2016-06-25 19:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-12 18:57 - 2016-06-25 14:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-12 18:57 - 2016-06-25 14:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-12 18:57 - 2016-06-25 14:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-12 18:57 - 2016-06-25 14:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-12 18:57 - 2016-06-25 14:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-12 18:57 - 2016-06-22 08:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-12 18:57 - 2016-06-17 13:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-12 18:57 - 2016-06-17 13:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-12 18:57 - 2016-06-17 13:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-12 18:57 - 2016-06-17 13:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-12 18:57 - 2016-06-17 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-12 18:57 - 2016-06-17 13:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-12 18:57 - 2016-06-14 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-12 18:57 - 2016-06-10 16:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-12 18:57 - 2016-06-10 16:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-12 18:57 - 2016-06-10 16:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-12 18:57 - 2016-06-10 16:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-12 18:57 - 2016-06-10 16:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-12 18:57 - 2016-06-10 16:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-12 18:57 - 2016-06-10 16:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-12 18:57 - 2016-06-10 16:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-12 18:57 - 2016-06-10 16:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-12 18:57 - 2016-06-10 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-12 18:57 - 2016-06-10 16:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-12 18:57 - 2016-06-10 15:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-12 18:57 - 2016-06-10 15:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-12 18:57 - 2016-06-10 15:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-12 18:57 - 2016-06-10 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-12 18:57 - 2016-06-10 15:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-12 18:57 - 2016-06-10 15:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-12 18:57 - 2016-06-10 15:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-12 18:57 - 2016-06-10 15:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-12 18:57 - 2016-06-10 15:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-12 18:57 - 2016-06-10 15:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-12 18:57 - 2016-06-10 14:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-12 18:57 - 2016-06-10 14:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-12 18:57 - 2016-06-10 14:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-12 18:57 - 2016-06-10 14:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-12 18:57 - 2016-06-10 13:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-12 18:57 - 2016-06-10 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-12 18:57 - 2016-06-10 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-12 18:57 - 2016-06-10 13:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-12 18:57 - 2016-06-10 13:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-12 18:57 - 2016-06-10 13:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-12 18:57 - 2016-06-10 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-12 18:57 - 2016-06-10 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-12 18:57 - 2016-06-10 12:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-12 18:57 - 2016-06-10 12:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-29 18:39 - 2016-07-24 10:10 - 00001042 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2016-06-29 18:38 - 2016-07-21 21:54 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-06-29 18:38 - 2016-07-21 21:54 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-06-29 18:38 - 2016-06-29 18:38 - 00000000 ____D C:\Users\Insane\AppData\Roaming\Hotspot Shield
2016-06-29 18:38 - 2016-06-29 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2016-06-29 18:20 - 2016-06-29 18:26 - 00000000 ____D C:\Program Files (x86)\Hide My IP 6
2016-06-29 18:20 - 2016-06-29 18:20 - 00002752 _____ C:\Windows\system32\HideMyIpSRVOff.ini
2016-06-29 18:20 - 2015-04-26 14:39 - 00460288 _____ (Hide My IP) C:\Windows\system32\HMIPCore64.dll
