Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WMV Codec.exe


  • This topic is locked This topic is locked
6 replies to this topic

#1 JDubC

JDubC

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 20 March 2015 - 03:50 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jason (administrator) on JASON-PC on 20-03-2015 03:38:05
Running from C:\Users\Jason\Downloads
Loaded Profiles: Jason (Available profiles: Jason & Brittney)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Jason\AppData\Roaming\67682200-1425583926-0920-0615-172903000000\jnsgC23F.tmp
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
() C:\xampp\mysql\bin\mysqld.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\ng\ngservice.exe
() C:\Windows\mHotkey.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Magic Control Technology Corporation) C:\Windows\SysWOW64\UDCIDUtil.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Akamai Technologies, Inc.) C:\Users\Jason\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jason\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative) C:\Windows\CNYHKey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avast Software s.r.o.) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [123904 2009-05-05] (IOI)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [103720 2008-12-24] (CyberLink)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [665424 2008-12-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [233304 2009-02-03] (Microsoft Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5511352 2015-03-10] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [EPSON NX110 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE [223232 2008-09-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [UDCIDUtil] => C:\Windows\SysWOW64\UDCIDUtil.exe [323584 2009-05-04] (Magic Control Technology Corporation)
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [EPSON NX110 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE [223232 2008-09-26] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jason\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [6414144 2015-01-25] ()
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Run: [BitTorrent] => C:\Users\Jason\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-03-01] (BitTorrent Inc.)
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\MountPoints2: {5013aed7-a9ca-11de-964b-005056c00008} - K:\LaunchU3.exe -a
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\MountPoints2: {8baa987c-a45d-11e4-be2a-0022686793d3} - K:\VerizonWirelessUpgradeAssistantSetup.exe -a
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exeaswBoot.exe /M:119d0cb4335 /wow /dir:"C:\Program Files\Alwil Software\Avast5"
GroupPolicyUsers\S-1-5-21-3758089241-3441557801-3304877760-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bpcc.edu/
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E} URL = http://www.searchbrowsing.com/web.php?src=hmp&hl=en&camefrom=defaultsearch&q={searchTerms}
SearchScopes: HKLM-x32 -> {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E} URL = http://www.searchbrowsing.com/web.php?src=hmp&hl=en&camefrom=defaultsearch&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> DefaultScope {8003E45B-EFA8-4226-B6CC-AD56E3DE100A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN31999306295721147&UM=2
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?FORM=SOLTDF&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E} URL = https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_wnzp_15_09&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzutDtD0DtDyEtC0ByCyCyE0B0E0C0C0EzztN0D0Tzu0StCtCyDyDtN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0E0B0F0C0F0CyBtGtCyCtA0BtGyBzy0DyBtGyC0ByCyEtGyC0B0DtBtD0AyD0CyE0E0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtA0CyEyB0B0AtG0BtA0ByEtGyE0EyCzytGzzyD0CzytGtAtCzyyCtDtByByB0ByCzztC2Q%26cr%3D763994171%26a%3Dwny_wnzp_15_09%26os%3DWindows ™ Vista Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {5E16CD6F-E176-D55B-CF3E-10C647B785C9} URL = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_enUS395
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {77FECCEB-872E-40DF-9AB2-A5E456AF4C6B} URL = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {8003E45B-EFA8-4226-B6CC-AD56E3DE100A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN31999306295721147&UM=2
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0DtDyEtC0ByCyCyE0B0E0C0C0EzztN0D0Tzu0StCtCyDyEtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0BtB0B0Dzy0B0CtGyDyEtCtCtGtDtC0CyCtGzzyCyEtCtGyEyE0AtAyDtB0B0A0FyByCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtA0CyEyB0B0AtG0BtA0ByEtGyE0EyCzytGzzyD0CzytGtAtCzyyCtDtByByB0ByCzztC2Q&cr=1053994862&ir=
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {BF5CDBD7-EC78-41F8-A1B1-01829572104D} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> {FCF1789A-1A4B-FAEA-6470-37209FC50520} URL = http://www.bing.com/search?q={searchTerms}&pc=Z008&form=ZGAIDF
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2015-03-10] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-03-10] (Avast Software s.r.o.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: &Windows Core Toolbar BHO -> {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} -> C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar\browserhelper.dll [2012-02-22] (Search Core Systems)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - &Windows Core Toolbar - {3A6BE320-DC9B-4D24-A6E8-621B81544F4B} - C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar\wcoretb.dll [2012-02-22] (Search Core Systems)
Toolbar: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-02-21] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-03] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 20 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File Not found ()
Winsock: Catalog9-x64 21 C:\Windows\system32\wpclsp.dll [102912] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: SearchBrowsing
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\user.js [2015-03-02]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-29] (Apple Inc.)
FF Extension: Default Theme Engine - Personas Interactive - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\btpersonas@brandthunder(70).com [2013-07-13]
FF Extension: LavaFox V2 - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\info@djzig.com [2015-01-08]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\LogMeInClient@logmein.com [2011-05-07]
FF Extension: No Name - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\stageddisable [2012-06-06]
FF Extension: No Name - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\trashdisable [2012-07-13]
FF Extension: Set Search Settings - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\{23BA1545-A651-4EDB-9568-45BE0CBAE475}disable [2015-03-01]
FF Extension: Yahoo! Toolbar - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2040) [2013-04-10]
FF Extension: Tamper Data - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2011-04-23]
FF Extension: Search-Results Toolbar - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}disable [2012-11-19]
FF Extension: Firebug - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\firebug@software.joehewitt.com.xpi [2011-05-01]
FF Extension: MediaPlayer - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\Extensions\jid1-gwOhHRRpNvLcnw@jetpack.xpi [2015-01-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{425F6CC1-69CA-4604-BDC6-7EE7A066A843}] - C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar
FF Extension: Windows Core Toolbar - C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar [2012-04-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-30]

