• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

Having DNS Unlocker PopUps.

Helpmeplease2

New Member
iHF Newbie
iHF Regular
#1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by ABBY (administrator) on L512-PC (02-04-2016 03:09:17)
Running from C:\Users\ABBY\Desktop
Loaded Profiles: ABBY (Available Profiles: L512 & ABBY)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
(SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [9676328 2016-03-13] (SecureAge Technology)
HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [23777320 2016-03-13] (SecureAge Technology)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-29] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A7E86C48-776E-4852-82AE-BA5B5CA1E431}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{B0F88040-E3F2-4DAE-AD4D-E4BA533A55CD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D2109156-E5A7-454B-A7F8-FBBD36DDD4CB}: [DhcpNameServer] 10.16.0.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://goat.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Greasemonkey - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-03-31]
FF Extension: Self-Destructing Cookies - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-03-31]
FF Extension: uBlock Origin - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [925736 2016-03-13] (SecureAge Technology)
R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [211496 2016-03-13] (SecureAge Technology)
R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1046568 2016-03-13] (SecureAge Technology)
R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1181224 2016-03-13] (SecureAge Technology)
R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [1009192 2016-03-13] (SecureAge Technology)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [266800 2016-03-07] (SecureAge Technology)
R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-12-10] (SecureAge Technology)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 03:09 - 2016-04-02 03:09 - 00007946 _____ C:\Users\ABBY\Desktop\FRST.txt
2016-04-02 03:08 - 2016-04-02 03:08 - 02374144 _____ (Farbar) C:\Users\ABBY\Desktop\FRST64.exe
2016-04-01 23:13 - 2016-04-02 03:03 - 00000000 ____D C:\Users\ABBY\AppData\Local\CrashDumps
2016-04-01 19:20 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-04-01 19:19 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Local\Popcorn-Time
2016-04-01 19:17 - 2016-04-01 19:19 - 34052006 _____ (Popcorn Time) C:\Users\ABBY\Downloads\Popcorn-Time-0.3.9-Setup.exe
2016-04-01 19:11 - 2016-04-02 03:01 - 00000000 ____D C:\ProgramData\Betternet
2016-04-01 19:11 - 2016-04-01 19:11 - 00000000 ____D C:\Users\ABBY\AppData\Local\Betternet_Technologies_In
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Users\ABBY\AppData\Local\Downloaded Installations
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-04-01 19:09 - 2016-04-01 19:10 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\ABBY\Downloads\BetternetForWindows.exe
2016-04-01 18:33 - 2016-04-01 18:34 - 00000126 _____ C:\Users\ABBY\Documents\New Internet Shortcut.url
2016-04-01 17:38 - 2016-04-01 17:38 - 00064024 _____ C:\Users\ABBY\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-31 15:59 - 2016-03-31 15:59 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\9-lab
2016-03-31 15:37 - 2016-04-01 19:16 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Everything
2016-03-31 15:35 - 2016-03-31 16:00 - 00000000 ____D C:\Program Files\Unlocker
2016-03-31 15:35 - 2016-03-31 15:35 - 01078591 _____ C:\Users\ABBY\Downloads\Unlocker1.9.2.exe
2016-03-31 15:35 - 2016-03-31 15:35 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-03-31 15:29 - 2016-03-31 15:29 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 14:21 - 2016-03-31 14:28 - 00000000 ____D C:\Users\ABBY\AppData\Local\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00001413 _____ C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Adobe
2016-03-31 14:20 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY
2016-03-31 14:20 - 2016-03-31 14:20 - 00000020 ___SH C:\Users\ABBY\ntuser.ini
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\My Documents
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Videos
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Pictures
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Music
2016-03-31 14:20 - 2009-07-14 03:45 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Media Center Programs
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
2016-03-31 14:11 - 2016-03-31 14:11 - 01371668 _____ (Igor Pavlov) C:\Users\L512\Downloads\7z1514-x64.exe
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\7-Zip
2016-03-31 14:10 - 2016-03-31 14:10 - 02906475 _____ C:\Users\L512\Downloads\Iso-burner.zip
2016-03-31 14:08 - 2016-03-31 14:34 - 00000000 ____D C:\Users\L512\AppData\Roaming\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00559063 _____ () C:\Users\L512\Downloads\Everything-1.3.4.686.x64-Setup.exe
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Users\L512\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Program Files\Everything
2016-03-31 13:56 - 2016-03-31 14:05 - 150132064 _____ C:\Users\L512\Downloads\likenewpc.iso
2016-03-31 13:54 - 2016-03-31 14:09 - 00000000 ____D C:\PcPinPoint
2016-03-31 13:54 - 2016-03-31 13:54 - 03892312 _____ (PCPinpoint Technologies, Inc.) C:\Users\L512\Downloads\LikeNEWPCSetup(1).exe
2016-03-07 00:33 - 2016-03-07 00:33 - 00266800 _____ (SecureAge Technology) C:\Windows\system32\Drivers\saappctl.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 03:09 - 2015-08-06 19:27 - 00000000 ____D C:\FRST
2016-04-02 03:09 - 2015-08-06 18:44 - 05945091 _____ C:\Windows\system32\Drivers\whitelist2.sa
2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-02 02:59 - 2009-07-14 01:13 - 00781538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-02 02:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-02 02:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 20:06 - 2015-06-29 15:34 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-01 16:12 - 2016-02-26 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-31 14:21 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\Program Files\SecureAge

