Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of KeepNow and Snap.Do


  • This topic is locked This topic is locked
13 replies to this topic

#1 Macburp

Macburp

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 08:38 AM

Hello,

 

My system is running slowly because of the above 2 malware programmes, and maybe other stuff.

 

Each time I restart Chrome, KeepNow comes back - I remove the extension Savings for You to remove it until the next time Chrome restarts.

 

Snap.do engine is listed by Control Panel, and I cannot uninstall it.

 

I have tried following online guidance, including using adwcleaner, jrt.exe, Eset online scanner, Malaware Bytes, and Hitman Pro. Nothing has worked. In facts adwcleaner only succeeds in removing Foxtab dial from my chrome browser, which I want :).

 

I running Windows 7 with the latest updates. Here's the log - 

 

--------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Paul at 13:23:19 on 2014-03-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3061.1131 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ExpanDrive\ExpanDrive.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Growl for Windows\Growl.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\get_iplayer\perl.exe
C:\Program Files\Deluge\deluge.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Windows\system32\taskhost.exe
C:\Users\Paul\AppData\Roaming\MediaBrowser-Server\System\MediaBrowser.ServerApplication.exe
C:\Windows\system32\conhost.exe
C:\Users\Paul\Downloads\x32\MkvToMp4.exe
C:\Program Files\FileZilla FTP Client\fzsftp.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\msiexec.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
BHO: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\paul\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ExpanDrive] "c:\program files\expandrive\ExpanDrive.exe" /AUTORUN
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Growl] c:\program files\growl for windows\Growl.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Ubuntu One] "c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe"
uRun: [Ubuntu One Icon] "c:\program files\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [MusicManager] "c:\users\paul\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BlueStacks Agent] c:\program files\bluestacks\HD-Agent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\paul\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\mediab~1.lnk - c:\users\paul\appdata\roaming\mediabrowser-server\system\MediaBrowser.ServerApplication.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dynupd~1.lnk - c:\program files\dyndns updater\DynTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{91FA6C8F-43EA-4B67-B080-88FB831B3071} : NameServer = 194.72.0.98,194.72.9.38
TCP: Interfaces\{91FA6C8F-43EA-4B67-B080-88FB831B3071} : DHCPNameServer = 194.72.0.98 194.72.9.38
TCP: Interfaces\{C6BE5D88-90E9-480E-9A78-CEA993E17666} : NameServer = 216.146.35.35,216.146.36.36,217.32.171.21,213.120.234.14,217.32.171.21,213.120.234.14,192.168.1.1
SSODL: WebCheck - <orphaned>
SEH: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\qualcomm\eudora\EuShlExt.dll
LSA: Authentication Packages =  msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-12-7 17904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-4 37352]
R1 ExpanDrive;ExpanDrive;c:\windows\system32\drivers\ExpanDrive.sys [2009-3-19 294472]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-4 90400]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2013-6-19 63816]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-12-7 51632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-22 88576]
S3 hcw89;hcw89 service;c:\windows\system32\drivers\hcw89.sys [2009-3-27 1214464]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-1-31 30976]
.
=============== Created Last 30 ================
.
2014-03-04 08:01:08 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{23ac2fd3-64ef-4368-9cec-6f56dd37aa4b}\mpengine.dll
2014-03-01 09:37:19 -------- d-----w- c:\windows\ERUNT
2014-02-26 07:26:14 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-02-14 13:33:15 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 21:17:00 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 21:17:00 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 21:16:11 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 21:16:11 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 21:16:00 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-13 21:15:59 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-13 21:15:59 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-13 21:15:59 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:15:59 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-13 21:15:58 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-13 21:15:58 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-13 21:15:58 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-13 21:15:57 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-11 16:32:21 -------- d-----w- c:\users\paul\appdata\roaming\mkvtoolnix
2014-02-11 16:30:32 -------- d-----w- c:\program files\MKVToolNix
.
==================== Find3M  ====================
.
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-01-31 20:11:48 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-01-22 08:52:12 88576 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-22 08:52:12 184192 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-12-18 21:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-17 13:37:20 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-17 13:37:20 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2009-09-27 09:39:26 369152 --sh--w- c:\windows\system32\avisynth.dll
2005-07-14 12:31:20 32256 --sh--w- c:\windows\system32\AVSredirect.dll
2004-01-25 00:00:00 70656 --sh--w- c:\windows\system32\i420vfw.dll
2004-01-25 00:00:00 70656 --sh--w- c:\windows\system32\yv12vfw.dll
.
============= FINISH: 13:26:16.09 ===============
 
Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 AM

Posted 05 March 2014 - 09:26 AM

Hello,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Macburp

Macburp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 09:39 AM

OK, here is FRST.txt - 

 