Chrome:
=======
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.2; c:\xampp\apache\bin\httpd.exe [20549 2010-10-17] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [343336 2015-03-10] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-10] (Avast Software)
S3 FileZilla Server; c:\xampp\FileZillaFTP\FileZillaServer.exe [742912 2010-10-17] (FileZilla Project) [File not signed]
R2 gezokizu; C:\Users\Jason\AppData\Roaming\67682200-1425583926-0920-0615-172903000000\jnsgC23F.tmp [193024 2015-03-05] () [File not signed]
R2 mysql; c:\xampp\mysql\bin\mysqld.exe [8133120 2010-12-03] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
R2 yksvc; C:\Windows\System32\ykx64mpcoinst.dll [382464 2009-01-08] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-10] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64712 2015-03-10] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-10] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-10] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65224 2015-03-10] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-10] ()
R3 mctdviextp5064; C:\Windows\System32\DRIVERS\mctdviextp5064.sys [279552 2009-06-18] (Magic Control Technology Corp.)
R3 mctdvimirp5064; C:\Windows\System32\DRIVERS\mctdvimirp5064.sys [273408 2009-06-18] (Magic Control Technology Corp.)
S3 mctdviusb5064; C:\Windows\System32\drivers\mctdviusb5064.sys [45696 2009-03-25] (Magic Control Technology Corp.)
S3 MRENDIS5; C:\Program Files (x86)\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.) [File not signed]
S3 RT2500USB; C:\Windows\System32\DRIVERS\rt2500usb.sys [251904 2007-02-21] (Ralink Technology Inc.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [273824 2015-03-10] (Avast Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 03:38 - 2015-03-20 03:38 - 00033233 _____ () C:\Users\Jason\Downloads\FRST.txt
2015-03-20 03:37 - 2015-03-20 03:38 - 00000000 ____D () C:\FRST
2015-03-20 03:36 - 2015-03-20 03:36 - 02095616 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe
2015-03-20 00:26 - 2009-08-20 21:55 - 00000375 _____ () C:\Users\Jason\Documents\Documents.lnk
2015-03-18 09:34 - 2015-03-18 09:33 - 00000692 _____ () C:\Users\Jason\Documents\music 2 - Shortcut.lnk
2015-03-15 15:01 - 2015-03-15 15:01 - 00176076 ____H () C:\Windows\system32\mlfcache.dat
2015-03-15 14:35 - 2015-03-15 14:35 - 00001624 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-15 14:35 - 2015-03-15 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-15 14:34 - 2015-03-15 14:35 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-15 14:34 - 2015-03-15 14:35 - 00000000 ____D () C:\Program Files\iTunes
2015-03-15 14:34 - 2015-03-15 14:34 - 00000000 ____D () C:\Program Files\iPod
2015-03-15 14:34 - 2015-03-15 14:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-15 14:13 - 2015-03-15 14:25 - 152428336 _____ (Apple Inc.) C:\Users\Jason\Downloads\itunes6464setup.exe
2015-03-15 14:00 - 2015-03-15 14:00 - 05400184 _____ (Dll-Files.com ) C:\Users\Jason\Downloads\dffsetup-msvcr100.exe
2015-03-15 10:45 - 2015-03-15 10:46 - 00000000 ____D () C:\Windows\LastGood
2015-03-13 09:19 - 2013-06-22 13:27 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-03-13 09:19 - 2013-06-22 13:27 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-03-13 09:18 - 2015-03-13 09:17 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-13 09:16 - 2015-03-13 10:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-13 09:16 - 2015-03-13 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-10 19:34 - 2015-03-10 19:34 - 00001788 _____ () C:\Users\Jason\Desktop\WinZip 19.0.lnk
2015-03-10 19:30 - 2015-03-10 19:31 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-03-10 19:30 - 2015-03-10 19:31 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-10 18:26 - 2015-03-10 18:26 - 00001659 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-10 18:26 - 2015-03-10 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-10 18:25 - 2015-03-10 18:25 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-10 18:25 - 2015-03-10 18:25 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-10 18:00 - 2015-02-19 21:03 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 18:00 - 2015-02-19 20:44 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 18:00 - 2015-02-19 19:39 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 18:00 - 2015-02-19 19:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 17:59 - 2014-10-12 20:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-03-10 17:59 - 2014-10-12 19:56 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-10 17:57 - 2015-01-28 20:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 17:57 - 2015-01-28 20:33 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 17:57 - 2015-01-20 21:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 17:57 - 2015-01-20 20:42 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 17:56 - 2015-02-25 19:31 - 02792960 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 17:55 - 2015-02-17 21:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 17:55 - 2015-02-17 20:42 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 17:54 - 2015-02-25 20:40 - 04692408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 17:54 - 2015-01-28 20:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:54 - 2015-01-28 20:33 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 17:54 - 2015-01-08 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 17:54 - 2015-01-08 19:29 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 17:52 - 2015-03-05 23:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 17:52 - 2015-03-05 22:35 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 15:33 - 2015-02-21 14:17 - 17882624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 15:33 - 2015-02-21 14:07 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-10 15:33 - 2015-02-21 14:02 - 10931200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 15:33 - 2015-02-21 14:00 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 15:33 - 2015-02-21 13:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 15:33 - 2015-02-21 13:54 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 15:33 - 2015-02-21 13:53 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 15:33 - 2015-02-21 13:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-10 15:33 - 2015-02-21 13:52 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 15:33 - 2015-02-21 13:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 02157568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-10 15:33 - 2015-02-21 13:51 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-10 15:33 - 2015-02-21 13:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 15:33 - 2015-02-21 13:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 15:33 - 2015-02-21 13:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 15:33 - 2015-02-21 13:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-10 15:33 - 2015-02-21 12:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 15:33 - 2015-02-21 12:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-10 15:33 - 2015-02-21 12:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 15:33 - 2015-02-21 12:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 15:33 - 2015-02-21 12:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 15:33 - 2015-02-21 12:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 15:33 - 2015-02-21 12:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 15:33 - 2015-02-21 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-03-10 15:33 - 2015-02-21 12:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 15:33 - 2015-02-21 12:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 15:33 - 2015-02-21 12:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-10 15:33 - 2015-02-21 12:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 15:33 - 2015-02-21 12:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 15:33 - 2015-02-21 12:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 15:33 - 2015-02-21 12:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 15:33 - 2015-02-21 12:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 15:33 - 2015-02-21 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 15:33 - 2015-02-21 12:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 15:33 - 2015-02-21 12:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-03-10 15:33 - 2015-02-21 12:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-03-10 15:33 - 2015-02-21 12:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-03-10 15:33 - 2015-02-21 12:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-09 01:04 - 2015-03-09 01:05 - 10768856 _____ (Xvid Team) C:\Users\Jason\Downloads\XviD_1.3.2.exe
2015-03-09 00:59 - 2015-03-09 00:59 - 00000861 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-03-09 00:59 - 2015-03-09 00:59 - 00000000 ____D () C:\Program Files\MediaInfo
2015-03-09 00:56 - 2015-03-09 00:56 - 04760024 _____ (MediaArea.net) C:\Users\Jason\Downloads\MediaInfo_GUI_0.7.72_Windows.exe
2015-03-08 23:44 - 2015-03-08 23:44 - 06121326 _____ () C:\Users\Jason\Documents\JASON-PC.arn
2015-03-08 23:33 - 2015-03-08 23:33 - 00000000 ____D () C:\Users\Jason\Desktop\Autoruns
2015-03-07 22:50 - 2015-03-07 22:50 - 06156288 _____ () C:\Users\Brittney\ntuser.rhk