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-01 20:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by ABBY (2016-04-02 03:09:51)
Running from C:\Users\ABBY\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-29 19:24:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ABBY (S-1-5-21-683020248-1173552633-2081973050-1003 - Administrator - Enabled) => C:\Users\ABBY
Administrator (S-1-5-21-683020248-1173552633-2081973050-500 - Administrator - Disabled)
Guest (S-1-5-21-683020248-1173552633-2081973050-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683020248-1173552633-2081973050-1002 - Limited - Enabled)
L512 (S-1-5-21-683020248-1173552633-2081973050-1000 - Administrator - Enabled) => C:\Users\L512

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: SecureAPlus (Enabled - Up to date) {209BCB1E-B70B-1109-E820-577DD6FDBAA0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.139) (Version: 3.5.0.139 - Kardo Kristal)
Crystal Security (x32 Version: 3.5.0.139 - Kardo Kristal) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)
Integrated Camera TWAIN Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 1.6.0.4 - Suyin Optronics Corp.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.35.3 - JMicron Technology Corp.)
Lenovo Docking Detection (HKLM-x32\...\InstallShield_{9603725A-D8F9-4C77-A419-6314C7AE698C}) (Version: 1.0.0.1 - Lenovo)
Lenovo Docking Detection (x32 Version: 1.0.0.1 - Lenovo) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Popcorn-Time (HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.36.0.0 - Goversoft LLC)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
SecureAPlus v4.2.0 (HKLM\...\SecureAPlus) (Version: 4.2.0 - SecureAge Technology)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {105B501F-6A44-4F21-8A1B-4B63DC4E0DF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {10905D55-D563-4536-8CEA-24C52FA1C9BE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {23531724-F3A9-4789-8EBF-812CD3D20A16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {323979C9-6E88-49DD-9246-69A9024B318B} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {42AD88B6-BAB8-4DDD-BB41-B048EA348903} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {804B55C0-02AF-4677-B67B-E3CBEFF7F596} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AB89AD20-5AFB-46F1-825D-5F13049A82FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AEC886A3-C6F5-478C-9A9D-A811DE829755} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B3E73506-6A06-424E-A050-52DB9A91E9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BB22A832-F7D3-4E98-8F96-63F298E0087C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBB45B98-09D4-41A5-B1D7-FFD5F344366B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BE62C135-F6F5-4678-8AFC-580936286DEE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB23D5E1-56D4-4723-9CD2-704C95C37E7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-08-07 16:13 - 2015-08-07 16:13 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2014-08-14 03:42 - 2014-08-14 03:42 - 00068096 _____ () C:\Windows\system32\Everything64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-683020248-1173552633-2081973050-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcPrfMgrSvc => 2
MSCONFIG\Services: AcSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: LENOVO.CAMMUTE => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: TPHKSVC => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Crystal Security => C:\Program Files (x86)\Crystal Security\Crystal Security.exe
MSCONFIG\startupreg: DockingDetection => C:\PROGRA~2\Lenovo\LENOVO~1\DOCKIN~1.EXE
MSCONFIG\startupreg: Everything => "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DF75B3B3-71D6-45E3-92FC-DE64CBDAF6F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4928CC18-5668-428C-82C6-6E37E3A45ADF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C897DA89-8E2F-49CD-9A20-A943D14DD928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EFCE93DF-9CD7-4C30-876A-A83BD6DBCB78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72B9DEB3-5E91-4872-A9B9-7DE1B76CFEEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8E862396-36D7-46BF-B3A2-311CA95862A5}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{F4FB4B5B-3E4F-4A7A-9C50-325C26936B4D}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{36CCA721-212D-40A0-8158-7F96EBBB0503}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{955E8273-C2EC-42EB-90B9-4B2EA5593775}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe

==================== Restore Points =========================

24-07-2015 11:01:11 Windows Update
27-07-2015 10:57:40 Windows Update
30-07-2015 17:54:52 Windows Update
04-08-2015 11:04:09 Windows Update
06-08-2015 18:25:40 Removed Lenovo System Update.
03-02-2016 02:55:40 Scheduled Checkpoint
01-04-2016 19:10:40 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2016 03:02:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x998
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3

Error: (04/02/2016 03:02:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (04/01/2016 11:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0xa60
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3

Error: (04/01/2016 11:22:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (04/01/2016 11:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0xa30
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3

Error: (04/01/2016 11:14:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (04/01/2016 11:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x55c
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3

Error: (04/01/2016 11:13:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/01/2016 08:07:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:05:26 PM on ‎4/‎1/‎2016 was unexpected.

Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.

Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.

Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.

Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3892.45 MB
Available physical RAM: 2466.21 MB
Total Virtual: 7783.11 MB
Available Virtual: 6197.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:260.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E464E684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

Helpmeplease2

New Member
iHF Newbie
iHF Regular
#7
Is this a joke? I am asking for help here, malwarebytes did not detect anything. How will posting a log that shows it did not detect anything help you?
 

Lord Chance

iHelpForum Jester & Door Greeter
iHF Veteran
Advisor
WCG Team Member
#8
Is this a joke? I am asking for help here, malwarebytes did not detect anything. How will posting a log that shows it did not detect anything help you?
To be able to help you it is necessary to provide any and all requested logs and information. The logs show other processes working and non working. Not just things pertaining to malware. We have some of the most knowledgeable Security Advisors around and they are eager to help. By the way, disregard the funny men hiding behind the curtains. They are just here for comic relief. :)
 

Helpmeplease2

New Member
iHF Newbie
iHF Regular
#9
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-04-03
Scan Time: 1:00 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.03.06
Rootkit Database: v2016.03.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ABBY

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439388
Time Elapsed: 28 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