------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2014
Ran by Paul (administrator) on HIGHVIEW on 05-03-2014 14:34:58
Running from C:\Users\Paul\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Emsi Software GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Dragon Global) C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(Dyn, Inc.) C:\Program Files\DynDNS Updater\DynUpSvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ExpanDrive Inc) C:\Program Files\ExpanDrive\ExpanDrive.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(element code project) C:\Program Files\Growl for Windows\Growl.exe
(Spotify Ltd) C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Dyn, Inc.) C:\Program Files\DynDNS Updater\DynTray.exe
(Dropbox, Inc.) C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\get_iplayer\perl.exe
() C:\Program Files\Deluge\deluge.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
() C:\Users\Paul\AppData\Roaming\MediaBrowser-Server\System\MediaBrowser.ServerApplication.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
() C:\Users\Paul\Downloads\x32\MkvToMp4.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\fzsftp.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2595616 2007-10-30] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [909208 2007-10-30] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-10-30] (Acronis)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BlueStacks Agent] - C:\Program Files\BlueStacks\HD-Agent.exe [601928 2013-06-19] (BlueStack Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [Google Update] - C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-20] (Google Inc.)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [ExpanDrive] - C:\Program Files\ExpanDrive\ExpanDrive.exe [483776 2010-04-01] (ExpanDrive Inc)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [Growl] - C:\Program Files\Growl for Windows\Growl.exe [3817472 2012-03-21] (element code project)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [GoogleDriveSync] - "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [Ubuntu One] - "C:\Program Files\ubuntuone\dist\ubuntuone-syncdaemon.exe"
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [Ubuntu One Icon] - "C:\Program Files\ubuntuone\dist\ubuntuone-control-panel-qt.exe" --minimized
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [Spotify Web Helper] - C:\Program Files\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-07] (Spotify Ltd)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [MusicManager] - C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-12] (Google Inc.)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-12-11] (Samsung)
HKU\S-1-5-21-1925612153-4239843853-977427768-1000\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Media Browser Server.lnk
ShortcutTarget: Media Browser Server.lnk -> C:\Users\Paul\AppData\Roaming\MediaBrowser-Server\System\MediaBrowser.ServerApplication.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x03092C67CEEBCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1185129D-CB98-4C99-8A4C-3B539B02F515} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {B403D108-B214-421C-B7EA-C0BF6D14B2E4} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{91FA6C8F-43EA-4B67-B080-88FB831B3071}: [NameServer]194.72.0.98,194.72.9.38
Tcpip\..\Interfaces\{C6BE5D88-90E9-480E-9A78-CEA993E17666}: [NameServer]216.146.35.35,216.146.36.36,217.32.171.21,213.120.234.14,217.32.171.21,213.120.234.14,192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://uk-mg-bt.mail.yahoo.com/neo/launch?.partner=bt-1&.rand=ffsmntire7538
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Extension: (Web2PDFConverter) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk [2012-09-26]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2012-12-22]
CHR Extension: (Foxtab Speed Dial) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm [2014-03-04]
CHR Extension: (Media Browser 3 Companion) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\egofcbleniceaoleohckegkeepennpcn [2014-01-19]
CHR Extension: (Save as PDF) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2012-09-26]
CHR Extension: (Temple Run 2) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhdpmofokmpphdpgffcbmcioohjjflm [2013-04-19]
CHR Extension: (Google Maps) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-09-26]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-03-04]
CHR Extension: (YouTube MP3) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmghicmdofaaocopbneacnhbkpdcieo [2012-11-25]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-03]
CHR Extension: (SAviingToYou) - C:\ProgramData\ojhnllflmeebapgnblimedcgfppjpakm [2014-01-24]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Paul\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-24]
CHR StartMenuInternet: Google Chrome - C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [3025112 2012-03-02] (Emsi Software GmbH)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [427288 2007-10-30] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-06-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-19] (BlueStack Systems, Inc.)
R2 Dyn Updater; C:\Program Files\DynDNS Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
S3 MediaBrowser; C:\Users\Paul\AppData\Roaming\MediaBrowser-Server\system\MediaBrowser.ServerApplication.exe [994304 2014-02-28] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ShowAnalyzerMaster; C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe [2074112 2010-02-08] (Dragon Global)
R2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492720 2007-10-30] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [51632 2011-11-02] (Emsi Software GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [17904 2011-05-19] (Emsi Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-06-19] (BlueStack Systems)
R1 ExpanDrive; C:\Windows\System32\drivers\ExpanDrive.sys [294472 2009-03-19] ()
S3 hcw89; C:\Windows\System32\DRIVERS\hcw89.sys [1214464 2009-03-27] (Hauppauge Computer Works, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-01-31] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 pfmfs_7DB; C:\Windows\System32\Drivers\pfmfs_7DB.sys [199416 2013-12-04] (Pismo Technic Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368544 2011-11-25] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-11-25] (Acronis)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U3 mbr; \??\C:\Users\Paul\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 14:34 - 2014-03-05 14:35 - 00018113 _____ () C:\Users\Paul\Downloads\FRST.txt
2014-03-05 14:33 - 2014-03-05 14:34 - 00000000 ____D () C:\FRST
2014-03-05 14:33 - 2014-03-05 14:33 - 01145344 _____ (Farbar) C:\Users\Paul\Downloads\FRST.exe