2015-03-07 22:38 - 2015-03-07 22:51 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Wise Registry Cleaner
2015-03-07 22:38 - 2015-03-07 22:38 - 00001062 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-03-07 22:38 - 2015-03-07 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-03-07 22:38 - 2015-03-07 22:38 - 00000000 ____D () C:\Program Files (x86)\Wise
2015-03-07 22:37 - 2015-03-07 22:37 - 02138744 _____ (WiseCleaner.com ) C:\Users\Jason\Downloads\WRCFree.exe
2015-03-07 22:26 - 2015-03-07 22:26 - 00232200 _____ () C:\Users\Jason\Downloads\WRCFree-28190190.exe
2015-03-07 00:48 - 2015-03-07 01:14 - 340394528 _____ (Dell Inc.) C:\Users\Jason\Downloads\Network_Driver_7RVKH_WN_6.30.223.99_A04.EXE
2015-03-07 00:20 - 2015-03-07 00:33 - 175547648 _____ (Dell Inc.) C:\Users\Jason\Downloads\Network_Driver_P3DG0_WN_9.2.0.517_A03.EXE
2015-03-06 02:29 - 2015-03-06 21:40 - 00000000 ____D () C:\Program Files (x86)\RAR Password Unlocker
2015-03-06 02:29 - 2015-03-06 02:29 - 00001002 _____ () C:\Users\Public\Desktop\RAR Password Unlocker.lnk
2015-03-06 02:29 - 2015-03-06 02:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Unlocker
2015-03-06 02:18 - 2015-03-06 02:18 - 00000000 ____D () C:\Users\Jason\Documents\RAR Password Unlocker
2015-03-05 20:46 - 2015-03-05 20:46 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\TuneUp Software
2015-03-05 20:45 - 2015-03-05 20:45 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-03-05 20:33 - 2015-03-05 20:33 - 00000000 ____D () C:\Users\Jason\AppData\Local\Pro_PC_Cleaner
2015-03-05 20:32 - 2015-03-06 03:44 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-03-05 20:32 - 2015-03-05 20:33 - 00000000 ____D () C:\Users\Jason\Documents\ProPCCleaner
2015-03-05 20:32 - 2015-03-05 20:33 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\67682200-1425583926-0920-0615-172903000000
2015-03-05 20:06 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-05 20:06 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-03-05 19:28 - 2015-03-05 19:28 - 00000000 ____D () C:\4a3b817bd9698468f37ece
2015-03-05 19:27 - 2015-03-05 19:27 - 00879096 _____ (Microsoft Corporation) C:\Users\Jason\Downloads\NetFxRepairTool.exe
2015-03-05 18:33 - 2015-03-07 22:52 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-05 18:33 - 2015-03-05 18:33 - 00000000 ____D () C:\Users\Jason\AppData\Local\MFAData
2015-03-05 17:21 - 2015-03-05 17:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 16:12 - 2015-03-15 01:05 - 00000000 ____D () C:\Users\Jason\AppData\Local\YVPack
2015-03-05 16:12 - 2015-03-11 08:13 - 00000000 ____D () C:\Users\Jason\AppData\Local\YTVPack
2015-03-05 16:05 - 2015-03-07 21:53 - 00000000 ____D () C:\Program Files (x86)\WinISO Computing
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\WinISO Computing
2015-03-05 16:05 - 2015-03-05 16:05 - 00000000 ____D () C:\Users\Jason\AppData\Local\WinISO Computing
2015-03-05 16:03 - 2015-03-05 16:05 - 07043816 _____ (WinISO Computing Inc.) C:\Users\Jason\Downloads\winiso.exe
2015-03-05 01:00 - 2015-03-05 01:00 - 00000000 ____D () C:\ProgramData\vsosdk
2015-03-05 00:34 - 2015-03-19 23:24 - 00000000 ____D () C:\Users\Jason\Documents\ConvertXtoDVD
2015-03-05 00:30 - 2015-03-05 00:33 - 00000000 ____D () C:\ProgramData\VSO
2015-03-05 00:30 - 2015-03-05 00:30 - 00099384 _____ () C:\Users\Jason\AppData\Roaming\inst.exe
2015-03-05 00:30 - 2015-03-05 00:30 - 00082816 _____ (VSO Software) C:\Users\Jason\AppData\Roaming\pcouffin.sys
2015-03-05 00:30 - 2015-03-05 00:30 - 00007859 _____ () C:\Users\Jason\AppData\Roaming\pcouffin.cat
2015-03-05 00:30 - 2015-03-05 00:30 - 00001059 _____ () C:\Users\Jason\Desktop\ConvertXToDVD 5.lnk
2015-03-05 00:30 - 2015-03-05 00:30 - 00000055 _____ () C:\Users\Jason\AppData\Roaming\pcouffin.log
2015-03-05 00:30 - 2015-03-05 00:30 - 00000000 ____D () C:\Users\Jason\Documents\PcSetup
2015-03-05 00:30 - 2015-03-05 00:30 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Vso
2015-03-05 00:30 - 2015-03-05 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2015-03-05 00:30 - 2015-03-05 00:30 - 00000000 ____D () C:\Program Files (x86)\VSO
2015-03-04 23:14 - 2015-03-05 00:32 - 00000000 ____D () C:\Program Files (x86)\DVD Flick
2015-03-04 23:14 - 2007-08-31 19:36 - 00036864 _____ (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx
2015-03-04 23:06 - 2015-03-04 23:12 - 12951423 _____ (Dennis Meuwissen ) C:\Users\Jason\Downloads\dvdflick_setup_1.3.0.7.exe
2015-03-04 23:03 - 2015-03-04 23:03 - 00000000 ____D () C:\Users\Jason\AppData\Local\Wondershare
2015-03-04 22:58 - 2015-03-04 23:03 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-03-04 22:58 - 2015-03-04 22:58 - 00848968 _____ (Wondershare) C:\Users\Jason\Downloads\dvd-creator_setup_full1203.exe
2015-03-04 20:47 - 2015-03-10 19:26 - 00252250 _____ () C:\Windows\PFRO.log
2015-03-04 20:42 - 2015-03-04 20:43 - 12250352 _____ () C:\Users\Jason\Downloads\zButterflySetup_1.2.0.exe
2015-03-04 02:26 - 2015-03-04 10:15 - 00000034 _____ () C:\Windows\setupact.log
2015-03-04 02:26 - 2015-03-04 02:26 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-03 02:48 - 2015-03-03 02:49 - 05325352 _____ (Piriform Ltd) C:\Users\Jason\Downloads\ccsetup503pro.exe
2015-03-02 22:33 - 2015-03-02 22:48 - 00000000 ____D () C:\Program Files (x86)\SmileFilesUpdater
2015-03-02 22:33 - 2015-03-02 22:33 - 00003104 _____ () C:\Windows\System32\Tasks\Update Service SmileFiles
2015-03-02 12:05 - 2015-03-02 12:05 - 00000000 ____D () C:\Users\Jason\Documents\50 shades
2015-03-02 12:01 - 2015-03-02 12:01 - 00000000 ____D () C:\Users\Jason\Downloads\Fifty Shades of Grey.2015.DVDRip.Jamie.Dornan.Full.Movie
2015-03-02 11:52 - 2015-03-02 11:52 - 00001418 _____ () C:\Users\Jason\Desktop\DivX Movies.lnk
2015-03-02 11:51 - 2015-03-04 15:50 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\DivX
2015-03-02 11:51 - 2015-03-02 11:51 - 00000962 _____ () C:\Users\Public\Desktop\DivX Converter.lnk
2015-03-02 11:51 - 2015-03-02 11:51 - 00000897 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2015-03-02 11:51 - 2015-03-02 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-03-02 11:51 - 2015-03-02 11:51 - 00000000 ____D () C:\Program Files\DivX
2015-03-02 11:46 - 2015-03-02 11:52 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-03-02 11:45 - 2015-03-02 11:53 - 00000000 ____D () C:\ProgramData\DivX
2015-03-02 11:45 - 2015-03-02 11:45 - 01012544 _____ (DivX, LLC) C:\Users\Jason\Downloads\DivXInstaller.exe
2015-03-01 21:12 - 2015-03-20 03:16 - 00000000 ____D () C:\Torrents
2015-03-01 20:47 - 2015-03-01 20:47 - 00000000 ____D () C:\Users\Jason\Documents\Grey
2015-03-01 20:46 - 2015-03-01 20:45 - 734193172 _____ () C:\Users\Jason\Documents\50 shades.zip
2015-03-01 20:43 - 2015-03-20 02:47 - 00000000 ____D () C:\Users\Jason\AppData\Local\WinZip
2015-03-01 20:43 - 2015-03-06 22:24 - 00001776 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-03-01 20:43 - 2015-03-01 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-03-01 20:43 - 2015-03-01 20:43 - 00000000 ____D () C:\Program Files\WinZip
2015-03-01 20:38 - 2015-03-01 20:38 - 01079200 _____ (Software Program ) C:\Users\Jason\Downloads\winzip19-new.exe
2015-03-01 19:38 - 2015-03-01 19:38 - 00000779 _____ () C:\Users\Jason\Desktop\BitTorrent.lnk
2015-03-01 19:38 - 2015-03-01 19:38 - 00000759 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-01 19:36 - 2015-03-20 03:16 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\BitTorrent
2015-03-01 19:36 - 2015-03-01 19:36 - 01744472 _____ (BitTorrent Inc.) C:\Users\Jason\Downloads\BitTorrent.exe
2015-03-01 18:35 - 2014-11-25 20:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-01 18:34 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-01 18:26 - 2015-02-17 11:20 - 00021040 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2015-03-01 18:25 - 2015-03-01 18:25 - 05366072 _____ (Dll-Files.com ) C:\Users\Jason\Downloads\dffsetup.exe
2015-02-28 22:20 - 2015-02-28 22:20 - 00000000 ____D () C:\ProgramData\1c0a5d300000725f
2015-02-28 22:17 - 2015-02-28 22:17 - 00000000 ____D () C:\Program Files (x86)\predm
2015-02-28 22:04 - 2015-02-28 22:04 - 00000000 ____D () C:\Users\Jason\AppData\Local\521628545
2015-02-28 22:02 - 2015-03-06 04:06 - 00000000 ____D () C:\ProgramData\{88c17a89-d734-1ce6-88c1-17a89d73ea27}
2015-02-28 21:57 - 2015-02-28 22:00 - 00000000 ____D () C:\Users\Jason\AppData\Local\BrowserHelper
2015-02-28 21:56 - 2015-02-28 21:56 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-02-28 21:55 - 2015-03-10 08:31 - 00000000 ____D () C:\Users\Jason\AppData\Local\67682200-1425156951-0920-0615-172903000000
2015-02-28 21:55 - 2015-02-28 21:55 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashRpt
2015-02-28 21:54 - 2015-03-05 22:11 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\67682200-1425156869-0920-0615-172903000000
2015-02-28 21:52 - 2015-02-28 21:52 - 00000000 ____D () C:\Program Files (x86)\fftasker
2015-02-27 11:41 - 2015-02-27 11:41 - 00050882 _____ () C:\Users\Jason\Downloads\StatementPdf(3)
2015-02-27 11:40 - 2015-02-27 11:40 - 00050882 _____ () C:\Users\Jason\Downloads\StatementPdf(2)
2015-02-27 11:40 - 2015-02-27 11:40 - 00050882 _____ () C:\Users\Jason\Downloads\StatementPdf(1)
2015-02-27 11:39 - 2015-02-27 11:39 - 00050882 _____ () C:\Users\Jason\Downloads\StatementPdf
2015-02-19 15:41 - 2015-02-19 15:41 - 00042363 _____ () C:\Users\Jason\Downloads\Project estimate sheet.xlsm