Helpmeplease2

New Member
iHF Newbie
iHF Regular
#10
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by ABBY (administrator) on L512-PC (03-04-2016 13:00:16)
Running from C:\Users\ABBY\Desktop
Loaded Profiles: ABBY (Available Profiles: L512 & ABBY)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
(SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [9676328 2016-03-13] (SecureAge Technology)
HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [23777320 2016-03-13] (SecureAge Technology)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-29] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A7E86C48-776E-4852-82AE-BA5B5CA1E431}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{B0F88040-E3F2-4DAE-AD4D-E4BA533A55CD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D2109156-E5A7-454B-A7F8-FBBD36DDD4CB}: [DhcpNameServer] 10.16.0.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://goat.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Greasemonkey - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-03-31]
FF Extension: Self-Destructing Cookies - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-03-31]
FF Extension: uBlock Origin - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [925736 2016-03-13] (SecureAge Technology)
R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [211496 2016-03-13] (SecureAge Technology)
R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1046568 2016-03-13] (SecureAge Technology)
R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1181224 2016-03-13] (SecureAge Technology)
R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [1009192 2016-03-13] (SecureAge Technology)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [266800 2016-03-07] (SecureAge Technology)
R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-12-10] (SecureAge Technology)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 13:00 - 2016-04-03 13:00 - 00007946 _____ C:\Users\ABBY\Desktop\FRST.txt
2016-04-03 12:59 - 2016-04-03 13:00 - 02374144 _____ (Farbar) C:\Users\ABBY\Desktop\FRST64.exe
2016-04-03 02:19 - 2016-04-03 02:19 - 05863952 _____ (SosVirus) C:\Users\ABBY\Downloads\adsfix_3_02.04.2016.3.exe
2016-04-03 02:11 - 2016-04-03 02:11 - 00002496 _____ C:\Users\ABBY\Downloads\Rkill.txt
2016-04-03 02:11 - 2016-04-03 02:11 - 00001029 _____ C:\Users\ABBY\Downloads\ComboFix-quarantined-files.txt
2016-04-02 18:24 - 2016-04-02 18:25 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-02 17:13 - 2016-04-02 17:13 - 00000715 _____ C:\Users\L512\Desktop\WebBrowserPassView.cfg
2016-04-02 17:11 - 2015-12-29 09:37 - 00018232 _____ C:\Users\L512\Desktop\WebBrowserPassView.chm
2016-04-02 17:11 - 2015-12-29 09:37 - 00012763 _____ C:\Users\L512\Desktop\readme.txt
2016-04-01 23:13 - 2016-04-03 02:32 - 00000000 ____D C:\Users\ABBY\AppData\Local\CrashDumps
2016-04-01 19:20 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-04-01 19:19 - 2016-04-02 03:26 - 00000000 ____D C:\Users\ABBY\AppData\Local\Popcorn-Time
2016-04-01 19:17 - 2016-04-01 19:19 - 34052006 _____ (Popcorn Time) C:\Users\ABBY\Downloads\Popcorn-Time-0.3.9-Setup.exe
2016-04-01 19:11 - 2016-04-02 03:01 - 00000000 ____D C:\ProgramData\Betternet
2016-04-01 19:11 - 2016-04-01 19:11 - 00000000 ____D C:\Users\ABBY\AppData\Local\Betternet_Technologies_In
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Users\ABBY\AppData\Local\Downloaded Installations
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-04-01 19:09 - 2016-04-01 19:10 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\ABBY\Downloads\BetternetForWindows.exe
2016-04-01 18:33 - 2016-04-01 18:34 - 00000126 _____ C:\Users\ABBY\Documents\New Internet Shortcut.url
2016-04-01 17:38 - 2016-04-01 17:38 - 00064024 _____ C:\Users\ABBY\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-31 15:59 - 2016-03-31 15:59 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\9-lab
2016-03-31 15:37 - 2016-04-03 02:38 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Everything
2016-03-31 15:35 - 2016-03-31 16:00 - 00000000 ____D C:\Program Files\Unlocker
2016-03-31 15:35 - 2016-03-31 15:35 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-03-31 14:21 - 2016-03-31 14:28 - 00000000 ____D C:\Users\ABBY\AppData\Local\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00001413 _____ C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Adobe
2016-03-31 14:20 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY
2016-03-31 14:20 - 2016-03-31 14:20 - 00000020 ___SH C:\Users\ABBY\ntuser.ini
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\My Documents
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Videos
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Pictures
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Music
2016-03-31 14:20 - 2009-07-14 03:45 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Media Center Programs
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
2016-03-31 14:11 - 2016-03-31 14:11 - 01371668 _____ (Igor Pavlov) C:\Users\L512\Downloads\7z1514-x64.exe
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\7-Zip
2016-03-31 14:10 - 2016-03-31 14:10 - 02906475 _____ C:\Users\L512\Downloads\Iso-burner.zip
2016-03-31 14:08 - 2016-03-31 14:34 - 00000000 ____D C:\Users\L512\AppData\Roaming\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00559063 _____ () C:\Users\L512\Downloads\Everything-1.3.4.686.x64-Setup.exe
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Users\L512\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Program Files\Everything
2016-03-31 13:56 - 2016-03-31 14:05 - 150132064 _____ C:\Users\L512\Downloads\likenewpc.iso
2016-03-31 13:54 - 2016-03-31 14:09 - 00000000 ____D C:\PcPinPoint
2016-03-31 13:54 - 2016-03-31 13:54 - 03892312 _____ (PCPinpoint Technologies, Inc.) C:\Users\L512\Downloads\LikeNEWPCSetup(1).exe
2016-03-07 00:33 - 2016-03-07 00:33 - 00266800 _____ (SecureAge Technology) C:\Windows\system32\Drivers\saappctl.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 13:00 - 2015-08-06 19:27 - 00000000 ____D C:\FRST
2016-04-03 12:59 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-03 12:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-03 11:51 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-03 11:51 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-03 11:48 - 2009-07-14 01:13 - 00781538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-03 02:19 - 2015-08-06 18:44 - 05946776 _____ C:\Windows\system32\Drivers\whitelist2.sa
2016-04-03 00:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system
2016-04-02 22:48 - 2015-06-30 12:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-02 16:04 - 2016-02-26 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-01 20:06 - 2015-06-29 15:34 - 00000000 ____D C:\Program Files (x86)\Intel
2016-03-31 14:21 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\Program Files\SecureAge

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-08-02 03:28] - [2015-08-02 03:28] - 0680256 ____N () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\dnsapi.dll => no Company Name <===== ATTENTION

C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-01 20:26

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by ABBY (2016-04-03 13:01:12)
Running from C:\Users\ABBY\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-29 19:24:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ABBY (S-1-5-21-683020248-1173552633-2081973050-1003 - Administrator - Enabled) => C:\Users\ABBY
Administrator (S-1-5-21-683020248-1173552633-2081973050-500 - Administrator - Disabled)
Guest (S-1-5-21-683020248-1173552633-2081973050-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683020248-1173552633-2081973050-1002 - Limited - Enabled)
L512 (S-1-5-21-683020248-1173552633-2081973050-1000 - Administrator - Enabled) => C:\Users\L512