2014-03-05 13:28 - 2014-03-05 13:28 - 00005719 _____ () C:\Users\Paul\Downloads\Attach.txt
2014-03-05 13:27 - 2014-03-05 13:27 - 00014199 _____ () C:\Users\Paul\Downloads\DDS.txt
2014-03-05 13:26 - 2014-03-05 13:26 - 00014199 _____ () C:\Users\Paul\Desktop\dds.txt
2014-03-05 13:26 - 2014-03-05 13:26 - 00005719 _____ () C:\Users\Paul\Desktop\attach.txt
2014-03-05 13:22 - 2014-03-05 13:23 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com
2014-03-04 17:13 - 2014-03-04 17:13 - 00003572 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2014-03-04 08:12 - 2014-03-04 13:07 - 86554102 _____ () C:\Users\Paul\Downloads\Backup of Statement of Truth - GP55 LKC.wbk
2014-03-02 14:52 - 2014-03-02 14:52 - 00002710 _____ () C:\Users\Paul\Documents\eset 2-3-14.txt
2014-03-01 10:10 - 2014-03-01 10:11 - 01244192 _____ () C:\Users\Paul\Downloads\adwcleaner.exe
2014-03-01 09:37 - 2014-03-01 09:37 - 00000000 ____D () C:\Windows\ERUNT
2014-03-01 09:01 - 2014-03-01 09:01 - 01037734 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2014-02-28 13:24 - 2014-02-28 13:24 - 00065906 _____ () C:\Users\Paul\Downloads\Growl-0.4-py2.6.egg
2014-02-26 07:26 - 2014-01-09 02:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-25 07:55 - 2014-02-25 07:55 - 00061550 _____ () C:\Users\Paul\Downloads\growlnotify.zip
2014-02-24 01:51 - 2014-02-24 01:51 - 00002585 _____ () C:\Users\Public\Desktop\Growl.lnk
2014-02-24 01:48 - 2014-02-24 01:49 - 02287616 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\GrowlInstaller.exe
2014-02-23 09:55 - 2013-08-28 18:15 - 00450636 _____ () C:\Windows\system32\Drivers\etc\hosts.20140223-095557.backup
2014-02-14 13:38 - 2014-02-06 10:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 13:38 - 2014-02-06 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 13:38 - 2014-02-06 10:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-14 13:38 - 2014-02-06 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-14 13:38 - 2014-02-06 10:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-14 13:38 - 2014-02-06 09:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 13:38 - 2014-02-06 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 13:38 - 2014-02-06 09:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-14 13:38 - 2014-02-06 09:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-14 13:38 - 2014-02-06 09:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 13:38 - 2014-02-06 09:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-14 13:38 - 2014-02-06 09:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-14 13:38 - 2014-02-06 09:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-14 13:38 - 2014-02-06 09:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 13:38 - 2014-02-06 09:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-14 13:38 - 2014-02-06 09:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 13:38 - 2014-02-06 09:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 13:38 - 2014-02-06 09:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 13:38 - 2014-02-06 08:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 13:38 - 2014-02-06 08:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 13:38 - 2014-02-06 08:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-14 13:33 - 2013-12-21 08:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 21:17 - 2013-12-31 23:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:17 - 2013-12-06 02:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:17 - 2013-12-06 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:16 - 2013-12-24 23:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:16 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:16 - 2013-11-26 08:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 21:15 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:15 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:15 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:15 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:15 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:15 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:15 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:15 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 17:11 - 2014-02-13 17:11 - 04822473 _____ (Tim Kosse) C:\Users\Paul\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-02-13 15:22 - 2014-02-13 15:22 - 00002019 _____ () C:\Users\Public\Desktop\MB Classic.lnk
2014-02-12 22:14 - 2014-02-12 22:14 - 00128156 _____ () C:\Users\Paul\Downloads\Breaking Bad S01-S04 AND S05 1st 8 episodes.1080p.WEB-DL DD5.1 H.264.torrent
2014-02-11 16:32 - 2014-02-11 16:32 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\mkvtoolnix
2014-02-11 16:31 - 2014-02-11 16:31 - 00001824 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
2014-02-11 16:30 - 2014-02-11 16:31 - 00000000 ____D () C:\Program Files\MKVToolNix
2014-02-11 16:29 - 2014-02-11 16:29 - 11434789 _____ (Moritz Bunkus) C:\Users\Paul\Downloads\mkvtoolnix-6.7.0-setup.exe
2014-02-09 08:22 - 2014-02-09 08:22 - 00447005 _____ () C:\Users\Paul\Downloads\The.Sopranos.S01-S06.720p.BluRay.nHD.x264-NhaNc3.torrent
2014-02-07 22:37 - 2014-03-02 19:33 - 00003584 _____ () C:\Users\Mcx1-HIGHVIEW.Highview\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 14:35 - 2014-03-05 14:34 - 00018113 _____ () C:\Users\Paul\Downloads\FRST.txt
2014-03-05 14:34 - 2014-03-05 14:33 - 00000000 ____D () C:\FRST
2014-03-05 14:33 - 2014-03-05 14:33 - 01145344 _____ (Farbar) C:\Users\Paul\Downloads\FRST.exe
2014-03-05 14:30 - 2011-11-20 21:14 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925612153-4239843853-977427768-1000UA.job
2014-03-05 14:18 - 2012-03-24 11:12 - 00000000 ____D () C:\Users\Paul\.get_iplayer
2014-03-05 14:13 - 2012-04-26 21:52 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 14:11 - 2011-11-20 21:57 - 00000600 _____ () C:\Users\Paul\AppData\Local\PUTTY.RND
2014-03-05 13:28 - 2014-03-05 13:28 - 00005719 _____ () C:\Users\Paul\Downloads\Attach.txt
2014-03-05 13:27 - 2014-03-05 13:27 - 00014199 _____ () C:\Users\Paul\Downloads\DDS.txt
2014-03-05 13:26 - 2014-03-05 13:26 - 00014199 _____ () C:\Users\Paul\Desktop\dds.txt
2014-03-05 13:26 - 2014-03-05 13:26 - 00005719 _____ () C:\Users\Paul\Desktop\attach.txt
2014-03-05 13:23 - 2014-03-05 13:22 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds.com
2014-03-05 12:46 - 2011-11-20 21:31 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\FileZilla
2014-03-05 12:13 - 2012-04-26 21:52 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 12:13 - 2011-11-21 03:46 - 01241109 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 12:13 - 2011-11-20 22:48 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\deluge