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-20 03:00 - 2009-06-15 05:25 - 01446648 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 02:50 - 2012-05-09 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 02:41 - 2010-08-31 10:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 02:19 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-20 02:19 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-20 00:37 - 2009-08-20 21:52 - 00000000 ____D () C:\Users\Jason
2015-03-20 00:23 - 2006-11-02 07:46 - 00763650 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 23:54 - 2013-12-03 18:03 - 00000000 ____D () C:\Users\Jason\Desktop\Heartland Homes
2015-03-19 23:52 - 2015-01-12 09:38 - 00000000 ____D () C:\Users\Jason\Desktop\pics
2015-03-19 22:07 - 2011-04-17 17:57 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{481F19A6-4810-45D2-AA17-E38086AEDF9B}
2015-03-19 12:40 - 2010-08-31 10:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 08:32 - 2009-08-31 08:54 - 00205312 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-18 09:34 - 2015-01-18 02:01 - 00000000 ____D () C:\Users\Jason\Desktop\music 2
2015-03-18 09:10 - 2015-01-19 01:47 - 00000000 ____D () C:\Users\Jason\AppData\Local\Backup Assistant Plus
2015-03-18 09:05 - 2015-01-25 18:21 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-17 08:50 - 2015-01-23 20:49 - 00000000 ___RD () C:\Users\Jason\Dropbox
2015-03-15 14:34 - 2010-04-02 19:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-15 14:30 - 2012-11-19 00:11 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2015-03-14 08:23 - 2012-04-30 14:19 - 00000306 ____H () C:\Windows\Tasks\Windows Core Toolbar Updater.job
2015-03-13 09:19 - 2009-04-10 00:42 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-13 09:18 - 2011-11-26 17:04 - 00000000 ____D () C:\Program Files\Java
2015-03-13 09:17 - 2011-11-26 17:06 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-03-13 09:17 - 2011-11-26 17:06 - 00207272 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-03-13 09:17 - 2011-11-26 17:06 - 00206760 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-03-13 09:16 - 2013-06-22 13:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-11 08:18 - 2011-11-09 20:59 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 08:18 - 2011-11-09 20:58 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Dropbox
2015-03-11 08:13 - 2015-01-25 18:21 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-11 08:12 - 2012-04-30 14:19 - 00000312 ____H () C:\Windows\Tasks\Windows Core Helper.job
2015-03-10 19:47 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 19:40 - 2006-11-02 10:42 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-10 18:25 - 2014-10-13 22:55 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-10 18:25 - 2013-04-30 17:17 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-10 18:25 - 2013-04-30 17:17 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-10 18:25 - 2013-04-30 17:17 - 00003840 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-10 18:25 - 2011-05-30 12:21 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-10 18:25 - 2009-08-21 18:35 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-10 18:25 - 2009-08-21 18:35 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-10 18:25 - 2009-08-21 18:35 - 00065224 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-10 18:25 - 2009-08-21 18:35 - 00064712 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-10 18:15 - 2014-10-13 22:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-10 18:10 - 2006-11-02 10:21 - 00391688 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 17:59 - 2009-04-10 00:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-07 23:10 - 2014-10-13 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 22:52 - 2006-11-02 07:33 - 107216896 _____ () C:\Windows\system32\config\software.bak
2015-03-07 22:52 - 2006-11-02 07:33 - 04980736 _____ () C:\Windows\system32\config\default.bak
2015-03-07 22:52 - 2006-11-02 07:33 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-03-07 22:52 - 2006-11-02 07:33 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-03-07 22:50 - 2009-08-26 15:45 - 00000000 ____D () C:\Users\Brittney
2015-03-07 22:09 - 2011-11-04 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planit
2015-03-07 22:06 - 2009-04-10 00:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-07 21:58 - 2013-04-02 17:53 - 00000000 ____D () C:\Program Files (x86)\TestBustReader
2015-03-07 21:58 - 2013-04-02 17:53 - 00000000 ____D () C:\Program Files (x86)\Seagate Software
2015-03-07 21:46 - 2015-01-17 01:19 - 00000000 ____D () C:\Users\Jason\AppData\Local\Deployment
2015-03-07 12:53 - 2013-07-11 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-07 12:41 - 2006-11-02 07:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-07 09:58 - 2011-04-22 03:01 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%
2015-03-07 01:38 - 2015-01-17 01:18 - 00417064 _____ () C:\Users\Jason\Downloads\DellSystemDetect.exe
2015-03-06 22:24 - 2010-09-12 17:39 - 00000920 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk
2015-03-06 22:24 - 2006-11-02 10:36 - 00001762 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
2015-03-06 22:24 - 2006-11-02 10:36 - 00001713 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-03-06 22:24 - 2006-11-02 10:35 - 00001667 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
2015-03-06 22:24 - 2006-11-02 10:34 - 00001678 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
2015-03-06 02:31 - 2009-12-02 16:50 - 00000000 ____D () C:\temp
2015-03-05 22:28 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2015-03-05 21:12 - 2010-09-10 22:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-05 20:21 - 2009-08-31 20:58 - 00756962 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-05 17:25 - 2012-04-29 09:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-04 20:47 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Speech
2015-03-03 03:06 - 2011-07-08 15:58 - 00000000 ____D () C:\Windows\Minidump
2015-03-03 03:06 - 2011-01-20 19:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-03-03 03:06 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2015-03-03 00:01 - 2011-11-26 14:46 - 01491324 _____ () C:\Users\Jason\Downloads\SuperOneClickv2.2-ShortFuse.zip
2015-03-02 22:44 - 2006-11-02 07:34 - 00000321 _____ () C:\Windows\win.ini
2015-03-02 22:34 - 2012-12-02 21:55 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-03-02 11:14 - 2015-01-18 16:33 - 00000000 ____D () C:\Users\Jason\Desktop\songs and pics
2015-03-01 20:43 - 2010-03-20 23:46 - 00000000 ____D () C:\ProgramData\WinZip
2015-03-01 17:50 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-01 02:13 - 2015-01-25 18:21 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-28 22:26 - 2006-11-02 08:33 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-28 22:19 - 2015-01-18 00:21 - 00000000 ____D () C:\Program Files (x86)\Sharepod
2015-02-28 22:18 - 2013-05-31 15:19 - 00000000 ____D () C:\ProgramData\Origin
2015-02-28 22:18 - 2013-05-31 15:18 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-28 21:56 - 2009-08-20 21:55 - 00001165 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-28 21:56 - 2009-08-20 21:55 - 00001135 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-26 12:22 - 2015-02-04 18:34 - 00000035 _____ () C:\Windows\ASPROG.INI
2015-02-26 12:22 - 2015-02-04 18:28 - 00000000 ____D () C:\JobView
2015-02-26 12:21 - 2015-02-04 18:29 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\ASystems
2015-02-18 22:37 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\Web