2016-06-29 18:20 - 2015-04-26 14:38 - 00353280 _____ (Hide My IP) C:\Windows\SysWOW64\HMIPCore.dll
2016-06-28 17:08 - 2016-06-28 17:08 - 00000000 ____D C:\Windows\SysWOW64\Hotspot Shield
2016-06-28 17:03 - 2016-06-28 17:03 - 00000000 ____D C:\Users\Insane\AppData\Local\CrashRpt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 16:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-07-27 16:47 - 2016-02-12 18:29 - 00000000 ____D C:\Users\Insane\AppData\Local\HTC MediaHub
2016-07-27 16:47 - 2016-01-17 22:32 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-07-27 16:46 - 2015-01-22 18:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-27 16:46 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-27 16:44 - 2009-07-13 23:45 - 00022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-27 16:44 - 2009-07-13 23:45 - 00022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-27 16:41 - 2015-02-06 17:29 - 00000000 ____D C:\Users\Insane\Documents\Downloads (Chrome)
2016-07-27 16:34 - 2015-07-12 21:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-27 16:34 - 2015-01-17 22:06 - 00000000 ____D C:\ProgramData\MFAData
2016-07-27 01:00 - 2015-01-16 23:54 - 00000000 ____D C:\Program Files\PeerBlock
2016-07-27 00:53 - 2015-01-22 18:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-26 22:00 - 2015-01-17 14:59 - 00000605 _____ C:\Users\Insane\Desktop\TV Shows.txt
2016-07-26 21:17 - 2016-04-07 15:45 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2016-07-26 21:17 - 2015-10-29 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-07-26 18:37 - 2015-03-07 23:05 - 00116868 _____ C:\Windows\system32\avgrep.txt
2016-07-26 17:16 - 2015-03-07 23:04 - 00767028 _____ C:\Windows\ntbtlog.txt
2016-07-26 16:32 - 2015-10-14 19:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-25 18:17 - 2015-01-18 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-07-25 17:18 - 2015-03-24 12:58 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-07-24 22:58 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-24 17:47 - 2015-11-20 19:52 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-07-24 10:11 - 2016-05-22 14:21 - 00001172 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One Click Root.lnk
2016-07-24 10:11 - 2016-03-26 19:29 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-24 10:11 - 2016-03-22 20:18 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-24 10:11 - 2016-02-03 06:44 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-24 10:11 - 2015-08-23 22:04 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airytec Switch Off.lnk
2016-07-24 10:11 - 2015-03-16 12:19 - 00001388 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Advanced PDF Editor.lnk
2016-07-24 10:11 - 2015-03-10 15:06 - 00001247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Update.lnk
2016-07-24 10:11 - 2015-03-07 21:58 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2016-07-24 10:11 - 2015-03-05 18:38 - 00001383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-24 10:11 - 2015-03-01 22:20 - 00001843 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2016-07-24 10:11 - 2015-01-22 18:28 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-24 10:11 - 2015-01-17 01:42 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-24 10:11 - 2015-01-17 01:42 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-24 10:11 - 2009-07-13 23:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-24 10:11 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-24 10:11 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-24 10:11 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-24 10:11 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-24 10:10 - 2016-05-22 14:21 - 00001166 _____ C:\Users\Public\Desktop\One Click Root.lnk
2016-07-24 10:10 - 2016-05-15 17:00 - 00001338 _____ C:\Users\Public\Desktop\Wondershare TunesGo Retro.lnk
2016-07-24 10:10 - 2016-03-26 19:29 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-24 10:10 - 2016-03-22 20:22 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-24 10:10 - 2016-03-13 15:46 - 00001208 _____ C:\Users\Public\Desktop\AnyTrans.lnk
2016-07-24 10:10 - 2016-03-04 14:27 - 00001106 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-07-24 10:10 - 2016-02-18 17:19 - 00001306 _____ C:\Users\Public\Desktop\Play Dora Lost City.lnk
2016-07-24 10:10 - 2016-02-18 17:12 - 00002430 _____ C:\Users\Public\Desktop\Play Dora's Carnival 2 - At The Boardwalk.lnk
2016-07-24 10:10 - 2016-02-12 18:29 - 00002025 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2016-07-24 10:10 - 2015-11-22 15:10 - 00002021 _____ C:\Users\Public\Desktop\Kleopatra.lnk