2014-03-05 02:30 - 2011-11-20 21:14 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925612153-4239843853-977427768-1000Core.job
2014-03-04 20:01 - 2013-12-04 20:15 - 00000000 ____D () C:\ProgramData\MediaBrowser-Classic
2014-03-04 19:37 - 2011-11-20 22:33 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2014-03-04 17:53 - 2014-01-30 06:43 - 00000000 ____D () C:\AdwCleaner
2014-03-04 17:26 - 2009-07-14 04:34 - 00014656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:26 - 2009-07-14 04:34 - 00014656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 17:24 - 2011-11-20 22:35 - 00000000 ___RD () C:\Users\Paul\Dropbox
2014-03-04 17:18 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 17:18 - 2009-07-14 04:39 - 00047647 _____ () C:\Windows\setupact.log
2014-03-04 17:17 - 2011-11-20 21:01 - 00360374 _____ () C:\Windows\PFRO.log
2014-03-04 17:13 - 2014-03-04 17:13 - 00003572 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2014-03-04 13:07 - 2014-03-04 08:12 - 86554102 _____ () C:\Users\Paul\Downloads\Backup of Statement of Truth - GP55 LKC.wbk
2014-03-04 08:33 - 2011-11-21 07:43 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\vlc
2014-03-03 04:51 - 2011-11-22 21:21 - 00036864 _____ () C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 19:33 - 2014-02-07 22:37 - 00003584 _____ () C:\Users\Mcx1-HIGHVIEW.Highview\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-02 16:47 - 2011-11-21 08:33 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\HandBrake
2014-03-02 14:52 - 2014-03-02 14:52 - 00002710 _____ () C:\Users\Paul\Documents\eset 2-3-14.txt
2014-03-02 09:26 - 2013-09-23 13:49 - 00000000 ____D () C:\Users\Paul\Downloads\x32
2014-03-01 10:39 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\rescache
2014-03-01 10:11 - 2014-03-01 10:10 - 01244192 _____ () C:\Users\Paul\Downloads\adwcleaner.exe
2014-03-01 09:37 - 2014-03-01 09:37 - 00000000 ____D () C:\Windows\ERUNT
2014-03-01 09:09 - 2013-12-13 15:00 - 00000000 ____D () C:\Program Files\eRightSoft
2014-03-01 09:01 - 2014-03-01 09:01 - 01037734 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2014-03-01 08:40 - 2011-12-07 07:05 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-02-28 17:06 - 2013-12-04 19:34 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\MediaBrowser-Server
2014-02-28 13:28 - 2012-11-12 20:54 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Python-Eggs
2014-02-28 13:24 - 2014-02-28 13:24 - 00065906 _____ () C:\Users\Paul\Downloads\Growl-0.4-py2.6.egg
2014-02-27 08:04 - 2012-03-24 11:12 - 00000000 ____D () C:\Program Files\get_iplayer
2014-02-26 08:10 - 2012-03-04 11:27 - 00000000 ____D () C:\Program Files\Growl for Windows
2014-02-25 07:55 - 2014-02-25 07:55 - 00061550 _____ () C:\Users\Paul\Downloads\growlnotify.zip
2014-02-24 01:51 - 2014-02-24 01:51 - 00002585 _____ () C:\Users\Public\Desktop\Growl.lnk
2014-02-24 01:49 - 2014-02-24 01:48 - 02287616 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\GrowlInstaller.exe
2014-02-23 02:23 - 2012-03-27 08:30 - 00001040 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-20 19:08 - 2013-12-31 20:01 - 00001064 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-02-14 15:46 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-14 13:38 - 2013-08-15 14:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 13:35 - 2011-11-23 07:52 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 13:31 - 2011-11-20 20:07 - 00766336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 03:13 - 2013-09-08 14:08 - 00000260 _____ () C:\Users\Paul\.swfinfo
2014-02-13 17:11 - 2014-02-13 17:11 - 04822473 _____ (Tim Kosse) C:\Users\Paul\Downloads\FileZilla_3.7.4.1_win32-setup.exe
2014-02-13 17:11 - 2011-11-20 21:32 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-02-13 17:11 - 2011-11-20 21:31 - 00001962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-02-13 16:19 - 2009-07-14 04:33 - 00356544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 15:22 - 2014-02-13 15:22 - 00002019 _____ () C:\Users\Public\Desktop\MB Classic.lnk
2014-02-12 22:14 - 2014-02-12 22:14 - 00128156 _____ () C:\Users\Paul\Downloads\Breaking Bad S01-S04 AND S05 1st 8 episodes.1080p.WEB-DL DD5.1 H.264.torrent
2014-02-11 16:32 - 2014-02-11 16:32 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\mkvtoolnix
2014-02-11 16:31 - 2014-02-11 16:31 - 00001824 _____ () C:\Users\Public\Desktop\mkvmerge GUI.lnk
2014-02-11 16:31 - 2014-02-11 16:30 - 00000000 ____D () C:\Program Files\MKVToolNix
2014-02-11 16:29 - 2014-02-11 16:29 - 11434789 _____ (Moritz Bunkus) C:\Users\Paul\Downloads\mkvtoolnix-6.7.0-setup.exe
2014-02-09 08:22 - 2014-02-09 08:22 - 00447005 _____ () C:\Users\Paul\Downloads\The.Sopranos.S01-S06.720p.BluRay.nHD.x264-NhaNc3.torrent
2014-02-06 10:38 - 2014-02-14 13:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 10:20 - 2014-02-14 13:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 10:19 - 2014-02-14 13:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 10:01 - 2014-02-14 13:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 10:00 - 2014-02-14 13:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 09:57 - 2014-02-14 13:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 09:52 - 2014-02-14 13:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 09:52 - 2014-02-14 13:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 09:49 - 2014-02-14 13:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 09:47 - 2014-02-14 13:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 09:47 - 2014-02-14 13:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 09:46 - 2014-02-14 13:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 09:34 - 2014-02-14 13:38 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 09:25 - 2014-02-14 13:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 09:25 - 2014-02-14 13:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 09:13 - 2014-02-14 13:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 09:09 - 2014-02-14 13:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 09:03 - 2014-02-14 13:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 08:41 - 2014-02-14 13:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 08:36 - 2014-02-14 13:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 08:34 - 2014-02-14 13:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\Babytop\AppData\Local\Temp\avgnt.exe
C:\Users\Paul\AppData\Local\Temp\avgnt.exe
C:\Users\Paul\AppData\Local\Temp\handbrake-setup.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\Mediabrowser.InstallUtil.dll
C:\Users\Paul\AppData\Local\Temp\Mediabrowser.Updater.exe
C:\Users\Paul\AppData\Local\Temp\ServiceStack.Text.dll
C:\Users\Paul\AppData\Local\Temp\SharpCompress.dll
C:\Users\Paul\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 00:55
 