==================== Files in the root of some directories =======

2015-03-05 00:30 - 2015-03-05 00:30 - 0099384 _____ () C:\Users\Jason\AppData\Roaming\inst.exe
2015-03-05 00:30 - 2015-03-05 00:30 - 0007859 _____ () C:\Users\Jason\AppData\Roaming\pcouffin.cat
2015-03-05 00:30 - 2015-03-05 00:30 - 0001167 _____ () C:\Users\Jason\AppData\Roaming\pcouffin.inf
2015-03-05 00:30 - 2015-03-05 00:30 - 0000055 _____ () C:\Users\Jason\AppData\Roaming\pcouffin.log
2015-03-05 00:30 - 2015-03-05 00:30 - 0082816 _____ (VSO Software) C:\Users\Jason\AppData\Roaming\pcouffin.sys
2015-01-19 02:11 - 2015-01-19 02:11 - 0024088 _____ () C:\Users\Jason\AppData\Roaming\UserTile.png
2009-08-21 06:13 - 2015-01-20 10:02 - 0005160 _____ () C:\Users\Jason\AppData\Roaming\wklnhst.dat
2010-09-10 21:41 - 2010-09-10 21:41 - 0000732 _____ () C:\Users\Jason\AppData\Local\d3d9caps64.dat
2009-08-31 08:54 - 2015-03-19 08:32 - 0205312 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-15 21:13 - 2011-06-15 21:15 - 0474388 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI09E6.txt
2011-03-28 16:30 - 2011-03-28 16:30 - 0358066 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI14AD.txt
2015-01-19 01:46 - 2015-01-19 01:46 - 0402630 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI178C.txt
2015-01-25 14:01 - 2015-01-25 14:02 - 0447880 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI1EFB.txt
2011-04-27 21:32 - 2011-04-27 21:32 - 0359518 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI23FC.txt
2011-03-11 07:13 - 2011-03-11 07:13 - 0437266 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI3A01.txt
2011-05-13 08:51 - 2011-05-13 08:51 - 0358120 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI3F84.txt
2011-04-26 21:16 - 2011-04-26 21:16 - 0358834 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI4985.txt
2011-04-27 11:22 - 2011-04-27 11:22 - 0358834 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI5120.txt
2011-04-29 19:10 - 2011-04-29 19:10 - 0360284 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI53C0.txt
2011-03-14 19:24 - 2011-03-14 19:24 - 0359132 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI53DC.txt
2011-05-12 22:24 - 2011-05-12 22:24 - 0360368 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI5FF9.txt
2011-05-13 06:56 - 2011-05-13 06:56 - 0357736 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI67A0.txt
2011-04-17 17:44 - 2011-04-17 17:46 - 0470004 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI6868.txt
2011-04-28 13:08 - 2011-04-28 13:08 - 0361052 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI708A.txt
2011-03-15 18:27 - 2011-03-15 18:27 - 0359900 _____ () C:\Users\Jason\AppData\Local\dd_vcredistMSI76CA.txt
2011-06-15 21:13 - 2011-06-15 21:15 - 0214924 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI09E6.txt
2011-03-28 16:30 - 2011-03-28 16:30 - 0011126 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI14AD.txt
2015-01-19 01:46 - 2015-01-19 01:46 - 0011380 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI178C.txt
2015-01-25 14:01 - 2015-01-25 14:02 - 0042104 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI1EFB.txt
2011-04-27 21:32 - 2011-04-27 21:32 - 0011938 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI23FC.txt
2011-03-11 07:13 - 2011-03-11 07:13 - 0011430 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI3A01.txt
2011-05-13 08:51 - 2011-05-13 08:51 - 0011142 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI3F84.txt
2011-04-26 21:16 - 2011-04-26 21:16 - 0011158 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI4985.txt
2011-04-27 11:22 - 2011-04-27 11:22 - 0011158 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI5120.txt
2011-04-29 19:10 - 2011-04-29 19:10 - 0011970 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI53C0.txt
2011-03-14 19:24 - 2011-03-14 19:24 - 0014586 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI53DC.txt
2011-05-12 22:24 - 2011-05-12 22:24 - 0011222 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI5FF9.txt
2011-05-13 06:56 - 2011-05-13 06:56 - 0011126 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI67A0.txt
2011-04-17 17:44 - 2011-04-17 17:46 - 0012988 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI6868.txt
2011-04-28 13:08 - 2011-04-28 13:08 - 0012002 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI708A.txt
2011-03-15 18:27 - 2011-03-15 18:27 - 0014618 _____ () C:\Users\Jason\AppData\Local\dd_vcredistUI76CA.txt
2015-01-27 00:48 - 2015-01-27 00:48 - 0004096 ____H () C:\Users\Jason\AppData\Local\keyfile3.drm

Some content of TEMP:
====================
C:\Users\Brittney\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk5gf9a.dll
C:\Users\Jason\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Jason\AppData\Local\Temp\jre-8u40-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-19 21:39