2016-07-24 10:10 - 2015-11-22 15:10 - 00001119 _____ C:\Users\Public\Desktop\GPA.lnk
2016-07-24 10:10 - 2015-08-23 22:04 - 00000967 _____ C:\Users\Public\Desktop\Airytec Switch Off.lnk
2016-07-24 10:10 - 2015-04-19 09:36 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-24 10:10 - 2015-01-22 18:28 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-24 10:10 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-24 10:10 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-24 10:09 - 2016-02-18 18:12 - 00001941 _____ C:\Users\Insane\Desktop\Dora Saves The Crystal Kingdom.lnk
2016-07-24 10:09 - 2015-11-22 18:19 - 00001417 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-24 10:09 - 2015-09-29 17:23 - 00000833 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-07-24 10:09 - 2015-09-29 17:23 - 00000785 _____ C:\Users\Insane\Desktop\TOR.lnk
2016-07-24 10:09 - 2015-03-01 22:22 - 00001445 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\FLV to AVI MPEG WMV 3GP MP4 iPod Converter.lnk
2016-07-24 10:09 - 2015-02-22 23:37 - 00000909 _____ C:\Users\Insane\Desktop\AIMP3.lnk
2016-07-24 10:09 - 2015-01-16 23:47 - 00001417 _____ C:\Users\Insane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2016-07-24 08:38 - 2015-04-19 09:40 - 00000000 ____D C:\Users\Insane\AppData\Roaming\vlc
2016-07-23 23:55 - 2015-11-22 17:32 - 00000896 _____ C:\Windows\wininit.ini
2016-07-23 16:54 - 2015-10-14 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-23 16:54 - 2015-06-12 21:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-23 16:54 - 2015-03-05 18:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-23 16:54 - 2015-03-04 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-22 19:55 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-22 19:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-21 18:17 - 2016-03-18 16:46 - 00000000 ____D C:\Users\Insane\AppData\Roaming\.minecraft
2016-07-21 16:15 - 2015-01-17 12:45 - 00000000 ____D C:\Users\Insane\AppData\Roaming\BitComet
2016-07-20 15:48 - 2015-08-25 15:21 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 15:48 - 2015-08-25 15:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-18 22:32 - 2015-02-22 23:37 - 00000000 ____D C:\Users\Insane\AppData\Roaming\AIMP3
2016-07-15 15:57 - 2016-02-17 16:49 - 00000080 _____ C:\Users\Insane\Desktop\USAgencies Payments.txt
2016-07-14 20:35 - 2015-07-12 21:59 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 20:35 - 2015-07-12 21:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 20:35 - 2015-07-12 21:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 20:35 - 2015-07-12 21:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-14 20:35 - 2015-07-12 21:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 17:11 - 2009-07-13 23:45 - 00348520 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-13 17:08 - 2015-01-17 03:45 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-13 17:08 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 16:51 - 2015-01-17 00:34 - 00000000 ____D C:\Windows\system32\MRT
2016-07-13 16:45 - 2015-02-09 17:18 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 16:42 - 2015-01-17 00:34 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-12 20:24 - 2015-09-29 17:22 - 00000000 ____D C:\Users\Insane\Desktop\Tor Browser
2016-07-06 23:51 - 2015-01-17 14:38 - 00000000 ____D C:\Users\Insane\Documents\ConvertXtoDVD
2016-07-06 23:38 - 2015-03-01 22:21 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-07-04 13:05 - 2015-01-17 12:10 - 00000000 ____D C:\Users\Insane\Desktop\Desktop Pics
2016-06-29 17:57 - 2016-05-15 17:10 - 00000976 _____ C:\Windows\system32\Drivers\etc\hosts.txt
2016-06-29 16:22 - 2015-01-17 00:12 - 00000000 ____D C:\Users\Insane\Documents\Downloads (BitComet)
2016-06-28 20:54 - 2015-01-17 12:10 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-27 00:53 - 2016-06-01 00:53 - 00000000 ____D C:\Users\Insane\AppData\Local\{C2CBF497-E663-982F-8BFB-BDC7AF93415F}
2016-06-27 00:53 - 2016-05-22 12:53 - 00000162 _____ C:\Users\Insane\AppData\Roaming\WB.CFG

==================== Files in the root of some directories =======

2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Insane\AppData\Roaming\AQZCRCV
2015-01-17 12:48 - 2015-01-17 13:08 - 0099384 _____ () C:\Users\Insane\AppData\Roaming\inst.exe
2015-01-17 12:48 - 2015-01-17 13:08 - 0007859 _____ () C:\Users\Insane\AppData\Roaming\pcouffin.cat
2015-01-17 12:48 - 2015-01-17 13:08 - 0001167 _____ () C:\Users\Insane\AppData\Roaming\pcouffin.inf
2015-01-17 12:48 - 2015-01-17 13:08 - 0000055 _____ () C:\Users\Insane\AppData\Roaming\pcouffin.log