==================== End Of Log ============================
 
an now Addition.txt - 
 
----------------------------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2014
Ran by Paul at 2014-03-05 14:35:42
Running from C:\Users\Paul\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
ABC Amber BlackBerry Converter (HKLM\...\ABC Amber BlackBerry Converter) (Version:  - )
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acronis True Image Home (HKLM\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8053 - Acronis)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Album Art Fixer (HKLM\...\{7EB94EB2-9A5E-4FCC-B940-9E11AB8AF933}) (Version: 2.0.0 - AV Soft NL)
Android Notifier Desktop (HKLM\...\Android Notifier Desktop) (Version: 0.5.1 - lehphyro)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
avi.NET 3.5.1.0 (HKLM\...\avi.NET 3.5.1.0) (Version:  - )
Avidemux 2.5 (HKLM\...\Avidemux 2.5) (Version: 2.5.4.6714 - )
Avira APC 0.1.0.1 (HKLM\...\{18948029-33D5-4B93-8275-FE1FC7A43D51}_is1) (Version: 0.1.0.1 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
bitRipper (HKLM\...\bitRipper) (Version: 1.31 - )
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.36 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.7.14.901 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{9D84E30F-6757-4A56-BCB5-51ADE3AE8631}) (Version: 0.7.14.901 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Deluge 1.3.5 (HKLM\...\Deluge) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DVDFab 8.1.9.6 (17/07/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVRMSToolbox (HKLM\...\{E7ECD072-02DF-4F24-B5C9-7928A2867B14}) (Version: 1.2.1 - babgvant.com)
Dyn Updater (HKLM\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.0 - Emsi Software GmbH)
Eudora (HKLM\...\{899D1F74-5762-4C71-895B-968AB23F9328}) (Version: 7.0 - )
Exact Audio Copy 1.0beta1 (HKLM\...\Exact Audio Copy) (Version: 1.0beta1 - Andre Wiethoff)
ExpanDrive (HKLM\...\ExpanDrive) (Version:  - )
FileZilla Client 3.7.4.1 (HKLM\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
get_iplayer 4.8 (HKLM\...\get_iplayer) (Version: 4.8 - infradead.org)
Google Books Downloader version 1.8 (HKLM\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 1.8 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKCU\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Contact Sync (HKCU\...\bb91a114638258b8) (Version: 1.9.9.10 - Heartofangel.com)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Growl for Windows (HKLM\...\{2C911352-0BCE-420B-935E-93A24FDE9D53}) (Version: 2.0.9001 - Growl)
GTK2-Runtime (HKLM\...\GTK2-Runtime) (Version: 2.16.6-2010-05-12-ash - Alexander Shaduri)
HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iPlayer (HKLM\...\{0876C3CC-0D9A-4AE8-9B9D-29B0FB5113BD}) (Version: 1.0.0.2 - fczMedia)
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lupas Rename 2000 v5.0 Release (HKLM\...\Lupas Rename 2000_is1) (Version:  - Ivan Anton Albarracin)
MagicBerry (HKLM\...\{7BB7612B-383F-422C-A605-EA0F4FB0FB7C}) (Version: 3.1.0.0 - Mena Step Innovative Solutions)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.1.0.4000 - Maxthon International Limited)
mb3launcher (HKLM\...\{6B16C56F-7116-411C-B3CC-DC76256F8D49}) (Version: 1.0.0.0 - MvdV)
Media Browser Classic (HKLM\...\{80AD5DA2-F4AD-493C-8828-C8CB32B9CF78}) (Version: 3.0.129.0 - Media Browser Team)
Media Browser DVD/BD Image System Support Package (HKLM\...\pfm-license-mediabrowser.txt) (Version:  - )
Media Browser Server (HKCU\...\Media Browser Server) (Version: 3.0 - Media Browser Team)
Media Center Themer (HKLM\...\Media Center Themer) (Version: 1.50.0.190 - Patchou)
MediaInfo 0.7.66 (HKLM\...\MediaInfo) (Version: 0.7.66 - MediaArea.net)
meta<browser/> (HKLM\...\{57114D23-8C46-40C3-A215-AAF2216D015B}) (Version: 1.1.41 - meta<browser/>)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91E30409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft SMS Sender (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MKVToolNix 6.7.0 [20140102-565] (HKLM\...\MKVToolNix) (Version: 6.7.0 - Moritz Bunkus)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
MyEnTunnel (remove only) (HKLM\...\MyEnTunnel) (Version:  - )
MyTomTom 3.2.0.1116 (HKLM\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
PC Wizard 2010.1.94 (HKLM\...\PC Wizard 2010_is1) (Version:  - Laurent KUTIL & Franck DELATTRE)
PDF-XChange Viewer (HKLM\...\{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}) (Version: 2.5.199.0 - Tracker Software Products Ltd.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PuTTY version 0.60 (HKLM\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
Python 2.7.5 (HKLM\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
RAIDar 4.3.4 (HKLM\...\1381-5408-0515-7060) (Version: 4.3.4 - Netgear Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
ShowAnalyzerSuite (HKLM\...\{230B46CD-A035-484C-BB8B-1FE46DA0724F}) (Version: 1.0.59.783 - Dragon Global)
Snap.Do Engine (HKCU\...\{0c66351a-13ee-4754-8413-56f9b312472f}) (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Spotify (HKLM\...\Spotify) (Version: 0.3.12 - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SRWare Iron 15.0.900.2 (HKLM\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version:  - SRWare)
SyncToy 2.0 (x86) (HKLM\...\{AFDFC350-C142-4790-BE12-8357AECD028F}) (Version: 2.0.100.0 - Microsoft)
Tag&Rename 3.5 (HKLM\...\Tag&Rename_is1) (Version: 3.5 - Softpointer Inc)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Unified Remote (HKLM\...\{D3EFFB62-5795-4C17-B64C-AF2E276050EF}) (Version: 2.12.1.0 - Unified Remote)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v8.4 (HKLM\...\{81605207-F0CE-4E7F-8623-A20BA16443CA}) (Version: 8.4 - Spigot, Inc.) <==== ATTENTION
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.2.7 - Shark007)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinX Free DVD to XviD Ripper 4.1.18 (HKLM\...\WinX Free DVD to XviD Ripper_is1) (Version:  - Digiarty Software,Inc.)
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
XMedia Recode 2.3.0.4 (HKLM\...\XMedia Recode) (Version: 2.3.0.4 - Sebastian Dörfler)
XMedia Recode version 3.1.7.8 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.8 - XMedia Recode)
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )
 