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Jason at 2015-03-20 03:39:13
Running from C:\Users\Jason\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alphacam 2011 R1 (HKLM-x32\...\InstallShield_{7F73B2EA-8C95-4B3D-8DDD-E895A93FD3A1}) (Version: 10.0.0.180 - Planit Software Limited)
Alphacam 2011 R1 (x32 Version: 10.00.0000 - Planit Software Limited) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
A-Systems JobView Version 15.0 (HKLM-x32\...\A-Systems JobView_is1) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{5348C5B4-0F91-1402-8AFF-DFB04C569F5A}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2214 - AVAST Software)
BitTorrent (HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (HKLM-x32\...\{3594EE90-B157-4519-9E82-8B6F4711A0A1}) (Version: 1.00.0000 - ATI)
ccc-core-static (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2705 - CyberLink Corp.)
DiskAid 6.7.6.0 (HKLM\...\DiskAid_is1) (Version: 6.7.6.0 - DigiDNA)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.20.00 - SEIKO EPSON Corporation)
EPSON NX110 Series Printer Uninstall (HKLM\...\EPSON NX110 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Gateway Photo Frame 4.2.3.6 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.6 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.00.3006 - Acer Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.0.0.413 - Gateway)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hardware Resources 2009 (HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\Hardware Resources 2009) (Version:  - )
InstallMgr (x32 Version: 1.0.39.0 - Microsoft Corporation) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java™ 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
join.me (HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
LogMeIn Client (HKLM-x32\...\{9E01C3E5-F23A-4232-AFC7-FCF2D04D73EC}) (Version: 1.3.615 - LogMeIn, Inc.)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 10.67.3.3 - Marvell)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Toolbar (HKLM-x32\...\{A8AC89BA-D8CB-4372-9743-1C54D23286B0}) (Version: 1.0.39.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
S2M Center 2011 R2 (HKLM-x32\...\InstallShield_{C2D88C6D-CA27-4DBB-8D2F-B92E4ED1C3D1}) (Version: 3.1.0.111 - Planit Software Ltd.)
S2M Center 2011 R2 (x32 Version: 3.01.0000 - Planit Software Ltd.) Hidden
S2M Center 2012 R1 (HKLM-x32\...\InstallShield_{1AB78725-9121-49AB-B20E-0C56F1B0C44E}) (Version: 4.0.0.134 - Planit Software Ltd.)
S2M Center 2012 R1 (x32 Version: 4.00.0000 - Planit Software Ltd.) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM-x32\...\{9F153AD3-3523-4542-818E-AE2F92249667}) (Version: 1.3.550.0 - SAMSUNG Electronics CO., LTD.)
SEE2 Xtreme 9.02.0727.1155 (HKLM-x32\...\{B6BA1C6B-A192-46B8-AA40-AD72326AE1B6}) (Version: 9.02.0727.1155 - Tritton)
Sentinel System Driver Installer 7.5.2 (HKLM-x32\...\{504B7439-03BB-4C23-B17E-A1EC2D1D47B1}) (Version: 7.5.2 - SafeNet, Inc.)
Skins (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
SMAC 2.0 (HKLM-x32\...\SMAC 2.0) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SystemTools DumpSec (HKLM-x32\...\SystemTools DumpSec) (Version:  - SystemTools Software Inc)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
UDA Office (HKLM-x32\...\UDA Office) (Version: CNTRTFDB2009 - UDA Technologies, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Cloud (HKLM-x32\...\Verizon Cloud) (Version: 4.1.0 - Verizon Wireless)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.14 - VSO Software)
Windows Core Toolbar (HKLM-x32\...\{66E21DF1-1031-4297-B2C4-741AA435B583}) (Version: 1.0.1 - Search Core Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
Wise Registry Cleaner 8.31 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
XAMPP 1.7.4 (HKLM-x32\...\xampp) (Version:  - )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{B2C192C7-4005-4A8A-8485-BC7932DE3800}\localserver32 -> C:\Program Files (x86)\LogMeIn Ignition\LMIIgnition.exe (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3758089241-3441557801-3304877760-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

04-03-2015 23:08:14 Configured Solid 8.0
05-03-2015 18:34:38 Installed AVG 2015
05-03-2015 19:13:59 Installed AVG 2015
05-03-2015 19:47:33 Windows Update
07-03-2015 00:12:09 Scheduled Checkpoint
07-03-2015 12:39:07 Windows Update
07-03-2015 21:09:37 Removed AVG 2015
07-03-2015 21:12:13 Removed AVG 2015
07-03-2015 21:57:29 Removed TestBustReader.
07-03-2015 21:59:51 Configured Solid 2012 R1
07-03-2015 22:03:41 Configured Solid 2011 R2
07-03-2015 22:07:42 Configured S2M Center 5.0
08-03-2015 12:07:39 Scheduled Checkpoint
09-03-2015 02:27:01 Scheduled Checkpoint
10-03-2015 11:44:26 Scheduled Checkpoint
10-03-2015 17:52:28 Windows Update
10-03-2015 18:15:08 avast! antivirus system restore point
12-03-2015 03:11:45 Scheduled Checkpoint
13-03-2015 10:03:46 Scheduled Checkpoint
14-03-2015 03:21:09 Scheduled Checkpoint
15-03-2015 02:40:47 Scheduled Checkpoint
15-03-2015 10:45:43 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
15-03-2015 10:45:58 Device Driver Package Install: Apple Network adapters
15-03-2015 10:53:58 Installed iTunes
15-03-2015 11:26:41 Installed iTunes
15-03-2015 11:42:24 Removed iTunes
15-03-2015 11:45:19 Installed iTunes
15-03-2015 13:24:52 Removed iTunes
15-03-2015 13:49:21 Installed iTunes
15-03-2015 14:33:19 Installed iTunes
17-03-2015 00:15:19 Scheduled Checkpoint
18-03-2015 00:00:01 Scheduled Checkpoint
19-03-2015 01:05:48 Scheduled Checkpoint
20-03-2015 01:17:55 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2015-02-28 23:22 - 00450811 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18292D1B-40B9-4D7E-9BAD-A05C6E27631D} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {1D3F1B14-A1F1-4399-8A27-F5330EB98885} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {2551D24A-BA8D-4E51-859E-5CFAF4E49C98} - System32\Tasks\{3DD534B6-4FD3-43C6-B7FE-9253244EDAEA} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -c /z-uninstall
Task: {29BAA507-C3C7-49A8-B3F1-46F95AC8767B} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {31218F0B-8EDA-4678-812E-A19D7EADE8BA} - System32\Tasks\Windows Core Toolbar Updater => C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar\wcupdt.exe [2012-02-22] (Search Core System)
Task: {3787456F-008E-4224-869E-655C5E49200F} - \SMW_UpdateTask_Time_333532393835333636302d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {43193FCC-BB53-4509-A881-3E9E0216CF56} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-03-10] (Avast Software s.r.o.)
Task: {4A23AE73-C53E-4998-8E4C-3C4BD6FCC911} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {660276E5-65B9-4E4F-871A-4B2A46572FEE} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-02-25] (Acer)
Task: {7089CB29-A3BB-441A-BC3C-6B6EDF3BD2B1} - \AmiUpdXp No Task File <==== ATTENTION
Task: {780F9E77-8669-44A4-A3D8-D445160767C0} - \LuckyTab No Task File <==== ATTENTION
Task: {A69EF284-B9A4-43FE-B892-44728B892402} - System32\Tasks\Update Service SmileFiles => C:\Program Files (x86)\SmileFilesUpdater\SmileFilesUpdater.exe [2015-03-02] (hxxp://simple-files.com/)
Task: {ACD94B6E-3FBC-41DB-B640-933E52326212} - \Tempo Runner cozahost No Task File <==== ATTENTION
Task: {AE8499C5-B252-46D4-83C4-5269A1F36B2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B8AAF73B-B3E8-447A-9E0E-F698B8186855} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {BF1C06DD-850D-4227-8F4D-0DF481890DD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {C9D86FA4-4193-42D3-AC2F-75E8B0E0D415} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {E8693760-72BB-4775-A5B4-6BE6DCE36F03} - \SMWPUpd No Task File <==== ATTENTION
Task: {E96CA511-4968-4D0F-9980-2FCC1E982BC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {ECA783DA-81FA-4BCF-9C3E-EA546C9EB4A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {F3651365-5DCD-4044-BE9B-F266B54DB097} - System32\Tasks\Windows Core Helper => C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar\wcthelper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Windows Core Helper.job => C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar\wcthelper.exe
Task: C:\Windows\Tasks\Windows Core Toolbar Updater.job => C:\Program Files (x86)\Search Core Systems\Windows Core Toolbar\wcupdt.exe