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: SecureAPlus (Enabled - Up to date) {209BCB1E-B70B-1109-E820-577DD6FDBAA0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.139) (Version: 3.5.0.139 - Kardo Kristal)
Crystal Security (x32 Version: 3.5.0.139 - Kardo Kristal) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)
Integrated Camera TWAIN Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 1.6.0.4 - Suyin Optronics Corp.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.35.3 - JMicron Technology Corp.)
Lenovo Docking Detection (HKLM-x32\...\InstallShield_{9603725A-D8F9-4C77-A419-6314C7AE698C}) (Version: 1.0.0.1 - Lenovo)
Lenovo Docking Detection (x32 Version: 1.0.0.1 - Lenovo) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Popcorn-Time (HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.36.0.0 - Goversoft LLC)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
SecureAPlus v4.2.0 (HKLM\...\SecureAPlus) (Version: 4.2.0 - SecureAge Technology)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {105B501F-6A44-4F21-8A1B-4B63DC4E0DF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {10905D55-D563-4536-8CEA-24C52FA1C9BE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {23531724-F3A9-4789-8EBF-812CD3D20A16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {323979C9-6E88-49DD-9246-69A9024B318B} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {42AD88B6-BAB8-4DDD-BB41-B048EA348903} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {804B55C0-02AF-4677-B67B-E3CBEFF7F596} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AB89AD20-5AFB-46F1-825D-5F13049A82FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AEC886A3-C6F5-478C-9A9D-A811DE829755} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B3E73506-6A06-424E-A050-52DB9A91E9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BB22A832-F7D3-4E98-8F96-63F298E0087C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBB45B98-09D4-41A5-B1D7-FFD5F344366B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BE62C135-F6F5-4678-8AFC-580936286DEE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB23D5E1-56D4-4723-9CD2-704C95C37E7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-08-07 16:13 - 2015-08-07 16:13 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2014-08-14 03:42 - 2014-08-14 03:42 - 00068096 _____ () C:\Windows\system32\Everything64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-683020248-1173552633-2081973050-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcPrfMgrSvc => 2
MSCONFIG\Services: AcSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: LENOVO.CAMMUTE => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: TPHKSVC => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Crystal Security => C:\Program Files (x86)\Crystal Security\Crystal Security.exe
MSCONFIG\startupreg: DockingDetection => C:\PROGRA~2\Lenovo\LENOVO~1\DOCKIN~1.EXE
MSCONFIG\startupreg: Everything => "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DF75B3B3-71D6-45E3-92FC-DE64CBDAF6F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4928CC18-5668-428C-82C6-6E37E3A45ADF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C897DA89-8E2F-49CD-9A20-A943D14DD928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EFCE93DF-9CD7-4C30-876A-A83BD6DBCB78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72B9DEB3-5E91-4872-A9B9-7DE1B76CFEEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8E862396-36D7-46BF-B3A2-311CA95862A5}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{F4FB4B5B-3E4F-4A7A-9C50-325C26936B4D}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{36CCA721-212D-40A0-8158-7F96EBBB0503}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{955E8273-C2EC-42EB-90B9-4B2EA5593775}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe

==================== Restore Points =========================

24-07-2015 11:01:11 Windows Update
27-07-2015 10:57:40 Windows Update
30-07-2015 17:54:52 Windows Update
04-08-2015 11:04:09 Windows Update
06-08-2015 18:25:40 Removed Lenovo System Update.
03-02-2016 02:55:40 Scheduled Checkpoint
01-04-2016 19:10:40 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2016 01:43:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0xd40
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3

Error: (04/03/2016 01:43:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)


System errors:
=============

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 3892.45 MB
Available physical RAM: 2540.9 MB
Total Virtual: 7783.11 MB
Available Virtual: 6273.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:261.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E464E684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

driver_ian

In at the Deep End...
Administrator
Security Advisor
iHF Legend
#11
Thanks for those logs..
Let's see if we can make a little progress with this..
Can you see if it appears in the Uninstall a Program list.
To do this click Start then select Control Panel followed by Uninstall a Program
Scroll through the listed programs and locate DNS Unlocker, once found, Right click on it and select Uninstall from the list that appears.

Once the process has completed..

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search and then hit Clean after it's done the first Search scan.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
Next..

Please download the latest version of Hitman Pro from one of the following locations:

For 32-Bit Operating Systems
For 64-Bit Operating Systems


  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location.
  • To continue with the removal process Click Next
  • Click Activate free trial to start the removal process.
  • Upload log.xml here for review please