==================== Restore Points  =========================
 
25-02-2014 12:54:20 Windows Update
01-03-2014 07:38:29 Windows Update
01-03-2014 09:26:04 before adwcleaner
04-03-2014 07:59:42 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 02:04 - 2014-02-23 09:55 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2C48B539-BC14-4574-B05D-98039DE7A4FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-26] (Google Inc.)
Task: {3251D461-30F2-4100-A3D5-0FBC6A9F5441} - System32\Tasks\Xvid Backup (Synctoy) => C:\Program Files\SyncToy 2.0\SyncToyCmd.exe [2008-08-12] (MS)
Task: {5E2CC7B4-6486-4128-BBA8-0726ABF2E5F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6B476AFA-9E6C-49CB-9041-FB4768872AC0} - System32\Tasks\Flexget => flexget
Task: {75289D56-E8A2-4071-AA14-8F6F30097E61} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2013-10-09] (Maxthon International ltd.)
Task: {7FC54030-08EA-41ED-A1C2-3FA1E24ABC88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-26] (Google Inc.)
Task: {CF90D684-2FB7-43A6-877C-10428F43A6BF} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-HIGHVIEW => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {E58A0DD5-B7FF-462D-B009-DA1D31E08788} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1925612153-4239843853-977427768-1000Core => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20] (Google Inc.)
Task: {FBF76017-A0BA-4011-92F5-543E1CD2454A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1925612153-4239843853-977427768-1000UA => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925612153-4239843853-977427768-1000Core.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925612153-4239843853-977427768-1000UA.job => C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-04 21:00 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-10-30 20:51 - 2007-10-30 20:51 - 00492720 _____ () C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2014-02-11 19:29 - 2014-02-11 19:29 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-11-21 07:44 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2007-10-29 19:53 - 2007-10-29 19:53 - 01328408 _____ () C:\Program Files\Acronis\TrueImageHome\fox.dll
2009-03-19 18:41 - 2009-03-19 18:41 - 00214528 _____ () C:\Program Files\ExpanDrive\SftpConnection.dll
2013-02-27 19:33 - 2013-02-27 19:33 - 10683392 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-02-27 19:32 - 2013-02-27 19:32 - 07741952 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-02-27 19:32 - 2013-02-27 19:32 - 02248192 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-02-27 19:33 - 2013-02-27 19:33 - 01681408 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-11-12 01:03 - 2013-11-12 01:03 - 00117248 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-11-12 01:04 - 2013-11-12 01:04 - 00231936 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-11-12 01:03 - 2013-11-12 01:03 - 00253440 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-11-12 01:05 - 2013-11-12 01:05 - 00344064 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-02-27 19:33 - 2013-02-27 19:33 - 00026624 _____ () C:\Users\Paul\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-05-23 11:53 - 2013-05-23 11:53 - 00026040 _____ () C:\Program Files\MyTomTom 3\DeviceDetection.dll
2013-05-23 11:53 - 2013-05-23 11:53 - 00074680 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
2013-05-23 11:53 - 2013-05-23 11:53 - 00279480 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
2014-02-14 14:50 - 2014-02-14 14:50 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\21871ce315d4257cfe2052454e583368\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-14 14:50 - 2014-02-14 14:50 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c94e1e76e67ad518b4310a539f072832\Kies.Theme.ni.dll
2014-02-14 14:50 - 2014-02-14 14:50 - 01842688 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\0107366ee1ddeb3e9873c6fac6344bc1\Kies.UI.ni.dll
2014-02-14 14:50 - 2014-02-14 14:50 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8375369d3ac9c732c2ec8f6b5c9f2bb8\Kies.MVVM.ni.dll
2014-02-14 14:50 - 2014-02-14 14:50 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\Paul\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-12 13:01 - 2013-03-12 13:01 - 00036352 _____ () C:\Program Files\get_iplayer\perl.exe
2013-03-12 13:01 - 2013-03-12 13:01 - 01458176 _____ () C:\Program Files\get_iplayer\perl516.dll
2012-10-14 06:16 - 2012-10-14 06:16 - 00096256 _____ () C:\Program Files\get_iplayer\libgcc_s_sjlj-1.dll
2012-10-14 06:16 - 2012-10-14 06:16 - 00828928 _____ () C:\Program Files\get_iplayer\libstdc++-6.dll
2013-03-12 13:03 - 2013-03-12 13:03 - 00018432 _____ () C:\Program Files\get_iplayer\lib\auto\Fcntl\Fcntl.dll
2013-03-12 13:23 - 2013-03-12 13:23 - 00025600 _____ () C:\Program Files\get_iplayer\lib\auto\List\Util\Util.dll
2013-03-12 13:17 - 2013-03-12 13:17 - 00014848 _____ () C:\Program Files\get_iplayer\lib\auto\Cwd\Cwd.dll
2013-07-26 22:30 - 2013-07-26 22:30 - 00047104 _____ () C:\Program Files\get_iplayer\lib\auto\HTML\Parser\Parser.dll
2013-03-12 13:28 - 2013-03-12 13:28 - 00077824 _____ () C:\Program Files\get_iplayer\lib\auto\Storable\Storable.dll
2013-03-12 13:04 - 2013-03-12 13:04 - 00020480 _____ () C:\Program Files\get_iplayer\lib\auto\IO\IO.dll
2013-03-12 13:27 - 2013-03-12 13:27 - 00033792 _____ () C:\Program Files\get_iplayer\lib\auto\Socket\Socket.dll
2013-03-12 13:04 - 2013-03-12 13:04 - 00075264 _____ () C:\Program Files\get_iplayer\lib\auto\POSIX\POSIX.dll
2013-03-12 13:18 - 2013-03-12 13:18 - 00032256 _____ () C:\Program Files\get_iplayer\lib\auto\Encode\Encode.dll
2012-04-10 01:48 - 2012-04-10 01:48 - 00033280 _____ () C:\Program Files\Deluge\deluge.exe
2009-10-26 15:25 - 2009-10-26 15:25 - 00040448 _____ () C:\Program Files\Deluge\_socket.pyd
2009-10-26 15:25 - 2009-10-26 15:25 - 00645120 _____ () C:\Program Files\Deluge\_ssl.pyd