==================== Loaded Modules (whitelisted) ==============

2011-01-20 19:57 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-03-05 20:33 - 2015-03-05 20:33 - 00193024 _____ () C:\Users\Jason\AppData\Roaming\67682200-1425583926-0920-0615-172903000000\jnsgC23F.tmp
2010-12-03 13:18 - 2010-12-03 13:18 - 08133120 _____ () c:\xampp\mysql\bin\mysqld.exe
2009-04-09 23:41 - 2008-12-10 17:05 - 00118272 _____ () C:\Windows\system32\atitmm64.dll
2009-06-15 05:38 - 2008-05-30 12:50 - 00581120 _____ () C:\Windows\MHotKey.exe
2009-06-15 05:28 - 2009-06-15 05:28 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-09-18 12:30 - 2008-09-18 12:30 - 01186816 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2007-12-06 17:59 - 2007-12-06 17:59 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-05 16:11 - 2015-03-05 16:11 - 02623488 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-03-10 18:25 - 2015-03-10 18:25 - 00104400 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-03-10 18:25 - 2015-03-10 18:25 - 00081728 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-03-10 15:18 - 2015-03-10 15:19 - 02920960 _____ () C:\Program Files\Alwil Software\Avast5\defs\15031001\algo.dll
2015-03-19 14:59 - 2015-03-19 14:59 - 02922496 _____ () C:\Program Files\Alwil Software\Avast5\defs\15031901\algo.dll
2010-03-14 14:52 - 2010-03-14 14:52 - 00077876 _____ () c:\xampp\apache\bin\zlib1.dll
2015-01-25 18:21 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-25 18:21 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-25 18:21 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-25 18:21 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-25 18:21 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-03-14 14:52 - 2010-03-14 14:52 - 00077876 _____ () C:\xampp\apache\bin\zlib1.dll
2009-05-05 12:51 - 2009-05-05 12:51 - 00032768 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
2009-05-05 12:51 - 2009-05-05 12:51 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
2008-12-24 14:29 - 2008-12-24 14:29 - 00619816 ____N () C:\Program Files (x86)\Cyberlink\Power2Go\CLMediaLibrary.dll
2008-12-24 14:30 - 2008-12-24 14:30 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2009-08-20 22:10 - 2008-12-03 14:05 - 00135168 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2009-08-20 22:10 - 2008-11-26 10:56 - 00057344 ____N () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
2014-10-13 22:55 - 2015-03-10 18:25 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2015-03-04 23:03 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-03-04 23:03 - 2014-02-15 12:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-03-04 17:08 - 2015-03-04 17:08 - 00750080 _____ () C:\Users\Jason\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-11 08:18 - 2015-03-11 08:18 - 00043008 _____ () c:\users\jason\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk5gf9a.dll
2015-03-04 17:08 - 2015-03-04 17:08 - 00047616 _____ () C:\Users\Jason\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:08 - 2015-03-04 17:08 - 00865280 _____ () C:\Users\Jason\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:07 - 2015-03-04 17:07 - 00200704 _____ () C:\Users\Jason\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-04 19:50 - 2015-02-04 19:50 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1B4D9DFB

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3758089241-3441557801-3304877760-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3758089241-3441557801-3304877760-500 - Administrator - Disabled)
Brittney (S-1-5-21-3758089241-3441557801-3304877760-1001 - Limited - Enabled) => C:\Users\Brittney
Guest (S-1-5-21-3758089241-3441557801-3304877760-501 - Limited - Enabled)
Jason (S-1-5-21-3758089241-3441557801-3304877760-1000 - Administrator - Enabled) => C:\Users\Jason

==================== Faulty Device Manager Devices =============

Name: isatap.launchmodem.com
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 03:05:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2015 03:05:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2015 03:05:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2015 03:05:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/20/2015 00:36:12 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JASON\DESKTOP\DOCUMENTS\MY STATIONERY> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/20/2015 00:36:12 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JASON\DESKTOP\DOCUMENTS\MY STATIONERY> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/20/2015 00:36:12 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JASON\DESKTOP\DOCUMENTS\GREY\FIFTY SHADES OF GREY.2015.DVDRIP.JAMIE.DORNAN.FULL.MOVIE\FIFTY SHADES OF GREY.2015.DVDRIP.JAMIE.DORNAN.FULL.MOVIE.RAR> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/20/2015 00:36:12 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JASON\DESKTOP\DOCUMENTS\GREY\FIFTY SHADES OF GREY.2015.DVDRIP.JAMIE.DORNAN.FULL.MOVIE\FIFTY SHADES OF GREY.2015.DVDRIP.JAMIE.DORNAN.FULL.MOVIE.RAR> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/20/2015 00:36:11 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JASON\DESKTOP\DOCUMENTS\GREY\FIFTY SHADES OF GREY.2015.DVDRIP.JAMIE.DORNAN.FULL.MOVIE\@MOVIE INFO@.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/20/2015 00:36:11 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\JASON\DESKTOP\DOCUMENTS\GREY\FIFTY SHADES OF GREY.2015.DVDRIP.JAMIE.DORNAN.FULL.MOVIE\@MOVIE INFO@.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (03/17/2015 07:13:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000stisvc

Error: (03/15/2015 01:52:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Apple Mobile Device Service%%1053

Error: (03/15/2015 01:52:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Apple Mobile Device Service

Error: (03/15/2015 01:52:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Apple Mobile Device Service%%1053

Error: (03/15/2015 01:52:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Apple Mobile Device Service

Error: (03/15/2015 01:52:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Apple Mobile Device Service%%1053

Error: (03/15/2015 01:52:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Apple Mobile Device Service

Error: (03/15/2015 01:52:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Apple Mobile Device Service%%1053

Error: (03/15/2015 01:52:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Apple Mobile Device Service

Error: (03/15/2015 01:52:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Apple Mobile Device Service%%1053


Microsoft Office Sessions:
=========================
Error: (06/28/2013 08:56:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14897 seconds with 420 seconds of active time.  This session ended with a crash.

Error: (06/22/2013 04:43:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 8750 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (06/22/2013 02:16:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1584 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (04/29/2013 00:48:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9026 seconds with 3480 seconds of active time.  This session ended with a crash.

Error: (04/26/2013 00:00:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20905 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (04/25/2013 04:17:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 343 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (03/09/2013 08:16:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/09/2013 08:16:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33277 seconds with 1680 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-07 22:19:19.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\~GLH0023.TMP because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:18.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\~GLH0023.TMP because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:18.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\~GLH0023.TMP because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:17.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\~GLH0023.TMP because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:16.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\~GLH0023.TMP because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:16.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\~GLH0023.TMP because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:12.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:11.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:11.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-07 22:19:10.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ 7750 Dual-Core Processor
Percentage of memory in use: 35%
Total physical RAM: 5886.26 MB
Available physical RAM: 3811.08 MB
Total Pagefile: 11971.02 MB
Available Pagefile: 8335.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.52 GB) (Free:272.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 493EC12E)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=27)
Partition 2: (Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
 

Attached Files


Edited by hamluis, 22 March 2015 - 02:31 PM.
Deactivated link - Hamluis.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:02 PM

Posted 22 March 2015 - 11:26 AM

Hello JDubC and welcome to BleepingComputer!       :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.        :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

 

Going over your logs I noticed that you have BitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent, however that choice is up to you. If you choose to remove these programs, you can do so viaStart > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

 

 

I've submitted my next steps to my instructor, please wait a bit.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:02 PM

Posted 22 March 2015 - 11:55 AM

Hi JDubC.

 

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Java™ 6 Update 5
    Java™ SE Development Kit 7 Update 1 (64-bit)
    MSN Toolbar
    Pro PC Cleaner
    Windows Core Toolbar
    Wise Registry Cleaner 8.31
    Yahoo! Software Update
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 JDubC

JDubC
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 22 March 2015 - 03:05 PM

# AdwCleaner v4.112 - Logfile created 22/03/2015 at 13:13:19
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : Jason - JASON-PC
# Running from : C:\Users\Jason\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\Users\Brittney\AppData\Roaming\Mozilla\Firefox\Profiles\1o6qo0ro.default\user.js
File Found : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\1hk4a9s2.default\user.js
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\Search Toolbar
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Speedbit Video Downloader
Folder Found : C:\Program Files (x86)\Tbccint
Folder Found : C:\ProgramData\1c0a5d300000725f
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\PC Drivers HeadQuarters
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\SearchProtect
Folder Found : C:\Users\Brittney\AppData\LocalLow\Conduit
Folder Found : C:\Users\Brittney\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Jason\AppData\Local\BrowserHelper
Folder Found : C:\Users\Jason\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\Jason\AppData\Local\Pro_PC_Cleaner
Folder Found : C:\Users\Jason\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jason\AppData\Roaming\download Manager
Folder Found : C:\Users\Jason\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\Jason\AppData\Roaming\Media Finder
Folder Found : C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\FLV Player
Folder Found : C:\Users\Jason\Documents\ProPCCleaner

***** [ Scheduled tasks ] *****

Task Found : AmiUpdXp
Task Found : ProgramUpdateCheck
Task Found : LuckyTab
Task Found : Run_Bobby_Browser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;<local>
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Boost
Key Found : HKCU\Software\Classes\MF
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77FECCEB-872E-40DF-9AB2-A5E456AF4C6B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8003E45B-EFA8-4226-B6CC-AD56E3DE100A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5081D2D4-1637-404c-B74F-50526718257D}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A6BE320-DC9B-4D24-A6E8-621B81544F4B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A6BE320-DC9B-4D24-A6E8-621B81544F4B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}
Key Found : HKCU\Software\ProPCCleanerLanguage
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\Boost
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\MediaFinder
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77FECCEB-872E-40DF-9AB2-A5E456AF4C6B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8003E45B-EFA8-4226-B6CC-AD56E3DE100A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}
Key Found : [x64] HKCU\Software\ProPCCleanerLanguage
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Boost
Key Found : HKLM\SOFTWARE\Clara
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[1o6qo0ro.default] - Line Found : user_pref("extensions.enabledAddons", "crossriderapp2258%40crossrider.com:0.85.86,%7B425F6CC1-69CA-4604-BDC6-7EE7A066A843%7D:1.0,wrc%40avast.com:8.0.1497,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.[...]
[1o6qo0ro.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[1o6qo0ro.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[1hk4a9s2.default] - Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN40850183482931312&UM=2&UP=SPF1F1080C-6C13-4315-AD76-0831AA9FFEEA");
[1hk4a9s2.default] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
[1hk4a9s2.default] - Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN40850183482931312&UM=2&q=");
[1hk4a9s2.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[1hk4a9s2.default] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
[1hk4a9s2.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
[1hk4a9s2.default] - Line Found : user_pref("browser.search.selectedEngine", "SearchBrowsing");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.aflt", "ironto");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.dfltLng", "");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.dfltSrch", true);
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.dnsErr", true);
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.excTlbr", false);
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.hmpg", true);
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ironto");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.id", "4810cce800000000000000d041b7554b");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.instlDay", "15460");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.instlRef", "");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.newTab", true);
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ironto");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.tlbrId", "base");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ironto&q=");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1614:25:46");
[1hk4a9s2.default] - Line Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
[1hk4a9s2.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "39201");
[1hk4a9s2.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
[1hk4a9s2.default] - Line Found : user_pref("smartbar.machineId", "YKQZZV9TFEI5SGBX8JPVDRERRKCNV9CFXJZ9H6MKGOZYOKWP2BUROH860YAQS2DLJNCW5D1WDYTT5KDSNTT9BQ");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var1", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var10", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var2", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var3", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var4", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var5", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var6", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var7", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var8", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.Var9", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "39/15/19/5/111");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.firstlaunch", "0");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.guid", "%7BD34E6C8E-AEE2-9609-68D7-B49F11277E22%7D");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader.userId", "%12");
[1hk4a9s2.default] - Line Found : user_pref("speedbitvideodownloader_installed_version", "2.4.0");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Brittney\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Brittney\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0DtDyEtC0ByCyCyE0B0E0C0C0EzztN0D0Tzu0StCtCyDyEtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0BtB0B0Dzy0B0CtGyDyEtCtCtGtDtC0CyCtGzzyCyEtCtGyEyE0AtAyDtB0B0A0FyByCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtA0CyEyB0B0AtG0BtA0ByEtGyE0EyCzytGzzyD0CzytGtAtCzyyCtDtByByB0ByCzztC2Q&cr=1053994862&ir=
[C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0DtDyEtC0ByCyCyE0B0E0C0C0EzztN0D0Tzu0StCtCyDyEtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0BtB0B0Dzy0B0CtGyDyEtCtCtGtDtC0CyCtGzzyCyEtCtGyEyE0AtAyDtB0B0A0FyByCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtA0CyEyB0B0AtG0BtA0ByEtGyE0EyCzytGzzyD0CzytGtAtCzyyCtDtByByB0ByCzztC2Q&cr=1053994862&ir=
*************************

AdwCleaner[R0].txt - [17355 bytes] - [22/03/2015 13:13:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17415 bytes] ##########


#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:02 PM

Posted 24 March 2015 - 02:54 AM

Hi JDubC.

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

 

After the fix was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:05:02 PM

Posted 31 March 2015 - 11:20 AM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:02 AM

Posted 03 April 2015 - 01:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users