1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Suspicious and unknown virus help!

Discussion in 'Malware Removal Help' started by pbsol, Oct 26, 2015.

  1. pbsol

    pbsol Registered Members

    Joined:
    Oct 23, 2015
    Messages:
    11
    Location:
    Pakistan
    Operating System:
    Windows 7
    The malware removed and problem has been solved. However the required logs are as follows

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 26/10/2015
    Scan Time: 2:47 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.10.26.02
    Rootkit Database: v2015.10.23.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: it

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 313170
    Time Elapsed: 9 min, 31 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.ApplicationHosting, C:\ProgramData\ApplicationHosting\ApplicationHosting.exe, 2092, Delete-on-Reboot, [0684c79419722313af503b5a52b1a858]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 6
    PUP.Optional.ApplicationHosting, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ApplicationHosting, Quarantined, [0684c79419722313af503b5a52b1a858],
    PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, Quarantined, [d1b9a3b8f4970b2b31e77323e81bc13f],
    PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, Quarantined, [107a312ac1ca42f462e36ada61a238c8],
    PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ApplicationHosting_RASAPI32, Quarantined, [0c7eca9158333bfba15fbcdaeb187a86],
    PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ApplicationHosting_RASMANCS, Quarantined, [e6a4bd9e6922f93dfc044b4ba261936d],
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Quarantined, [4644312a701b2b0b01a9036e5da50ef2],

    Registry Values: 8
    PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, Quarantined, [107a312ac1ca42f462e36ada61a238c8]
    PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Quarantined, [fe8c87d4e9a265d1bd896ed6bf440ff1]
    PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Quarantined, [f7930d4ef8935cdaa3a4f54fc2419c64]
    PUP.Optional.Linkury, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\ENVIRONMENT|SNP, http://feed.snapdo.com?publisher=AP...ate=17/10/2015&barcodeid=50027003&channelid=3, Quarantined, [99f17dde1d6e2610e13fb0b93ac9c63a]
    PUP.Optional.Linkury, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\ENVIRONMENT|SNF, C:\ProgramData\Spanpluss\snp.sc, Quarantined, [7812cc8fcdbe87af35ead99014efbe42]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, Quarantined, [4644312a701b2b0b01a9036e5da50ef2]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Quarantined, [b6d44c0fb1da0e28152e57edac57f40c]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Quarantined, [e8a289d247440e2882c2390b0ff4a858]

    Registry Data: 6
    PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[6f1b65f6810afd39fb9b6cc656ae27d9]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...),Replaced,[dcae0358e4a7c175ff9179b9bb4901ff]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?p=mKO_AwFzX...RieBp_rH5gtHFmxIDDlT6WqgGMw-GUKYeQpBbQ9iuSa0g,,, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzX...),Replaced,[33576bf095f62a0c8c050131ff05d22e]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...),Replaced,[7218c3984d3ee353a0f08ba7e81cc63a]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...),Replaced,[c8c25902f2993303eba5eb47778dd12f]
    PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.sonic-search.com/?p=mKO...7dICTRxXAMCPxO9XKR8uHanrgdA,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.sonic-search.com/?p=mKO...),Replaced,[8a00253646454fe78c06e2509f6539c7]

    Folders: 6
    PUP.Optional.ApplicationHosting, C:\ProgramData\ApplicationHosting, Delete-on-Reboot, [0684c79419722313af503b5a52b1a858],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\_metadata, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Spanpluss, Quarantined, [e5a50f4cfa91c670c97bf760e22209f7],

    Files: 24
    PUP.Optional.Amonetize, C:\Users\it\AppData\Local\Temp\Urdu Inpage 2011 Free Download__3105_il47.exe, Quarantined, [d7b397c4a4e783b39c3358320bf652ae],
    Trojan.Agent.MSIL, C:\Users\it\AppData\Local\Temp\Vss3R.tmp, Quarantined, [2664fe5dc7c4191d18a1d55fb849817f],
    PUP.Optional.CrossRider, C:\Users\it\AppData\Local\Temp\awh2A8B.tmp, Quarantined, [b9d18dced4b7b5814f34014f3fc50df3],
    PUP.Optional.Amonetize, C:\Users\it\Downloads\Urdu Inpage 2011 Free Download__3105_il47.exe, Quarantined, [ec9e81da494238fe9e31d1b96d9416ea],
    PUP.Optional.Linkury.ShrtCln, C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\9ciovh9n.default\searchplugins\findit.xml, Quarantined, [4347e07b731849ed795285c0897af60a],
    PUP.Optional.Linkury.Gen, C:\Windows\SysWOW64\findit.xml, Quarantined, [f1991e3dd0bbd75f91c1c6a35ca78878],
    PUP.Optional.ApplicationHosting, C:\ProgramData\ApplicationHosting\Config.xml, Quarantined, [0684c79419722313af503b5a52b1a858],
    PUP.Optional.ApplicationHosting, C:\ProgramData\ApplicationHosting\ApplicationHosting.dat, Delete-on-Reboot, [0684c79419722313af503b5a52b1a858],
    PUP.Optional.ApplicationHosting, C:\ProgramData\ApplicationHosting\ApplicationHosting.exe, Delete-on-Reboot, [0684c79419722313af503b5a52b1a858],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\background.js, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\desktop.ini, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\manifest.json, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\128x128.png, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\16x16.png, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\desktop.ini, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\wiki-_16.png, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\wiki_128.png, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\wiki_32.ico, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.WikiSearchMe, C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\_metadata\verified_contents.json, Quarantined, [f3974b10dead989e30a4264618eae020],
    PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Spanpluss\ff.HP, Quarantined, [e5a50f4cfa91c670c97bf760e22209f7],
    PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Spanpluss\ff.NT, Quarantined, [e5a50f4cfa91c670c97bf760e22209f7],
    PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Spanpluss\snp.sc, Quarantined, [e5a50f4cfa91c670c97bf760e22209f7],
    PUP.Optional.Linkury.ShrtCln, C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\9ciovh9n.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\\ProgramData\\Spanpluss\\ff.NT");), Replaced,[2e5c4912018a41f5a04658ff7094c53b]
    PUP.Optional.FindIt, C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\9ciovh9n.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaultenginename", "findit");), Replaced,[06840259117a90a6d7e67cdda95b9b65]

    Physical Sectors: 0
    (No malicious items detected)


    (end
     

    Attached Files:

    Last edited by a moderator: Oct 26, 2015
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pbsol

    Did you run the other scans? ....AdwCleaner and FRST
    There may be some leftovers, so I'd like to check for that.

    Thanks.
     
  3. pbsol

    pbsol Registered Members

    Joined:
    Oct 23, 2015
    Messages:
    11
    Location:
    Pakistan
    Operating System:
    Windows 7
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pbsol

    That pic is of MalwareBytes.... we've done that one.
    Now we need to run the other 2 tools.

    Step 1
    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Cleaning button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[C*].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

    Step 2
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    AdwCleaner[C*].txt
    and both reports from FRST


    Thanks.
     
  5. pbsol

    pbsol Registered Members

    Joined:
    Oct 23, 2015
    Messages:
    11
    Location:
    Pakistan
    Operating System:
    Windows 7
    Yes. Great tools. 100% convenient, safe and effective. I am really thankful for your prompt help. The required reports are as follows.

    # AdwCleaner v5.017 - Logfile created 04/11/2015 at 11:52:14
    # Updated 03/11/2015 by Xplode
    # Database : 2015-11-03.2 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : it - IT-PC
    # Running from : C:\Users\it\Downloads\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\it\Desktop\Store

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\it\AppData\Local\Temp\task.vbs

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\mtSpanplus

    ***** [ Web browsers ] *****

    [-] [C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\9ciovh9n.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "findit");
    [-] [C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1201 bytes] ##########
    -----------------
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
    Ran by it (administrator) on IT-PC (04-11-2015 11:56:11)
    Running from C:\Users\it\Downloads
    Loaded Profiles: it (Available Profiles: it)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    (Sapro Systems) C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_226.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [2837864 2010-06-29] (AVAST Software)
    HKLM-x32\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [81944 2015-04-01] (Sapro Systems)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [81944 2015-04-01] (Sapro Systems)
    HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\...\MountPoints2: {08de6a30-7874-11e5-a604-9cb33591dfda} - H:\AutoRun.exe
    HKU\S-1-5-18\...\Run: [WinCalendar V4] => C:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe [81944 2015-04-01] (Sapro Systems)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-24] (Microsoft Corporation)
    Startup: C:\Users\it\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Avisoft Organizer Alarm.exe.lnk [2015-10-26]
    ShortcutTarget: Shortcut to Avisoft Organizer Alarm.exe.lnk -> C:\Users\it\AppData\Roaming\Microsoft\Installer\{E4F84D06-D233-4F58-931E-6AA48A6027A8}\_1877884C6DDB457EB57D83.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 127.0.0.1 activate.adobe.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
    Tcpip\..\Interfaces\{EC08996D-1D8C-40EC-856F-D0F9BA79AA6B}: [DhcpNameServer] 192.168.10.1

    Internet Explorer:
    ==================
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-28] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-28] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\9ciovh9n.default
    FF NewTab: C:\\ProgramData\\Spanpluss\\ff.NT
    FF Homepage: hxxp://www.my-example-page.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-28] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
    FF Extension: DownThemAll! - C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\9ciovh9n.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-10-07]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.mypage.com.pk/
    CHR StartupUrls: Default -> "hxxp://localhost/"
    CHR NewTab: Default -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
    CHR Profile: C:\Users\it\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-19]
    CHR Extension: (Google Drive) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
    CHR Extension: (YouTube) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
    CHR Extension: (BuiltWith Technology Profiler) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2015-09-29]
    CHR Extension: (Authy) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2015-11-04]
    CHR Extension: (Google Docs Offline) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-19]
    CHR Extension: (New Tab Redirect) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-10-01]
    CHR Extension: (Chrono Download Manager) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-09-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-19]
    CHR Extension: (ColorPick Eyedropper) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2015-09-29]
    CHR Extension: (Gmail) - C:\Users\it\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-19]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-29] (AVAST Software)
    R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-29] (AVAST Software)
    R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-29] (AVAST Software)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-29] (ALWIL Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-06-29] (ALWIL Software)
    R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-29] (ALWIL Software)
    R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-29] (ALWIL Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-29] (ALWIL Software)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-04] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-04 11:56 - 2015-11-04 11:56 - 00011993 _____ C:\Users\it\Downloads\FRST.txt
    2015-11-04 11:56 - 2015-11-04 11:56 - 00000000 ____D C:\FRST
    2015-11-04 11:55 - 2015-11-04 11:55 - 00000054 _____ C:\Users\it\Desktop\temp-temp-temp-fourms.txt
    2015-11-04 11:54 - 2015-11-04 11:54 - 00000165 ____H C:\Users\it\Documents\~$data.xlsx
    2015-11-04 11:53 - 2015-11-04 11:53 - 00001280 _____ C:\Users\it\Desktop\AdwCleaner[C1].txt
    2015-11-04 11:51 - 2015-11-04 11:52 - 00000000 ____D C:\AdwCleaner
    2015-11-04 11:50 - 2015-11-03 23:56 - 01708032 _____ C:\Users\it\Downloads\AdwCleaner.exe
    2015-11-04 11:50 - 2015-10-31 16:37 - 02198016 _____ (Farbar) C:\Users\it\Downloads\FRST64.exe
    2015-11-04 11:10 - 2015-11-04 11:10 - 00184135 _____ C:\Users\it\Downloads\chat(1).sql
    2015-11-04 10:31 - 2015-11-04 10:33 - 00000353 _____ C:\Users\it\Desktop\gig-fiverr-fiverr.txt
    2015-11-04 10:06 - 2015-11-04 10:06 - 00002303 _____ C:\Users\it\Desktop\Chrome App Launcher.lnk
    2015-11-04 10:06 - 2015-11-04 10:06 - 00000000 ____D C:\Users\it\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-03 16:12 - 2015-11-03 16:14 - 35396048 _____ (Lenovo Group ) C:\Users\it\Downloads\IN3WLN09WW5.exe
    2015-11-03 15:56 - 2015-11-03 15:56 - 05376336 _____ (Lenovo Group ) C:\Users\it\Downloads\ID3WLN04WW5.exe
    2015-11-03 15:49 - 2015-11-03 15:50 - 35396056 _____ (Lenovo ) C:\Users\it\Downloads\89wn04ww (1).exe
    2015-11-03 15:38 - 2015-11-03 15:40 - 35396056 _____ (Lenovo ) C:\Users\it\Downloads\89wn04ww.exe
    2015-11-03 15:29 - 2015-11-03 15:29 - 00929872 _____ (Google Inc.) C:\Users\it\Downloads\ChromeSetup(1).exe
    2015-11-03 15:26 - 2015-11-03 15:26 - 00000123 _____ C:\Users\it\Desktop\bitcoin-information.txt
    2015-11-03 12:15 - 2015-11-03 13:40 - 00004228 _____ C:\Users\it\Desktop\temp-freelance-temp-temp.txt
    2015-11-03 11:59 - 2015-11-03 11:59 - 00045568 _____ C:\Users\it\Downloads\Indie100_submission_System_1.0_1.xls
    2015-11-03 10:54 - 2015-11-03 10:54 - 00370995 _____ C:\Users\it\Downloads\chat(2).zip
    2015-11-03 10:53 - 2015-11-03 10:53 - 00182609 _____ C:\Users\it\Downloads\pbeaviat_chatt.sql
    2015-11-03 10:49 - 2015-11-03 10:49 - 00003443 _____ C:\Users\it\Downloads\chat.sql
    2015-11-03 10:29 - 2015-11-03 10:29 - 00405188 _____ C:\Users\it\Downloads\chat(1).zip
    2015-11-03 10:29 - 2015-11-03 10:29 - 00000000 ____D C:\Users\it\Downloads\chat(1)
    2015-11-02 15:37 - 2015-11-02 15:37 - 00000000 ____D C:\Users\it\Downloads\Stripe-Larry-Ullman
    2015-11-02 15:36 - 2015-11-02 15:36 - 00010151 _____ C:\Users\it\Downloads\Stripe-Larry-Ullman.zip
    2015-11-02 09:10 - 2015-11-02 09:14 - 00000551 _____ C:\Users\it\Desktop\my-info-for-elance.txt
    2015-10-31 16:07 - 2015-11-03 11:37 - 00001051 _____ C:\Users\it\Desktop\email-29-7-15.txt
    2015-10-31 16:07 - 2015-10-31 16:07 - 00000564 _____ C:\Users\it\Downloads\email-29-7-15.txt
    2015-10-31 15:27 - 2015-10-31 16:08 - 00000455 _____ C:\Users\it\Desktop\seo-plan-100.txt
    2015-10-31 11:01 - 2015-10-31 11:01 - 00000062 _____ C:\Users\it\Desktop\freelance-info-data.txt
    2015-10-28 15:42 - 2015-10-28 15:42 - 00000050 _____ C:\Users\it\Desktop\PPSC-Emails.txt
    2015-10-28 09:43 - 2015-10-28 09:43 - 00660960 _____ (Dropbox, Inc.) C:\Users\it\Downloads\DropboxInstaller.exe
    2015-10-28 08:38 - 2015-10-28 08:38 - 00000000 ____D C:\Users\it\AppData\Roaming\Sun
    2015-10-28 08:38 - 2015-10-28 08:38 - 00000000 ____D C:\Users\it\AppData\LocalLow\Sun
    2015-10-28 08:38 - 2015-10-28 08:38 - 00000000 ____D C:\Users\it\.oracle_jre_usage
    2015-10-28 08:37 - 2015-10-28 08:38 - 00000000 ____D C:\ProgramData\Oracle
    2015-10-28 08:37 - 2015-10-28 08:37 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-10-28 08:37 - 2015-10-28 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-10-28 08:37 - 2015-10-28 08:37 - 00000000 ____D C:\Program Files (x86)\Java
    2015-10-28 08:25 - 2015-10-28 08:25 - 00003136 _____ C:\Windows\System32\Tasks\{59F2A204-B0B7-4713-9AA1-7980D0560058}
    2015-10-28 08:25 - 2015-10-28 08:25 - 00000000 ____D C:\Users\it\AppData\LocalLow\Oracle
    2015-10-28 08:24 - 2015-10-28 08:24 - 00584288 _____ (Oracle Corporation) C:\Users\it\Downloads\jre-8u65-windows-i586-iftw.exe
    2015-10-27 08:57 - 2015-10-27 08:57 - 00000000 ____D C:\Users\it\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TypeFaster
    2015-10-27 08:57 - 2015-10-27 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypeFaster
    2015-10-27 08:57 - 2015-10-27 08:57 - 00000000 ____D C:\Program Files (x86)\TypeFaster
    2015-10-27 08:57 - 2013-10-08 16:23 - 01936008 _____ C:\Users\it\Downloads\TypeFaster-v0.4.2-install.exe
    2015-10-27 08:42 - 2015-10-27 08:42 - 00000000 _____ C:\Users\it\Desktop\typing.txt
    2015-10-26 16:41 - 2015-10-26 16:41 - 00693704 _____ C:\Users\it\Documents\List of 144 Do-Follow Forums by Niche @ Dot Comers.htm
    2015-10-26 16:41 - 2015-10-26 16:41 - 00000000 ____D C:\Users\it\Documents\List of 144 Do-Follow Forums by Niche @ Dot Comers_files
    2015-10-26 16:39 - 2015-10-26 16:39 - 00196648 _____ C:\Users\it\Documents\Webmaster Forums List _ Web Hosting Talk.htm
    2015-10-26 16:39 - 2015-10-26 16:39 - 00000000 ____D C:\Users\it\Documents\Webmaster Forums List _ Web Hosting Talk_files
    2015-10-26 16:38 - 2015-10-26 16:38 - 00051269 _____ C:\Users\it\Documents\Top 100 Forums List for Webmasters.htm
    2015-10-26 16:38 - 2015-10-26 16:38 - 00000000 ____D C:\Users\it\Documents\Top 100 Forums List for Webmasters_files
    2015-10-26 15:12 - 2015-10-26 15:20 - 00001141 _____ C:\Users\it\Desktop\temp-temp-temp-temp.txt
    2015-10-26 14:42 - 2015-11-04 11:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-26 14:41 - 2015-10-26 14:57 - 00001100 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-26 14:41 - 2015-10-26 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-26 14:41 - 2015-10-26 14:41 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-10-26 14:41 - 2015-10-26 14:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-26 14:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-10-26 14:41 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-10-26 14:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-10-26 14:36 - 2015-10-26 14:41 - 22908888 _____ (Malwarebytes ) C:\Users\it\Downloads\mbam-setup-2.2.0.1024.exe
    2015-10-26 14:24 - 2015-10-28 10:23 - 00000000 ____D C:\Users\it\Desktop\HTML-FILES
    2015-10-26 09:43 - 2015-10-26 09:42 - 00033792 _____ C:\Users\it\Documents\Schedule_Weekly.xls
    2015-10-26 09:02 - 2015-10-26 09:02 - 00929872 _____ (Google Inc.) C:\Users\it\Downloads\ChromeSetup.exe
    2015-10-23 15:50 - 2015-10-23 15:50 - 00000083 _____ C:\Users\it\Desktop\virus.txt
    2015-10-23 13:06 - 2015-10-23 13:06 - 00000000 ____D C:\Users\it\Downloads\chat
    2015-10-23 13:04 - 2015-10-23 13:05 - 00405188 _____ C:\Users\it\Downloads\chat.zip
    2015-10-22 14:37 - 2015-10-22 14:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2015-10-22 13:10 - 2015-10-22 14:50 - 00238406 _____ C:\Users\it\Documents\Lahore-Sep-12.xlsx
    2015-10-22 11:31 - 2015-10-22 13:09 - 00084898 _____ C:\Users\it\Documents\Karachi.xlsx
    2015-10-22 10:33 - 2015-10-22 15:22 - 00204159 _____ C:\Users\it\Documents\Book1-1-1-1.xlsx
    2015-10-22 09:36 - 2015-10-22 09:36 - 01135151 _____ C:\Users\it\Downloads\june 2013 passenger list.xlsx
    2015-10-22 09:22 - 2015-10-22 10:32 - 00272762 _____ C:\Users\it\Documents\Book1.xlsx
    2015-10-21 16:25 - 2015-10-21 16:25 - 00001987 _____ C:\Users\it\Downloads\Job Select-R(1).txt
    2015-10-21 16:21 - 2015-10-21 16:23 - 06539752 _____ (Tim Kosse) C:\Users\it\Downloads\FileZilla_3.14.1_win64-setup.exe
    2015-10-21 14:45 - 2015-10-21 15:13 - 00000341 _____ C:\Users\it\Desktop\temp-temp.txt
    2015-10-21 09:56 - 2015-10-21 09:56 - 00001987 _____ C:\Users\it\Downloads\Job Select-R.txt
    2015-10-20 15:58 - 2015-10-20 15:58 - 00000571 _____ C:\Users\it\Desktop\data-data.txt
    2015-10-20 12:30 - 2015-10-20 14:09 - 00000925 _____ C:\Users\it\Desktop\change.txt
    2015-10-20 10:05 - 2015-10-20 10:05 - 00000000 ____D C:\Users\it\Documents\flyingelephantagency
    2015-10-20 10:05 - 2015-10-20 10:04 - 14878959 _____ C:\Users\it\Documents\flyingelephantagency.zip
    2015-10-20 10:02 - 2015-10-20 10:04 - 14878959 _____ C:\Users\it\Downloads\flyingelephantagency.zip
    2015-10-19 16:41 - 2015-10-28 14:23 - 00000456 _____ C:\Users\it\Desktop\directory-information.txt
    2015-10-19 16:08 - 2015-11-04 11:53 - 00000210 _____ C:\Windows\Tasks\AutoKMS.job
    2015-10-19 16:08 - 2015-11-03 16:08 - 00000210 _____ C:\Windows\Tasks\AutoKMSDaily.job
    2015-10-19 16:08 - 2015-10-19 16:08 - 00002748 _____ C:\Windows\System32\Tasks\AutoKMSDaily
    2015-10-19 16:08 - 2015-10-19 16:08 - 00002442 _____ C:\Windows\System32\Tasks\AutoKMS
    2015-10-19 16:08 - 2015-10-19 16:08 - 00000000 ____D C:\Windows\AutoKMS
    2015-10-19 16:07 - 2015-10-19 16:07 - 00151552 _____ C:\Windows\KMSEmulator.exe
    2015-10-19 16:03 - 2015-10-19 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
    2015-10-19 16:03 - 2015-10-19 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2015-10-19 16:03 - 2015-10-19 16:03 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2015-10-19 16:03 - 2015-10-19 16:03 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
    2015-10-19 16:02 - 2015-10-19 16:02 - 00000000 ____D C:\Windows\PCHEALTH
    2015-10-19 16:02 - 2015-10-19 16:02 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
    2015-10-19 16:02 - 2015-10-19 16:02 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2015-10-19 16:01 - 2015-10-19 16:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
    2015-10-19 16:00 - 2015-10-19 16:02 - 00000000 ____D C:\Program Files\Microsoft Office
    2015-10-19 16:00 - 2015-10-19 16:00 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
    2015-10-19 16:00 - 2015-10-19 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2015-10-19 16:00 - 2015-10-19 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2015-10-19 15:59 - 2015-10-19 15:59 - 00000000 __RHD C:\MSOCache
    2015-10-19 15:58 - 2015-10-22 15:30 - 00000035 _____ C:\Users\it\Desktop\wifi-password.txt
    2015-10-19 13:50 - 2015-10-19 13:50 - 00000000 ____D C:\Users\it\Desktop\19_10_15
    2015-10-19 12:00 - 2015-10-19 12:10 - 00000064 _____ C:\Users\it\Documents\Ext-Nums.txt
    2015-10-19 11:27 - 2015-10-19 11:29 - 43669632 _____ (Skype Technologies S.A.) C:\Users\it\Downloads\SkypeSetupFull.exe
    2015-10-17 17:41 - 2015-10-17 17:41 - 00034816 _____ C:\Users\it\Downloads\Schedule_Weekly_Monday_24_Hours.xls
    2015-10-17 17:41 - 2015-10-17 17:41 - 00031232 _____ C:\Users\it\Downloads\Schedule_Weekly_Landscape.xls
    2015-10-17 17:40 - 2015-10-17 17:40 - 00034304 _____ C:\Users\it\Downloads\Schedule_Weekly_Landscape_Monday_24_Hours.xls
    2015-10-17 17:38 - 2015-10-17 17:38 - 00030720 _____ C:\Users\it\Downloads\Schedule_Weekly.xls
    2015-10-17 17:37 - 2015-10-17 17:37 - 00016289 _____ C:\Users\it\Downloads\Book%201.xlsx
    2015-10-17 15:59 - 2015-10-17 16:44 - 00000000 ____D C:\Users\it\Documents\fdfdf
    2015-10-17 11:43 - 2015-10-17 11:43 - 00000000 ____D C:\Users\it\Downloads\inpage Version 2.4 Without Any Error ITPCC
    2015-10-17 11:42 - 2015-10-17 11:41 - 15335175 _____ C:\Users\it\Downloads\inpage Version 2.4 Without Any Error ITPCC.zip
    2015-10-17 11:26 - 2015-10-17 11:26 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-10-16 10:24 - 2015-10-16 10:24 - 00463650 _____ C:\Users\it\Downloads\How to Live a Happy Married Life (with Pictures) - wikiHow.htm
    2015-10-16 10:24 - 2015-10-16 10:24 - 00000000 ____D C:\Users\it\Downloads\How to Live a Happy Married Life (with Pictures) - wikiHow_files
    2015-10-16 09:19 - 2015-10-17 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-10-15 16:05 - 2015-10-15 16:05 - 00120769 _____ C:\Users\it\Documents\100-Signature Allow Forum Posting Sites List.htm
    2015-10-15 16:05 - 2015-10-15 16:05 - 00000000 ____D C:\Users\it\Documents\100-Signature Allow Forum Posting Sites List_files
    2015-10-15 14:53 - 2015-10-15 14:53 - 00009995 _____ C:\Users\it\Downloads\abdullahstore(1).sql
    2015-10-14 14:31 - 2015-10-14 14:31 - 00008367 _____ C:\Users\it\Downloads\abdullahstore.sql
    2015-10-14 14:30 - 2015-10-14 14:30 - 00001982 _____ C:\Users\it\Downloads\emloyee.sql
    2015-10-14 12:51 - 2015-10-14 12:51 - 00308214 _____ C:\Users\it\Downloads\responsive-drop-down-menu-jquery-css3-using-icon-symbol.zip
    2015-10-13 16:01 - 2015-10-13 16:01 - 00384326 _____ C:\Users\it\Downloads\landscape.sql
    2015-10-12 14:32 - 2015-10-12 14:32 - 00247597 _____ C:\Users\it\Downloads\jquery-2.1.4.js
    2015-10-12 14:08 - 2015-10-12 14:08 - 00000238 _____ C:\Users\it\Documents\post.txt
    2015-10-12 10:29 - 2015-10-12 10:29 - 00000000 ____D C:\Users\it\AppData\Local\Macromedia
    2015-10-12 10:28 - 2015-11-04 11:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-10-12 10:28 - 2015-10-17 16:07 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-12 10:28 - 2015-10-17 16:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-12 10:28 - 2015-10-17 16:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-10-12 10:28 - 2015-10-12 10:28 - 00000000 ____D C:\Windows\system32\Macromed
    2015-10-10 17:24 - 2015-10-10 17:25 - 00265519 _____ C:\Users\it\Downloads\bootstrap-3.3.5-dist.zip
    2015-10-09 12:09 - 2015-10-09 12:09 - 00158366 _____ C:\Users\it\Documents\The Big Forum List _ XenForo Community.htm
    2015-10-09 12:09 - 2015-10-09 12:09 - 00000000 ____D C:\Users\it\Documents\The Big Forum List _ XenForo Community_files
    2015-10-09 10:34 - 2015-10-09 10:34 - 00498319 _____ C:\Users\it\Documents\logo1.psd
    2015-10-09 10:30 - 2015-10-09 10:30 - 00547315 _____ C:\Users\it\Documents\logo.psd
    2015-10-09 10:30 - 2015-10-09 10:30 - 00547315 _____ C:\Users\it\Documents\logo - Copy.psd
    2015-10-09 09:29 - 2015-10-09 10:09 - 00000000 ____D C:\Users\it\Desktop\railway-pics
    2015-10-09 08:57 - 2015-10-19 16:36 - 00000000 ____D C:\Users\it\Documents\700+ Do Follow High PR Forums Sites List 2015_files
    2015-10-09 08:57 - 2015-10-09 08:57 - 00186824 _____ C:\Users\it\Documents\700+ Do Follow High PR Forums Sites List 2015.htm
    2015-10-09 08:56 - 2015-10-09 08:56 - 00085624 _____ C:\Users\it\Documents\Top List of Webmaster Forums _ Prelovac.com.htm
    2015-10-09 08:56 - 2015-10-09 08:56 - 00000000 ____D C:\Users\it\Documents\Top List of Webmaster Forums _ Prelovac.com_files
    2015-10-09 08:51 - 2015-11-04 11:55 - 00014559 _____ C:\Users\it\Documents\data.xlsx
    2015-10-08 11:29 - 2015-10-20 13:15 - 00000132 _____ C:\Users\it\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2015-10-08 11:27 - 2015-10-08 11:27 - 00000000 ____D C:\Users\it\Documents\Adobe Scripts
    2015-10-08 11:21 - 2015-10-08 15:16 - 00000000 ____D C:\Users\it\Desktop\landscape-slider
    2015-10-08 11:06 - 2015-10-08 11:06 - 00000000 ____D C:\Users\it\Downloads\wordpress-4.0.1
    2015-10-08 11:06 - 2015-09-07 09:43 - 06586773 _____ C:\Users\it\Downloads\wordpress-4.0.1.zip
    2015-10-08 11:04 - 2015-10-08 11:04 - 01078073 _____ C:\Users\it\Downloads\ample.1.0.8.zip
    2015-10-08 11:04 - 2015-10-08 11:04 - 00000000 ____D C:\Users\it\Downloads\ample.1.0.8
    2015-10-08 10:37 - 2015-10-08 10:37 - 07998458 ____R C:\Users\it\Downloads\fore-master.zip
    2015-10-08 10:37 - 2015-10-08 10:37 - 00000000 ____D C:\Users\it\Downloads\fore-master
    2015-10-07 16:56 - 2015-10-07 16:56 - 00016183 _____ C:\Users\it\Downloads\Book1.xlsx
    2015-10-07 10:21 - 2015-10-07 10:21 - 00003490 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-it-PC-it
    2015-10-07 10:14 - 2015-10-08 11:24 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2015-10-07 10:13 - 2015-10-26 14:57 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
    2015-10-07 10:13 - 2015-10-07 10:13 - 00000000 ____D C:\Program Files\Adobe
    2015-10-07 10:12 - 2015-10-26 14:57 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
    2015-10-07 10:11 - 2015-10-26 14:57 - 00001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
    2015-10-07 10:11 - 2015-10-26 14:57 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
    2015-10-07 10:11 - 2015-10-07 10:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-10-07 10:10 - 2015-10-07 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    2015-10-07 10:10 - 2015-10-07 10:10 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
    2015-10-07 10:09 - 2015-10-26 14:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
    2015-10-07 10:09 - 2015-10-26 14:57 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
    2015-10-07 10:09 - 2015-10-26 14:57 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    2015-10-07 10:09 - 2015-10-07 10:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2015-10-07 10:08 - 2015-10-07 10:08 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2015-10-07 10:08 - 2015-10-07 10:08 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2015-10-07 10:06 - 2015-10-07 10:06 - 00000000 ____D C:\Users\it\AppData\Roaming\Macromedia
    2015-10-07 09:54 - 2015-10-07 11:44 - 00000000 ____D C:\Users\it\Desktop\Landscape-Images
    2015-10-06 16:11 - 2015-10-26 14:57 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-10-06 16:11 - 2015-10-26 14:57 - 00001145 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-10-06 16:11 - 2015-10-17 11:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-10-06 16:11 - 2015-10-06 16:18 - 00000000 ____D C:\Users\it\AppData\Local\Mozilla
    2015-10-06 16:11 - 2015-10-06 16:12 - 00000000 ____D C:\Users\it\AppData\Roaming\Mozilla
    2015-10-06 15:36 - 2015-10-06 15:36 - 02570108 _____ C:\Users\it\Downloads\startbootstrap-landing-page-1.0.4.zip
    2015-10-06 15:36 - 2015-10-06 15:36 - 00000000 ____D C:\Users\it\Downloads\startbootstrap-landing-page-1.0.4
    2015-10-06 14:37 - 2015-10-06 14:37 - 00089480 _____ C:\Users\it\Downloads\landscape.zip
    2015-10-06 14:37 - 2015-10-06 14:37 - 00000000 ____D C:\Users\it\Downloads\landscape
    2015-10-06 11:43 - 2015-10-06 11:43 - 00003809 _____ C:\Users\it\Downloads\contact.html

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-04 11:56 - 2015-09-19 15:10 - 01073420 _____ C:\Windows\WindowsUpdate.log
    2015-11-04 11:53 - 2015-09-29 16:08 - 00000000 ____D C:\ProgramData\WinCalendarV4
    2015-11-04 11:53 - 2015-09-19 15:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-11-04 11:53 - 2009-07-14 10:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-04 11:53 - 2009-07-14 09:51 - 00028985 _____ C:\Windows\setupact.log
    2015-11-04 11:37 - 2015-09-19 15:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-04 10:31 - 2015-10-02 17:02 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{90940E97-AEBE-4818-ACB7-E098E37F6953}
    2015-11-04 09:07 - 2009-07-14 09:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-04 09:07 - 2009-07-14 09:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-04 09:04 - 2009-07-14 10:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-03 16:11 - 2009-07-14 08:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-11-03 15:32 - 2015-09-19 15:29 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-11-03 09:15 - 2015-09-22 09:10 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-10-28 09:41 - 2015-09-19 15:36 - 00000000 ____D C:\Users\it\AppData\Roaming\FileZilla
    2015-10-28 08:38 - 2015-09-19 15:08 - 00000000 ____D C:\Users\it
    2015-10-27 08:19 - 2015-09-21 08:00 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2015-10-27 08:17 - 2015-09-21 07:53 - 00018330 _____ C:\Windows\PFRO.log
    2015-10-26 14:58 - 2009-07-14 10:32 - 00000000 ____D C:\Windows\Performance
    2015-10-26 14:57 - 2015-09-29 16:08 - 00001958 _____ C:\Users\Public\Desktop\WinCalendar V4.lnk
    2015-10-26 14:57 - 2015-09-21 08:17 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-10-26 14:57 - 2015-09-21 08:17 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2015-10-26 14:57 - 2015-09-20 03:06 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2015-10-26 14:57 - 2015-09-20 03:06 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2015-10-26 14:57 - 2015-09-19 15:35 - 00001831 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
    2015-10-26 14:57 - 2015-09-19 15:12 - 00001890 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2015-10-26 14:57 - 2015-09-19 15:09 - 00001393 _____ C:\Users\it\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-10-26 14:57 - 2009-07-14 10:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2015-10-26 14:57 - 2009-07-14 09:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-10-26 14:57 - 2009-07-14 09:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2015-10-26 14:57 - 2009-07-14 09:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2015-10-26 14:57 - 2009-07-14 09:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2015-10-26 14:57 - 2009-07-14 09:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2015-10-20 13:26 - 2015-09-19 15:13 - 00000000 ____D C:\Users\it\AppData\Local\Microsoft Help
    2015-10-20 08:45 - 2009-07-14 09:45 - 04965000 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-10-19 16:07 - 2015-09-21 08:19 - 00109696 _____ C:\Users\it\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-10-19 16:05 - 2015-09-19 15:13 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-10-19 16:03 - 2009-07-14 12:46 - 00000000 ____D C:\Windows\ShellNew
    2015-10-19 16:03 - 2009-07-14 08:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2015-10-19 16:02 - 2009-07-14 10:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2015-10-19 16:00 - 2009-07-14 08:20 - 00000000 ____D C:\Program Files\Common Files\System
    2015-10-19 16:00 - 2009-07-14 07:34 - 00000478 _____ C:\Windows\win.ini
    2015-10-17 11:43 - 2015-09-19 15:08 - 00000000 ____D C:\Users\it\AppData\Local\VirtualStore
    2015-10-15 14:51 - 2015-09-30 08:46 - 00000000 ____D C:\Users\it\AppData\Local\CrashDumps
    2015-10-12 10:29 - 2015-09-21 08:17 - 00000000 ____D C:\Users\it\AppData\Local\Adobe
    2015-10-10 15:48 - 2015-09-21 08:17 - 00000000 ____D C:\Users\it\AppData\Roaming\Adobe
    2015-10-08 08:45 - 2015-09-21 08:16 - 00000000 ____D C:\ProgramData\Adobe
    2015-10-07 10:12 - 2015-09-21 08:16 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-10-05 08:47 - 2009-07-14 10:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

    ==================== Files in the root of some directories =======

    2015-10-08 11:29 - 2015-10-20 13:15 - 0000132 _____ () C:\Users\it\AppData\Roaming\Adobe PNG Format CS5 Prefs

    Some files in TEMP:
    ====================
    C:\Users\it\AppData\Local\Temp\Opera_NI_stable.exe
    C:\Users\it\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-31 13:23

    ==================== End of FRST.txt ============================

    ---------------------
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
    Ran by it (2015-11-04 11:56:53)
    Running from C:\Users\it\Downloads
    Windows 7 Ultimate Service Pack 1 (X64) (2015-09-19 10:08:40)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3701455165-1665643728-2729164694-500 - Administrator - Disabled)
    Guest (S-1-5-21-3701455165-1665643728-2729164694-501 - Limited - Disabled)
    it (S-1-5-21-3701455165-1665643728-2729164694-1000 - Administrator - Enabled) => C:\Users\it

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AS: avast! Antivirus (Enabled - Up to date) {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
    avast! Free Antivirus (HKLM-x32\...\avast5) (Version: 5.0.594.0 - Alwil Software)
    Avisoft Organizer 3.0 (HKLM-x32\...\{E4F84D06-D233-4F58-931E-6AA48A6027A8}) (Version: 1.0.0 - Avisoft)
    FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    TypeFaster Typing Tutor (HKLM-x32\...\TypeFaster) (Version: - )
    WinCalendar V4 (HKLM-x32\...\WinCalendar V4) (Version: 4.31 - Sapro Systems)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    XAMPP (HKLM-x32\...\xampp) (Version: 5.5.19-0 - Bitnami)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    26-10-2015 13:24:16 Scheduled Checkpoint
    02-11-2015 14:21:48 Scheduled Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 07:34 - 2015-10-08 11:26 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 activate.adobe.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07563DED-A6F3-4B60-BDC3-BF5A734E147E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {080B3FFD-4C48-452D-84B4-3FD289C9E178} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {3DF5AC13-57DD-4912-B6A5-507D6AFBB223} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {704E4755-CE93-4208-A5B6-D98DC50AD2C1} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-09-21] (AVAST Software)
    Task: {89C7CE27-72D8-46EB-A216-19F4B19B5412} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)
    Task: {8CB22535-DE48-450B-92CF-416F828B9658} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
    Task: {CFA7E9CA-9869-4ED3-B9E0-42DE136DBE65} - System32\Tasks\AdobeAAMUpdater-1.0-it-PC-it => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {E52C3596-9EBD-401B-8BDB-8C22E4F9C5DE} - System32\Tasks\{59F2A204-B0B7-4713-9AA1-7980D0560058} => pcalua.exe -a C:\Users\it\Downloads\jre-8u65-windows-i586-iftw.exe -d C:\Users\it\Downloads
    Task: {FE5C9428-7088-43BC-982C-7C9E999A5F75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-19] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
    Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-09-16 17:12 - 2015-09-16 17:12 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
    2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
    2015-11-04 09:00 - 2015-11-04 01:26 - 02989056 _____ () C:\Program Files\Alwil Software\Avast5\defs\15110304\algo.dll
    2015-09-19 15:12 - 2010-06-29 01:58 - 00123296 _____ () C:\Program Files\Alwil Software\Avast5\aswDld.dll
    2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-10-17 16:07 - 2015-10-17 16:07 - 17599688 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\it\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.10.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{4C39D83E-79CE-4FCA-900F-FDE52A4A70DC}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [UDP Query User{BD5051D8-8C48-4004-A36E-42410238801B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [TCP Query User{1FD73E0C-E8B7-47BE-B270-D69C6139AAF5}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
    FirewallRules: [UDP Query User{A027BB82-742D-4299-A2ED-CA2D3C5B3152}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
    FirewallRules: [{0B803D82-92B9-4B33-806C-27EC96FA32FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{396B7665-7663-43A3-8E75-0B296E4F45E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{05A39318-DFC4-4B59-9AB6-5123E8E2A40E}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
    FirewallRules: [UDP Query User{C0B2D56B-E0F1-4D00-B953-4650F7C2301B}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
    FirewallRules: [TCP Query User{D51A7C81-A8D7-4A82-917F-C9692C165DA8}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
    FirewallRules: [UDP Query User{1F8D4446-2479-4E1E-B962-E32FB2FF21DD}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
    FirewallRules: [{C54419CA-EB5C-4DE5-A5A2-4AD971D85BBA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PCI Serial Port
    Description: PCI Serial Port
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Standard PS/2 Keyboard
    Description: Standard PS/2 Keyboard
    Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard keyboards)
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Ethernet Controller
    Description: Ethernet Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/04/2015 08:59:25 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The process cannot access the file because it is being used by another process. (HRESULT : 0x80070020) (0x80070020)

    Error: (11/04/2015 08:59:25 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The process cannot access the file because it is being used by another process. (HRESULT : 0x80070020) (0x80070020)

    Error: (11/04/2015 08:59:25 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The process cannot access the file because it is being used by another process. (HRESULT : 0x80070020) (0x80070020)

    Error: (11/04/2015 08:59:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog

    Details:
    The process cannot access the file because it is being used by another process. (HRESULT : 0x80070020) (0x80070020)

    Error: (10/26/2015 09:05:51 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Aborting

    Error: (10/26/2015 09:05:51 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Unknown/unsupported storage engine: InnoDB

    Error: (10/26/2015 09:05:51 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Plugin 'InnoDB' registration as a STORAGE ENGINE failed.

    Error: (10/26/2015 09:05:51 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: Plugin 'InnoDB' init function returned error.

    Error: (10/26/2015 09:05:51 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: InnoDB: The system tablespace must be writable!

    Error: (10/26/2015 09:05:51 AM) (Source: MySQL) (EventID: 100) (User: )
    Description: InnoDB: C:\xampp\mysql\data\ibdata1 can't be opened in read-write mode


    System errors:
    =============
    Error: (11/04/2015 11:52:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (11/04/2015 11:52:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/04/2015 11:52:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (11/04/2015 11:52:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/04/2015 11:52:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/04/2015 11:52:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/04/2015 11:52:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (11/04/2015 08:59:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1053

    Error: (11/04/2015 08:59:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

    Error: (11/04/2015 08:59:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1053


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
    Percentage of memory in use: 42%
    Total physical RAM: 3895.29 MB
    Available physical RAM: 2229.68 MB
    Total Virtual: 7788.78 MB
    Available Virtual: 6000.38 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:58.13 GB) (Free:21.45 GB) NTFS
    Drive d: (DISK2_VOL2) (Fixed) (Total:58.21 GB) (Free:27.48 GB) FAT32
    Drive e: (DISK2_VOL3) (Fixed) (Total:58.21 GB) (Free:57.72 GB) FAT32
    Drive f: (DISK2_VOL4) (Fixed) (Total:58.19 GB) (Free:12.56 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E5A11246)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=58.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=174.7 GB) - (Type=OF Extended)

    ==================== End of Addition.txt ============================
     

    Attached Files:

    Last edited by a moderator: Nov 4, 2015
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pbsol

    I see that AdwCleaner removed a leftover from Spanpluss.
    There's still one more showing in the reports, we'll take care of that and a few orphan entries.

    Step 1
    Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\it\Downloads.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.


    Step 2
    Your Anti Virus should have disabled Windows Defender when it installed..... the 2 may conflict.
    I recommend you disable Windows Defender.

    • Click Start >> Control Panel >> Windows Defender or launch from the system tray icon.
    • Click on Tools & Settings >> Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Click Save.
    • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.


    In your next reply, please submit:
    Fixlog.txt from FRST.

    Also let me know if the system is still running well.

    Thanks
     

    Attached Files:

  7. pbsol

    pbsol Registered Members

    Joined:
    Oct 23, 2015
    Messages:
    11
    Location:
    Pakistan
    Operating System:
    Windows 7
    Hi starbuck. You said that FRST and fixlist.txt are in the same location. Okay?

    My question is what is FRST? I have downloaded the fixlist.txt

    Do you mean FRST folder or FRST.EXE?
     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Same location is simple..... if FRST is in the download folder, that's where you put the fixlist.

    a06b10ba9279a06007743609377b79c5.png

    You have already run FRST..... why would you need to ask what it is now?
    Just click on the FRST icon in your download folder.
     
  9. pbsol

    pbsol Registered Members

    Joined:
    Oct 23, 2015
    Messages:
    11
    Location:
    Pakistan
    Operating System:
    Windows 7
    Alright. I am posting the fixlog.txt file.


    Yes I have already run the FRST. This is the reason I was asking that should I put fixlist.txt where frst64.exe is located? I also have FRST folder in my drive.

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
    Ran by it (2015-11-07 13:35:02) Run:1
    Running from C:\Users\it\Downloads
    Loaded Profiles: it (Available Profiles: it)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\...\MountPoints2: {08de6a30-7874-11e5-a604-9cb33591dfda} - H:\AutoRun.exe
    FF NewTab: C:\\ProgramData\\Spanpluss\\ff.NT
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    C:\Users\it\AppData\Local\Temp\Opera_NI_stable.exe
    C:\Users\it\AppData\Local\Temp\sqlite3.dll
    CMD: ipconfig /flushdns
    EmptyTemp:
    Hosts:


    *****************

    "HKU\S-1-5-21-3701455165-1665643728-2729164694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08de6a30-7874-11e5-a604-9cb33591dfda}" => key removed successfully
    HKCR\CLSID\{08de6a30-7874-11e5-a604-9cb33591dfda} => key not found.
    Firefox "newtab" removed successfully
    Synth3dVsc => service removed successfully
    tsusbhub => service removed successfully
    VGPU => service removed successfully
    C:\Users\it\AppData\Local\Temp\Opera_NI_stable.exe => moved successfully
    C:\Users\it\AppData\Local\Temp\sqlite3.dll => moved successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 584.3 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 13:35:11 ====
     

    Attached Files:

  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi pbsol,

    If you meant there is a FRST folder located on the C drive..... yes that is where FRST stores the old reports and the quarantine folder.
    When we remove FRST, that folder will get removed as well.

    The leftovers have now been cleaned off.
    If everything is running smoothly we can finish the cleaning process and remove the tools we have used.
    We'll also set you a fresh restore point.

    Step 1
    Restart MBAM.
    Click on the History tab >> Quarantine
    Tick to select all items (if any there ) and then click the Delete button.
    Close MBAM.


    Step 2
    Download Delfix and save it to your desktop.
    • Ensure Remove disinfection tools is checked.
    • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

      e784dacb6998c919c2f136ca95e82545.png
      .
    • Click the Run button.
    When the tool has finished, please reboot your system to finalize the cleanup procedure.
    A log will open in notepad.... but i don't actually need this report

    Glad I was able to help.

    Safe surfing. 200636f9a90a19cb85ecf0ba93831af6.gif
     
  11. pbsol

    pbsol Registered Members

    Joined:
    Oct 23, 2015
    Messages:
    11
    Location:
    Pakistan
    Operating System:
    Windows 7
    Yes done.

    Yes done.

    Yes sure, I am really thankful to you. I will strongly recommend these tools to all windows users.
     

Share This Page