2009-10-06 05:15 - 2009-10-06 05:15 - 00096256 _____ () C:\Program Files\Deluge\win32api.pyd
2009-10-06 05:15 - 2009-10-06 05:15 - 00110592 _____ () C:\Program Files\Deluge\pywintypes26.dll
2011-04-09 16:58 - 2011-04-09 16:58 - 00058368 _____ () C:\Program Files\Deluge\glib._glib.pyd
2011-04-09 16:58 - 2011-04-09 16:58 - 00113152 _____ () C:\Program Files\Deluge\gobject._gobject.pyd
2009-01-02 20:20 - 2009-01-02 20:20 - 00019968 _____ () C:\Program Files\Deluge\zope.interface._zope_interface_coptimizations.pyd
2010-03-04 01:11 - 2010-03-04 01:11 - 00007168 _____ () C:\Program Files\Deluge\twisted.python._initgroups.pyd
2009-05-12 23:28 - 2009-05-12 23:28 - 00010240 _____ () C:\Program Files\Deluge\OpenSSL.rand.pyd
2009-05-12 23:28 - 2009-05-12 23:28 - 00047616 _____ () C:\Program Files\Deluge\OpenSSL.crypto.pyd
2009-05-12 23:28 - 2009-05-12 23:28 - 00040960 _____ () C:\Program Files\Deluge\OpenSSL.SSL.pyd
2009-10-26 15:25 - 2009-10-26 15:25 - 00073728 _____ () C:\Program Files\Deluge\_ctypes.pyd
2009-10-26 15:27 - 2009-10-26 15:27 - 00311808 _____ () C:\Program Files\Deluge\_hashlib.pyd
2009-10-06 05:15 - 2009-10-06 05:15 - 00036352 _____ () C:\Program Files\Deluge\win32process.pyd
2009-10-26 15:27 - 2009-10-26 15:27 - 00011776 _____ () C:\Program Files\Deluge\select.pyd
2011-04-09 17:00 - 2011-04-09 17:00 - 01882624 _____ () C:\Program Files\Deluge\gtk._gtk.pyd
2012-02-09 07:43 - 2012-02-09 07:43 - 01294335 _____ () C:\Program Files\Deluge\libcairo-2.dll
2012-02-09 07:43 - 2012-02-09 07:43 - 00279059 _____ () C:\Program Files\Deluge\libfontconfig-1.dll
2012-02-09 07:43 - 2012-02-09 07:43 - 00143096 _____ () C:\Program Files\Deluge\libexpat-1.dll
2012-02-09 07:43 - 2012-02-09 07:43 - 00538324 _____ () C:\Program Files\Deluge\freetype6.dll
2012-02-09 07:43 - 2012-02-09 07:43 - 00230529 _____ () C:\Program Files\Deluge\libpng14-14.dll
2012-02-09 07:43 - 2012-02-09 07:43 - 00100352 _____ () C:\Program Files\Deluge\zlib1.dll
2010-11-03 04:34 - 2010-11-03 04:34 - 00069632 _____ () C:\Program Files\Deluge\cairo._cairo.pyd
2011-04-09 16:58 - 2011-04-09 16:58 - 00263168 _____ () C:\Program Files\Deluge\gio._gio.pyd
2011-04-09 17:01 - 2011-04-09 17:01 - 00111616 _____ () C:\Program Files\Deluge\pango.pyd
2011-04-09 17:01 - 2011-04-09 17:01 - 00208384 _____ () C:\Program Files\Deluge\atk.pyd
2011-04-09 17:01 - 2011-04-09 17:01 - 00017920 _____ () C:\Program Files\Deluge\pangocairo.pyd
2011-04-09 17:01 - 2011-04-09 17:01 - 00018944 _____ () C:\Program Files\Deluge\gtk.glade.pyd
2012-02-09 07:43 - 2012-02-09 07:43 - 00168833 _____ () C:\Program Files\Deluge\libglade-2.0-0.dll
2012-02-09 07:43 - 2012-02-09 07:43 - 01225225 _____ () C:\Program Files\Deluge\libxml2-2.dll
2010-03-04 01:11 - 2010-03-04 01:11 - 00008192 _____ () C:\Program Files\Deluge\twisted.protocols._c_urlarg.pyd
2012-02-09 07:43 - 2012-02-09 07:43 - 00100255 _____ () C:\Program Files\Deluge\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2009-10-06 05:15 - 2009-10-06 05:15 - 00017920 _____ () C:\Program Files\Deluge\win32event.pyd
2010-01-02 14:42 - 2010-01-02 14:42 - 00018207 _____ () C:\Program Files\FileZilla FTP Client\mingwm10.dll
2014-02-28 17:06 - 2014-02-28 17:06 - 00994304 _____ () C:\Users\Paul\AppData\Roaming\MediaBrowser-Server\System\MediaBrowser.ServerApplication.exe
2014-02-28 17:06 - 2014-02-28 17:06 - 00091648 _____ () C:\Users\Paul\AppData\Roaming\MediaBrowser-Server\System\pfmclrapi.dll
2013-09-24 10:58 - 2013-09-24 10:57 - 02688512 _____ () C:\Users\Paul\Downloads\x32\MkvToMp4.exe
2013-09-23 13:50 - 2013-08-26 05:14 - 00698368 _____ () C:\Users\Paul\Downloads\x32\libGLESv2.dll
2013-09-23 13:50 - 2013-08-26 05:15 - 00043008 _____ () C:\Users\Paul\Downloads\x32\libEGL.dll
2013-09-23 13:50 - 2011-08-26 20:12 - 07450624 _____ () C:\Users\Paul\Downloads\x32\ffms2.dll
2013-09-23 13:49 - 2013-08-26 05:24 - 00844288 _____ () C:\Users\Paul\Downloads\x32\platforms\qwindows.dll
2011-09-08 06:00 - 2011-09-08 06:00 - 00154624 _____ () C:\Program Files\Win7codecs\filters\ts.dll
2011-09-08 05:59 - 2011-09-08 05:59 - 00024576 _____ () C:\Program Files\Win7codecs\filters\mkunicode.dll
2011-09-08 06:00 - 2011-09-08 06:00 - 00123392 _____ () C:\Program Files\Win7codecs\filters\ogm.dll
2013-09-23 13:49 - 2013-08-26 05:23 - 00025088 _____ () C:\Users\Paul\Downloads\x32\imageformats\qgif.dll
2013-09-23 13:49 - 2013-08-26 05:23 - 00025088 _____ () C:\Users\Paul\Downloads\x32\imageformats\qico.dll
2013-09-23 13:49 - 2013-08-26 05:23 - 00242688 _____ () C:\Users\Paul\Downloads\x32\imageformats\qjpeg.dll
2013-09-23 13:49 - 2013-08-26 05:31 - 00221184 _____ () C:\Users\Paul\Downloads\x32\imageformats\qmng.dll
2013-09-23 13:49 - 2013-08-26 05:31 - 00018432 _____ () C:\Users\Paul\Downloads\x32\imageformats\qtga.dll
2013-09-23 13:49 - 2013-08-26 05:31 - 00280576 _____ () C:\Users\Paul\Downloads\x32\imageformats\qtiff.dll
2013-09-23 13:49 - 2013-08-26 05:31 - 00018432 _____ () C:\Users\Paul\Downloads\x32\imageformats\qwbmp.dll
2013-12-05 00:27 - 2013-12-04 02:47 - 00702416 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 00:27 - 2013-12-04 02:47 - 00099792 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 00:27 - 2013-12-04 02:48 - 04055504 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 00:27 - 2013-12-04 02:48 - 00399312 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 00:27 - 2013-12-04 02:47 - 01619408 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 00:27 - 2013-12-04 02:48 - 13586896 _____ () C:\Users\Paul\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Paul\Downloads\2013-03-26 10.12.57.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Paul\Downloads\2013-03-26 10.15.06.jpg:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Multimedia Controller
Description: Multimedia Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2014 11:48:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13307
 
Error: (03/05/2014 11:48:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13307
 
Error: (03/05/2014 11:48:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2014 11:48:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12293
 
Error: (03/05/2014 11:48:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12293
 
Error: (03/05/2014 11:48:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2014 11:48:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11295
 
Error: (03/05/2014 11:48:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11295
 
Error: (03/05/2014 11:48:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2014 11:48:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265
 
 
System errors:
=============
Error: (03/05/2014 00:12:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
 
Error: (03/05/2014 11:18:15 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dyn Updater service.
 
Error: (03/05/2014 07:33:23 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (03/05/2014 07:27:07 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (03/05/2014 07:15:01 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (03/05/2014 07:14:51 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (03/05/2014 07:14:38 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (03/05/2014 07:14:03 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (03/05/2014 07:04:03 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
Error: (03/05/2014 07:03:52 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort2.
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2014 11:48:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13307
 
Error: (03/05/2014 11:48:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13307
 
Error: (03/05/2014 11:48:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2014 11:48:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12293
 
Error: (03/05/2014 11:48:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12293
 
Error: (03/05/2014 11:48:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2014 11:48:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11295
 
Error: (03/05/2014 11:48:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11295
 
Error: (03/05/2014 11:48:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2014 11:48:29 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10265
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 64%
Total physical RAM: 3061.25 MB
Available physical RAM: 1081.26 MB
Total Pagefile: 6794.8 MB
Available Pagefile: 3737.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.11 MB
 
==================== Drives ================================
 
Drive c: (Operating System) (Fixed) (Total:148.95 GB) (Free:40.32 GB) NTFS
Drive e: (Media Centre Backup) (Fixed) (Total:465.66 GB) (Free:90.75 GB) NTFS
Drive f: (Media Centre) (Fixed) (Total:465.75 GB) (Free:42.05 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (EXPANDRIVE) (Network) (Total:12207.03 GB) (Free:12207.03 GB) ExpanDriveFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 9FF936A9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 09B9F348)
Partition 2: (Active) - (Size=466 GB) - (Type=05)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 7B44819B)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Many thanks


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 AM

Posted 05 March 2014 - 09:58 AM

Ok. How is it after the following fix?


Please download this attached Attached File  fixlist.txt   370bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 Macburp

Macburp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 10:05 AM

OK, done that. Here's fixlog.txt - 

 

--------------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-03-2014
Ran by Paul at 2014-03-05 15:04:58 Run:1
Running from C:\Users\Paul\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (Foxtab Speed Dial) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm [2014-03-04]
CHR Extension: (SAviingToYou) - C:\ProgramData\ojhnllflmeebapgnblimedcgfppjpakm [2014-01-24]
C:\ProgramData\ojhnllflmeebapgnblimedcgfppjpakm
*****************
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm => Moved successfully.
C:\ProgramData\ojhnllflmeebapgnblimedcgfppjpakm => Moved successfully.
"C:\ProgramData\ojhnllflmeebapgnblimedcgfppjpakm" => File/Directory not found.
 
==== End of Fixlog ====


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 AM

Posted 05 March 2014 - 10:17 AM

Oh I missed one.
Please also run this fix.
What problems are still present afterwards?


Please download this attached Attached File  fixlist.txt   167bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#7 Macburp

Macburp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 10:23 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-03-2014
Ran by Paul at 2014-03-05 15:22:22 Run:2
Running from C:\Users\Paul\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-03-04]
*****************
 
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj => Moved successfully.
 
==== End of Fixlog ====


#8 Macburp

Macburp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 10:30 AM

Well I shut down Chrome and reloaded it - no 'Savings for You' or 'Keep Now' any more. The browser does seem a bit quicker, which is good.

 

Snap.do engine is still in my list of programmes, although my homepage has not been hijacked (yet)



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 AM

Posted 05 March 2014 - 10:39 AM

Ok, this is just a remnant in the registry.
Let's get rid of this too.
Is everything ok afterwards?


Please download this attached Attached File  fixlist.txt   116bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#10 Macburp

Macburp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 10:48 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-03-2014
Ran by Paul at 2014-03-05 15:45:32 Run:3
Running from C:\Users\Paul\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
REG: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0c66351a-13ee-4754-8413-56f9b312472f}" /f
*****************
 
 
========= reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0c66351a-13ee-4754-8413-56f9b312472f}" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====


#11 Macburp

Macburp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 10:49 AM

And Snap.do is gone.

 

Great! I would like to search for any other malware that might be affecting my pc, if you think it necessary.



#12 Macburp

Macburp
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 05 March 2014 - 11:00 AM

One other problem - since getting KeepNow the search engines saved in the Chrome omnibox have stopped working. How can I put this right?


Edited by Macburp, 05 March 2014 - 11:00 AM.


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 AM

Posted 05 March 2014 - 11:30 AM

Great.
I don't think any further action is necessary. Your logs look good and

I have tried following online guidance, including using adwcleaner, jrt.exe, Eset online scanner, Malaware Bytes, and Hitman Pro.

apparently you've already run quite a lot of scans. So there is not much point in running more scans without clear malware symptoms or suspicion.

Concerning Chrome: Maybe it's best to reset the settings: https://support.google.com/chrome/answer/3296214?hl=en

#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 AM

Posted 19 March 2014 - 12:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users