2015-01-17 12:48 - 2015-01-17 13:08 - 0082816 _____ (VSO Software) C:\Users\Insane\AppData\Roaming\pcouffin.sys
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Insane\AppData\Roaming\UJNQ
2016-05-22 12:53 - 2016-06-27 00:53 - 0000162 _____ () C:\Users\Insane\AppData\Roaming\WB.CFG
2016-05-15 16:41 - 2016-05-15 16:53 - 0000032 _____ () C:\Users\Insane\AppData\Local\temp.tmp
2016-07-27 16:48 - 2016-07-27 16:48 - 0000000 ____H () C:\ProgramData\cm-lock
2015-02-07 16:44 - 2016-02-02 15:44 - 0000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Insane\AppData\Local\Temp\libeay32.dll
C:\Users\Insane\AppData\Local\Temp\msvcr120.dll
C:\Users\Insane\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-27 21:59

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (48.6 KB, 15 views)
cs225 is offline  
Old 07-27-2016, 08:20 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello cs225.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.204 - AVG) Hidden
    AVG PC TuneUp 2014 (x32 Version: 14.0.1001.204 - AVG) Hidden
    Hotspot Shield 5.4.6 Embedded (x32 Version: 5.4.6.9728 - Buildbot) Hidden
    Task: {21CD37F0-CF5F-4838-A6AB-FEAF60882BCD} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
    Task: {7A0AF33B-B445-4FA0-A97E-C9E6D7FB6FDB} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {D34F0668-10F8-4707-9A4A-A70112175B5C} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {DE4D6CD7-0128-4652-AE3E-8B6E03D4B36E} - \Rest Download -> No File <==== ATTENTION
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {09fe3d10-f2bf-11e5-8c43-dd7960ef21b2} - L:\windows\AutoRun.exe
    HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {2631e33a-f451-11e5-bbdf-e1356a19928c} - L:\windows\AutoRun.exe
    HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {b89c6470-d1da-11e5-b415-98eaa4464048} - L:\TL-Bootstrap.exe
    HKU\S-1-5-21-3048449649-1022383015-3838355439-1000\...\MountPoints2: {fd835980-ae23-11e5-a138-88adb0e19cbc} - K:\menu.exe
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
    ShellIconOverlayIdentifiers: [4SyncIconOverlayEnable] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => No File
    ShellIconOverlayIdentifiers: [4SyncIconOverlayError] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => No File
    ShellIconOverlayIdentifiers: [4SyncIconOverlayOk] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => No File
    ShellIconOverlayIdentifiers: [4SyncIconOverlayUpdate] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => No File
    ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3048449649-1022383015-3838355439-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Browserv3.1.Apps -> {11111111-1111-1111-1111-110611991117} -> No File
    BHO-x32: Browserv3.1.Apps -> {11111111-1111-1111-1111-110611991117} -> No File
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_kngo_16_20&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyyEyEyEyDtByByDyBzy0A0CtA0C0CtAtN0D0Tzu0StCyCtDtAtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StDtDyB0E0ByB0EtBtGyB0Dzy0AtGzz0EyC0BtGyD0B0F0DtG0EyCtDyEtCtB0B0CyDyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0FtAyE0DtCtCtGtC0E0DzytGyE0EzzyBtG0AtDzy0CtGyEtAzytAzz0AyCtDtC0F0F0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzyzyzz%26cr%3D3235001%26a%3Dwncy_kngo_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin HKU\S-1-5-21-3048449649-1022383015-3838355439-1000: @1.qq.com/npqqwebgame -> C:\Users\Insane\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nlbejmccbhkncgokjcmghpfloaajcffj] - hxxps://clients2.google.com/service/update2/crx
    R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
    S2 QQMicroGameBoxService; C:\Program Files (x86)\Tencent\QQMicroGameBoxService\1.0.4.9\QQMicroGameBoxService.exe [X]
    C:\Program Files (x86)\Tencent
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2016, 09:36 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, cs225? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-01-2016, 01:28 PM   #7
Registered Member
 
Join Date: Jul 2016
Posts: 4
OS: Windows 7 Premium



I'm sorry that it's taking me to so long. I have been super busy with work. It still make take me a couple more days to be able to do the process but I am still interested. Thanks again for your help and patience.
cs225 is offline  
Old 08-01-2016, 07:33 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. OK. Just let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-20-2016, 06:43 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:48 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts