1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

Having DNS Unlocker PopUps.

Discussion in 'Virus, Spyware and Malware Removal Help' started by Helpmeplease2, Apr 2, 2016.

  1. Helpmeplease2

    Helpmeplease2 New Member iHF Regular iHF Newbie

    Joined:
    Apr 1, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by ABBY (administrator) on L512-PC (02-04-2016 03:09:17)
    Running from C:\Users\ABBY\Desktop
    Loaded Profiles: ABBY (Available Profiles: L512 & ABBY)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
    (SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
    (SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [9676328 2016-03-13] (SecureAge Technology)
    HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [23777320 2016-03-13] (SecureAge Technology)
    Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
    HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-29] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{A7E86C48-776E-4852-82AE-BA5B5CA1E431}: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{B0F88040-E3F2-4DAE-AD4D-E4BA533A55CD}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{D2109156-E5A7-454B-A7F8-FBBD36DDD4CB}: [DhcpNameServer] 10.16.0.1

    Internet Explorer:
    ==================
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default
    FF DefaultSearchEngine.US: DuckDuckGo
    FF Homepage: hxxp://goat.com/
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
    FF Extension: Greasemonkey - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-03-31]
    FF Extension: Self-Destructing Cookies - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-03-31]
    FF Extension: uBlock Origin - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-31]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
    R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [925736 2016-03-13] (SecureAge Technology)
    R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [211496 2016-03-13] (SecureAge Technology)
    R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1046568 2016-03-13] (SecureAge Technology)
    R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1181224 2016-03-13] (SecureAge Technology)
    R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [1009192 2016-03-13] (SecureAge Technology)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [266800 2016-03-07] (SecureAge Technology)
    R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-12-10] (SecureAge Technology)
    R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-02 03:09 - 2016-04-02 03:09 - 00007946 _____ C:\Users\ABBY\Desktop\FRST.txt
    2016-04-02 03:08 - 2016-04-02 03:08 - 02374144 _____ (Farbar) C:\Users\ABBY\Desktop\FRST64.exe
    2016-04-01 23:13 - 2016-04-02 03:03 - 00000000 ____D C:\Users\ABBY\AppData\Local\CrashDumps
    2016-04-01 19:20 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
    2016-04-01 19:19 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Local\Popcorn-Time
    2016-04-01 19:17 - 2016-04-01 19:19 - 34052006 _____ (Popcorn Time) C:\Users\ABBY\Downloads\Popcorn-Time-0.3.9-Setup.exe
    2016-04-01 19:11 - 2016-04-02 03:01 - 00000000 ____D C:\ProgramData\Betternet
    2016-04-01 19:11 - 2016-04-01 19:11 - 00000000 ____D C:\Users\ABBY\AppData\Local\Betternet_Technologies_In
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Users\ABBY\AppData\Local\Downloaded Installations
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files\TAP-Windows
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenVPN
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\Betternet
    2016-04-01 19:09 - 2016-04-01 19:10 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\ABBY\Downloads\BetternetForWindows.exe
    2016-04-01 18:33 - 2016-04-01 18:34 - 00000126 _____ C:\Users\ABBY\Documents\New Internet Shortcut.url
    2016-04-01 17:38 - 2016-04-01 17:38 - 00064024 _____ C:\Users\ABBY\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-31 15:59 - 2016-03-31 15:59 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\9-lab
    2016-03-31 15:37 - 2016-04-01 19:16 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Everything
    2016-03-31 15:35 - 2016-03-31 16:00 - 00000000 ____D C:\Program Files\Unlocker
    2016-03-31 15:35 - 2016-03-31 15:35 - 01078591 _____ C:\Users\ABBY\Downloads\Unlocker1.9.2.exe
    2016-03-31 15:35 - 2016-03-31 15:35 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2016-03-31 15:29 - 2016-03-31 15:29 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-03-31 14:21 - 2016-03-31 14:28 - 00000000 ____D C:\Users\ABBY\AppData\Local\Mozilla
    2016-03-31 14:21 - 2016-03-31 14:21 - 00001413 _____ C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Mozilla
    2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Adobe
    2016-03-31 14:20 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000020 ___SH C:\Users\ABBY\ntuser.ini
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\My Documents
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Videos
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Pictures
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Music
    2016-03-31 14:20 - 2009-07-14 03:45 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Media Center Programs
    2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
    2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
    2016-03-31 14:11 - 2016-03-31 14:11 - 01371668 _____ (Igor Pavlov) C:\Users\L512\Downloads\7z1514-x64.exe
    2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\7-Zip
    2016-03-31 14:10 - 2016-03-31 14:10 - 02906475 _____ C:\Users\L512\Downloads\Iso-burner.zip
    2016-03-31 14:08 - 2016-03-31 14:34 - 00000000 ____D C:\Users\L512\AppData\Roaming\Everything
    2016-03-31 14:08 - 2016-03-31 14:08 - 00559063 _____ () C:\Users\L512\Downloads\Everything-1.3.4.686.x64-Setup.exe
    2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Users\L512\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
    2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Program Files\Everything
    2016-03-31 13:56 - 2016-03-31 14:05 - 150132064 _____ C:\Users\L512\Downloads\likenewpc.iso
    2016-03-31 13:54 - 2016-03-31 14:09 - 00000000 ____D C:\PcPinPoint
    2016-03-31 13:54 - 2016-03-31 13:54 - 03892312 _____ (PCPinpoint Technologies, Inc.) C:\Users\L512\Downloads\LikeNEWPCSetup(1).exe
    2016-03-07 00:33 - 2016-03-07 00:33 - 00266800 _____ (SecureAge Technology) C:\Windows\system32\Drivers\saappctl.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-02 03:09 - 2015-08-06 19:27 - 00000000 ____D C:\FRST
    2016-04-02 03:09 - 2015-08-06 18:44 - 05945091 _____ C:\Windows\system32\Drivers\whitelist2.sa
    2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-04-02 02:59 - 2009-07-14 01:13 - 00781538 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-02 02:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-04-02 02:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-01 20:06 - 2015-06-29 15:34 - 00000000 ____D C:\Program Files (x86)\Intel
    2016-04-01 16:12 - 2016-02-26 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-03-31 14:21 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
    2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\Program Files\SecureAge

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-04-01 20:26

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by ABBY (2016-04-02 03:09:51)
    Running from C:\Users\ABBY\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2015-06-29 19:24:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    ABBY (S-1-5-21-683020248-1173552633-2081973050-1003 - Administrator - Enabled) => C:\Users\ABBY
    Administrator (S-1-5-21-683020248-1173552633-2081973050-500 - Administrator - Disabled)
    Guest (S-1-5-21-683020248-1173552633-2081973050-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-683020248-1173552633-2081973050-1002 - Limited - Enabled)
    L512 (S-1-5-21-683020248-1173552633-2081973050-1000 - Administrator - Enabled) => C:\Users\L512

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: SecureAPlus (Enabled - Up to date) {209BCB1E-B70B-1109-E820-577DD6FDBAA0}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
    Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.139) (Version: 3.5.0.139 - Kardo Kristal)
    Crystal Security (x32 Version: 3.5.0.139 - Kardo Kristal) Hidden
    Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
    Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)
    Integrated Camera TWAIN Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 1.6.0.4 - Suyin Optronics Corp.)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.35.3 - JMicron Technology Corp.)
    Lenovo Docking Detection (HKLM-x32\...\InstallShield_{9603725A-D8F9-4C77-A419-6314C7AE698C}) (Version: 1.0.0.1 - Lenovo)
    Lenovo Docking Detection (x32 Version: 1.0.0.1 - Lenovo) Hidden
    Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
    Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
    Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
    Popcorn-Time (HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
    Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
    PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.36.0.0 - Goversoft LLC)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
    SecureAPlus v4.2.0 (HKLM\...\SecureAPlus) (Version: 4.2.0 - SecureAge Technology)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
    ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
    ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
    ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
    Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {105B501F-6A44-4F21-8A1B-4B63DC4E0DF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {10905D55-D563-4536-8CEA-24C52FA1C9BE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {23531724-F3A9-4789-8EBF-812CD3D20A16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {323979C9-6E88-49DD-9246-69A9024B318B} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
    Task: {42AD88B6-BAB8-4DDD-BB41-B048EA348903} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
    Task: {804B55C0-02AF-4677-B67B-E3CBEFF7F596} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {AB89AD20-5AFB-46F1-825D-5F13049A82FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {AEC886A3-C6F5-478C-9A9D-A811DE829755} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B3E73506-6A06-424E-A050-52DB9A91E9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {BB22A832-F7D3-4E98-8F96-63F298E0087C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {BBB45B98-09D4-41A5-B1D7-FFD5F344366B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {BE62C135-F6F5-4678-8AFC-580936286DEE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {EB23D5E1-56D4-4723-9CD2-704C95C37E7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2015-08-07 16:13 - 2015-08-07 16:13 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
    2014-08-14 03:42 - 2014-08-14 03:42 - 00068096 _____ () C:\Windows\system32\Everything64.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-683020248-1173552633-2081973050-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AcPrfMgrSvc => 2
    MSCONFIG\Services: AcSvc => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: btwdins => 2
    MSCONFIG\Services: IBMPMSVC => 2
    MSCONFIG\Services: LENOVO.CAMMUTE => 2
    MSCONFIG\Services: LENOVO.MICMUTE => 2
    MSCONFIG\Services: LENOVO.TPKNRSVC => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: Power Manager DBC Service => 3
    MSCONFIG\Services: PwmEWSvc => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: TPHKLOAD => 2
    MSCONFIG\Services: TPHKSVC => 2
    MSCONFIG\Services: UNS => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Crystal Security => C:\Program Files (x86)\Crystal Security\Crystal Security.exe
    MSCONFIG\startupreg: DockingDetection => C:\PROGRA~2\Lenovo\LENOVO~1\DOCKIN~1.EXE
    MSCONFIG\startupreg: Everything => "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TpShocks => TpShocks.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{DF75B3B3-71D6-45E3-92FC-DE64CBDAF6F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{4928CC18-5668-428C-82C6-6E37E3A45ADF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C897DA89-8E2F-49CD-9A20-A943D14DD928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EFCE93DF-9CD7-4C30-876A-A83BD6DBCB78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{72B9DEB3-5E91-4872-A9B9-7DE1B76CFEEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{8E862396-36D7-46BF-B3A2-311CA95862A5}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{F4FB4B5B-3E4F-4A7A-9C50-325C26936B4D}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [TCP Query User{36CCA721-212D-40A0-8158-7F96EBBB0503}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
    FirewallRules: [UDP Query User{955E8273-C2EC-42EB-90B9-4B2EA5593775}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe

    ==================== Restore Points =========================

    24-07-2015 11:01:11 Windows Update
    27-07-2015 10:57:40 Windows Update
    30-07-2015 17:54:52 Windows Update
    04-08-2015 11:04:09 Windows Update
    06-08-2015 18:25:40 Removed Lenovo System Update.
    03-02-2016 02:55:40 Scheduled Checkpoint
    01-04-2016 19:10:40 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/02/2016 03:02:02 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
    Exception code: 0xe0434352
    Fault offset: 0x000000000000b3dd
    Faulting process id: 0x998
    Faulting application start time: 0xBetternet.exe0
    Faulting application path: Betternet.exe1
    Faulting module path: Betternet.exe2
    Report Id: Betternet.exe3

    Error: (04/02/2016 03:02:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Betternet.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.IOException
    Stack:
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
    at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
    at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
    at Betternet.Windows.Interface.MainWindow.ParseConfig()
    at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Threading.ThreadHelper.ThreadStart()

    Error: (04/01/2016 11:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
    Exception code: 0xe0434352
    Fault offset: 0x000000000000b3dd
    Faulting process id: 0xa60
    Faulting application start time: 0xBetternet.exe0
    Faulting application path: Betternet.exe1
    Faulting module path: Betternet.exe2
    Report Id: Betternet.exe3

    Error: (04/01/2016 11:22:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Betternet.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.IOException
    Stack:
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
    at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
    at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
    at Betternet.Windows.Interface.MainWindow.ParseConfig()
    at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Threading.ThreadHelper.ThreadStart()

    Error: (04/01/2016 11:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
    Exception code: 0xe0434352
    Fault offset: 0x000000000000b3dd
    Faulting process id: 0xa30
    Faulting application start time: 0xBetternet.exe0
    Faulting application path: Betternet.exe1
    Faulting module path: Betternet.exe2
    Report Id: Betternet.exe3

    Error: (04/01/2016 11:14:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Betternet.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.IOException
    Stack:
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
    at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
    at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
    at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Threading.ThreadHelper.ThreadStart(System.Object)

    Error: (04/01/2016 11:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
    Exception code: 0xe0434352
    Fault offset: 0x000000000000b3dd
    Faulting process id: 0x55c
    Faulting application start time: 0xBetternet.exe0
    Faulting application path: Betternet.exe1
    Faulting module path: Betternet.exe2
    Report Id: Betternet.exe3

    Error: (04/01/2016 11:13:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Betternet.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.IOException
    Stack:
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
    at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
    at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
    at Betternet.Windows.Interface.MainWindow.ParseConfig()
    at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Threading.ThreadHelper.ThreadStart()

    Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
    Description: The index cannot be initialized.

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application

    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


    System errors:
    =============
    Error: (04/01/2016 08:07:00 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 8:05:26 PM on ‎4/‎1/‎2016 was unexpected.

    Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1053

    Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.

    Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Search service terminated with service-specific error %%-1073473535.

    Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1053

    Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.

    Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1053

    Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.

    Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Search service failed to start due to the following error:
    %%1053


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
    Percentage of memory in use: 36%
    Total physical RAM: 3892.45 MB
    Available physical RAM: 2466.21 MB
    Total Virtual: 7783.11 MB
    Available Virtual: 6197.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:297.99 GB) (Free:260.42 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E464E684)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  2. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,388
    Likes Received:
    523
    Trophy Points:
    123
    Hello and welcome to the forum.

    I note from the log that you have Malwarebytes Antimalware installed. Please update it and run a full scan, once done post the scan log back here.

    Please also provide a new FRST log.
     
    AndroidOS likes this.
  3. Helpmeplease2

    Helpmeplease2 New Member iHF Regular iHF Newbie

    Joined:
    Apr 1, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Malwarebuyes found nothing, so the FRST log is the same.
     
  4. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,388
    Likes Received:
    523
    Trophy Points:
    123
    Please post both of those logs... I need to assess all logs to make an informed analysis..
     
    Cameldung likes this.
  5. Helpmeplease2

    Helpmeplease2 New Member iHF Regular iHF Newbie

    Joined:
    Apr 1, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    THE FRST log is the same. Since Malwarebytes found nothing.
     
  6. Cameldung

    Cameldung I Like It Here iHF Veteran Advisor WCG Team Member

    Joined:
    May 17, 2014
    Messages:
    5,381
    Likes Received:
    2,231
    Trophy Points:
    323
  7. Helpmeplease2

    Helpmeplease2 New Member iHF Regular iHF Newbie

    Joined:
    Apr 1, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Is this a joke? I am asking for help here, malwarebytes did not detect anything. How will posting a log that shows it did not detect anything help you?
     
  8. Lord Chance

    Lord Chance iHelpForum Jester & Door Greeter iHF Veteran Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    2,381
    Likes Received:
    2,015
    Trophy Points:
    273
    To be able to help you it is necessary to provide any and all requested logs and information. The logs show other processes working and non working. Not just things pertaining to malware. We have some of the most knowledgeable Security Advisors around and they are eager to help. By the way, disregard the funny men hiding behind the curtains. They are just here for comic relief. :)
     
    DCiAdmin and Arctos like this.
  9. Helpmeplease2

    Helpmeplease2 New Member iHF Regular iHF Newbie

    Joined:
    Apr 1, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2016-04-03
    Scan Time: 1:00 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.04.03.06
    Rootkit Database: v2016.03.30.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: ABBY

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 439388
    Time Elapsed: 28 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. Helpmeplease2

    Helpmeplease2 New Member iHF Regular iHF Newbie

    Joined:
    Apr 1, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by ABBY (administrator) on L512-PC (03-04-2016 13:00:16)
    Running from C:\Users\ABBY\Desktop
    Loaded Profiles: ABBY (Available Profiles: L512 & ABBY)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
    (SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
    (SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
    (SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [9676328 2016-03-13] (SecureAge Technology)
    HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [23777320 2016-03-13] (SecureAge Technology)
    Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
    HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-29] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{A7E86C48-776E-4852-82AE-BA5B5CA1E431}: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{B0F88040-E3F2-4DAE-AD4D-E4BA533A55CD}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{D2109156-E5A7-454B-A7F8-FBBD36DDD4CB}: [DhcpNameServer] 10.16.0.1

    Internet Explorer:
    ==================
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default
    FF DefaultSearchEngine.US: DuckDuckGo
    FF Homepage: hxxp://goat.com/
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
    FF Extension: Greasemonkey - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-03-31]
    FF Extension: Self-Destructing Cookies - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-03-31]
    FF Extension: uBlock Origin - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-31]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
    R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [925736 2016-03-13] (SecureAge Technology)
    R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [211496 2016-03-13] (SecureAge Technology)
    R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1046568 2016-03-13] (SecureAge Technology)
    R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1181224 2016-03-13] (SecureAge Technology)
    R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [1009192 2016-03-13] (SecureAge Technology)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [266800 2016-03-07] (SecureAge Technology)
    R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-12-10] (SecureAge Technology)
    R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-03 13:00 - 2016-04-03 13:00 - 00007946 _____ C:\Users\ABBY\Desktop\FRST.txt
    2016-04-03 12:59 - 2016-04-03 13:00 - 02374144 _____ (Farbar) C:\Users\ABBY\Desktop\FRST64.exe
    2016-04-03 02:19 - 2016-04-03 02:19 - 05863952 _____ (SosVirus) C:\Users\ABBY\Downloads\adsfix_3_02.04.2016.3.exe
    2016-04-03 02:11 - 2016-04-03 02:11 - 00002496 _____ C:\Users\ABBY\Downloads\Rkill.txt
    2016-04-03 02:11 - 2016-04-03 02:11 - 00001029 _____ C:\Users\ABBY\Downloads\ComboFix-quarantined-files.txt
    2016-04-02 18:24 - 2016-04-02 18:25 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-04-02 17:13 - 2016-04-02 17:13 - 00000715 _____ C:\Users\L512\Desktop\WebBrowserPassView.cfg
    2016-04-02 17:11 - 2015-12-29 09:37 - 00018232 _____ C:\Users\L512\Desktop\WebBrowserPassView.chm
    2016-04-02 17:11 - 2015-12-29 09:37 - 00012763 _____ C:\Users\L512\Desktop\readme.txt
    2016-04-01 23:13 - 2016-04-03 02:32 - 00000000 ____D C:\Users\ABBY\AppData\Local\CrashDumps
    2016-04-01 19:20 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
    2016-04-01 19:19 - 2016-04-02 03:26 - 00000000 ____D C:\Users\ABBY\AppData\Local\Popcorn-Time
    2016-04-01 19:17 - 2016-04-01 19:19 - 34052006 _____ (Popcorn Time) C:\Users\ABBY\Downloads\Popcorn-Time-0.3.9-Setup.exe
    2016-04-01 19:11 - 2016-04-02 03:01 - 00000000 ____D C:\ProgramData\Betternet
    2016-04-01 19:11 - 2016-04-01 19:11 - 00000000 ____D C:\Users\ABBY\AppData\Local\Betternet_Technologies_In
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Users\ABBY\AppData\Local\Downloaded Installations
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files\TAP-Windows
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenVPN
    2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\Betternet
    2016-04-01 19:09 - 2016-04-01 19:10 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\ABBY\Downloads\BetternetForWindows.exe
    2016-04-01 18:33 - 2016-04-01 18:34 - 00000126 _____ C:\Users\ABBY\Documents\New Internet Shortcut.url
    2016-04-01 17:38 - 2016-04-01 17:38 - 00064024 _____ C:\Users\ABBY\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-03-31 15:59 - 2016-03-31 15:59 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\9-lab
    2016-03-31 15:37 - 2016-04-03 02:38 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Everything
    2016-03-31 15:35 - 2016-03-31 16:00 - 00000000 ____D C:\Program Files\Unlocker
    2016-03-31 15:35 - 2016-03-31 15:35 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
    2016-03-31 14:21 - 2016-03-31 14:28 - 00000000 ____D C:\Users\ABBY\AppData\Local\Mozilla
    2016-03-31 14:21 - 2016-03-31 14:21 - 00001413 _____ C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Mozilla
    2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Adobe
    2016-03-31 14:20 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000020 ___SH C:\Users\ABBY\ntuser.ini
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\My Documents
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Videos
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Pictures
    2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Music
    2016-03-31 14:20 - 2009-07-14 03:45 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Media Center Programs
    2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
    2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
    2016-03-31 14:11 - 2016-03-31 14:11 - 01371668 _____ (Igor Pavlov) C:\Users\L512\Downloads\7z1514-x64.exe
    2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\7-Zip
    2016-03-31 14:10 - 2016-03-31 14:10 - 02906475 _____ C:\Users\L512\Downloads\Iso-burner.zip
    2016-03-31 14:08 - 2016-03-31 14:34 - 00000000 ____D C:\Users\L512\AppData\Roaming\Everything
    2016-03-31 14:08 - 2016-03-31 14:08 - 00559063 _____ () C:\Users\L512\Downloads\Everything-1.3.4.686.x64-Setup.exe
    2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Users\L512\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
    2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Program Files\Everything
    2016-03-31 13:56 - 2016-03-31 14:05 - 150132064 _____ C:\Users\L512\Downloads\likenewpc.iso
    2016-03-31 13:54 - 2016-03-31 14:09 - 00000000 ____D C:\PcPinPoint
    2016-03-31 13:54 - 2016-03-31 13:54 - 03892312 _____ (PCPinpoint Technologies, Inc.) C:\Users\L512\Downloads\LikeNEWPCSetup(1).exe
    2016-03-07 00:33 - 2016-03-07 00:33 - 00266800 _____ (SecureAge Technology) C:\Windows\system32\Drivers\saappctl.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-03 13:00 - 2015-08-06 19:27 - 00000000 ____D C:\FRST
    2016-04-03 12:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-03 12:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-04-03 11:51 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-04-03 11:51 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-04-03 11:48 - 2009-07-14 01:13 - 00781538 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-03 02:19 - 2015-08-06 18:44 - 05946776 _____ C:\Windows\system32\Drivers\whitelist2.sa
    2016-04-03 00:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system
    2016-04-02 22:48 - 2015-06-30 12:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-04-02 16:04 - 2016-02-26 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-04-01 20:06 - 2015-06-29 15:34 - 00000000 ____D C:\Program Files (x86)\Intel
    2016-03-31 14:21 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
    2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\Program Files\SecureAge

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll
    [2015-08-02 03:28] - [2015-08-02 03:28] - 0680256 ____N () D41D8CD98F00B204E9800998ECF8427E

    C:\Windows\system32\dnsapi.dll => no Company Name <===== ATTENTION

    C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-04-01 20:26

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by ABBY (2016-04-03 13:01:12)
    Running from C:\Users\ABBY\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2015-06-29 19:24:57)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    ABBY (S-1-5-21-683020248-1173552633-2081973050-1003 - Administrator - Enabled) => C:\Users\ABBY
    Administrator (S-1-5-21-683020248-1173552633-2081973050-500 - Administrator - Disabled)
    Guest (S-1-5-21-683020248-1173552633-2081973050-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-683020248-1173552633-2081973050-1002 - Limited - Enabled)
    L512 (S-1-5-21-683020248-1173552633-2081973050-1000 - Administrator - Enabled) => C:\Users\L512

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: SecureAPlus (Enabled - Up to date) {209BCB1E-B70B-1109-E820-577DD6FDBAA0}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
    Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
    Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
    Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
    Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.139) (Version: 3.5.0.139 - Kardo Kristal)
    Crystal Security (x32 Version: 3.5.0.139 - Kardo Kristal) Hidden
    Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
    Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)
    Integrated Camera TWAIN Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 1.6.0.4 - Suyin Optronics Corp.)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.35.3 - JMicron Technology Corp.)
    Lenovo Docking Detection (HKLM-x32\...\InstallShield_{9603725A-D8F9-4C77-A419-6314C7AE698C}) (Version: 1.0.0.1 - Lenovo)
    Lenovo Docking Detection (x32 Version: 1.0.0.1 - Lenovo) Hidden
    Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
    Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
    Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
    Popcorn-Time (HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
    Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
    PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.36.0.0 - Goversoft LLC)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
    SecureAPlus v4.2.0 (HKLM\...\SecureAPlus) (Version: 4.2.0 - SecureAge Technology)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
    ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
    ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
    ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
    Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {105B501F-6A44-4F21-8A1B-4B63DC4E0DF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {10905D55-D563-4536-8CEA-24C52FA1C9BE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {23531724-F3A9-4789-8EBF-812CD3D20A16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {323979C9-6E88-49DD-9246-69A9024B318B} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
    Task: {42AD88B6-BAB8-4DDD-BB41-B048EA348903} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
    Task: {804B55C0-02AF-4677-B67B-E3CBEFF7F596} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {AB89AD20-5AFB-46F1-825D-5F13049A82FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {AEC886A3-C6F5-478C-9A9D-A811DE829755} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {B3E73506-6A06-424E-A050-52DB9A91E9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {BB22A832-F7D3-4E98-8F96-63F298E0087C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {BBB45B98-09D4-41A5-B1D7-FFD5F344366B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {BE62C135-F6F5-4678-8AFC-580936286DEE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {EB23D5E1-56D4-4723-9CD2-704C95C37E7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2015-08-07 16:13 - 2015-08-07 16:13 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
    2014-08-14 03:42 - 2014-08-14 03:42 - 00068096 _____ () C:\Windows\system32\Everything64.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-683020248-1173552633-2081973050-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AcPrfMgrSvc => 2
    MSCONFIG\Services: AcSvc => 2
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: btwdins => 2
    MSCONFIG\Services: IBMPMSVC => 2
    MSCONFIG\Services: LENOVO.CAMMUTE => 2
    MSCONFIG\Services: LENOVO.MICMUTE => 2
    MSCONFIG\Services: LENOVO.TPKNRSVC => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: Power Manager DBC Service => 3
    MSCONFIG\Services: PwmEWSvc => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: TPHKLOAD => 2
    MSCONFIG\Services: TPHKSVC => 2
    MSCONFIG\Services: UNS => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Crystal Security => C:\Program Files (x86)\Crystal Security\Crystal Security.exe
    MSCONFIG\startupreg: DockingDetection => C:\PROGRA~2\Lenovo\LENOVO~1\DOCKIN~1.EXE
    MSCONFIG\startupreg: Everything => "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TpShocks => TpShocks.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{DF75B3B3-71D6-45E3-92FC-DE64CBDAF6F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{4928CC18-5668-428C-82C6-6E37E3A45ADF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C897DA89-8E2F-49CD-9A20-A943D14DD928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EFCE93DF-9CD7-4C30-876A-A83BD6DBCB78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{72B9DEB3-5E91-4872-A9B9-7DE1B76CFEEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{8E862396-36D7-46BF-B3A2-311CA95862A5}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [UDP Query User{F4FB4B5B-3E4F-4A7A-9C50-325C26936B4D}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
    FirewallRules: [TCP Query User{36CCA721-212D-40A0-8158-7F96EBBB0503}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
    FirewallRules: [UDP Query User{955E8273-C2EC-42EB-90B9-4B2EA5593775}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe

    ==================== Restore Points =========================

    24-07-2015 11:01:11 Windows Update
    27-07-2015 10:57:40 Windows Update
    30-07-2015 17:54:52 Windows Update
    04-08-2015 11:04:09 Windows Update
    06-08-2015 18:25:40 Removed Lenovo System Update.
    03-02-2016 02:55:40 Scheduled Checkpoint
    01-04-2016 19:10:40 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/03/2016 01:43:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
    Exception code: 0xe0434352
    Fault offset: 0x000000000000b3dd
    Faulting process id: 0xd40
    Faulting application start time: 0xBetternet.exe0
    Faulting application path: Betternet.exe1
    Faulting module path: Betternet.exe2
    Report Id: Betternet.exe3

    Error: (04/03/2016 01:43:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Betternet.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.IO.IOException
    Stack:
    at System.IO.__Error.WinIOError(Int32, System.String)
    at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
    at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
    at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
    at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
    at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
    at System.Threading.ThreadHelper.ThreadStart(System.Object)


    System errors:
    =============

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
    Percentage of memory in use: 34%
    Total physical RAM: 3892.45 MB
    Available physical RAM: 2540.9 MB
    Total Virtual: 7783.11 MB
    Available Virtual: 6273.41 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:297.99 GB) (Free:261.1 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E464E684)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  11. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,388
    Likes Received:
    523
    Trophy Points:
    123
    Thanks for those logs..
    Let's see if we can make a little progress with this..
    Can you see if it appears in the Uninstall a Program list.
    To do this click Start then select Control Panel followed by Uninstall a Program
    Scroll through the listed programs and locate DNS Unlocker, once found, Right click on it and select Uninstall from the list that appears.

    Once the process has completed..

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search and then hit Clean after it's done the first Search scan.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    Next..

    Please download the latest version of Hitman Pro from one of the following locations:

    For 32-Bit Operating Systems
    For 64-Bit Operating Systems


    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location.
    • To continue with the removal process Click Next
    • Click Activate free trial to start the removal process.
    • Upload log.xml here for review please
     
  12. Helpmeplease2

    Helpmeplease2 New Member iHF Regular iHF Newbie

    Joined:
    Apr 1, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    After running adware cleaner I have no internet. What do I do?
     
  13. driver_ian

    driver_ian In at the Deep End... Administrator iHF Legend Security Advisor

    Joined:
    May 2, 2014
    Messages:
    2,388
    Likes Received:
    523
    Trophy Points:
    123
    Please transfer the logs to another computer with Internet access using a flash drive and upload them from there. The Hitman Pro setup files can be transfered to the affected computer the same way.. via a flash drive.
     
    Malnutrition likes this.
  14. Cameldung

    Cameldung I Like It Here iHF Veteran Advisor WCG Team Member

    Joined:
    May 17, 2014
    Messages:
    5,381
    Likes Received:
    2,231
    Trophy Points:
    323
    How did you post this?
     
  15. DCiAdmin

    DCiAdmin Always room to learn a bit more Administrator iHF Legend WCG Team Member

    Joined:
    May 2, 2014
    Messages:
    1,529
    Likes Received:
    815
    Trophy Points:
    123
Loading...

Share This Page