Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of pop ups! FRST log inside...


  • This topic is locked This topic is locked
19 replies to this topic

#1 Jason B

Jason B

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 05 May 2015 - 12:47 PM

I'm getting pop ups all the time, in IE and Chrome, on windows 7. I get these security pop ups that you cannot close and takes over the whole browser with an audible message that won't stop repeating. I've run malwarebytes, spyhunter, spybot, etc and they always end up coming back. Some of the sites I visit seem to get me infected with these pop ups and I'd like a way to still visit these sites and not become infected. Here is the log:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by Jason at 2015-05-05 13:45:14
Running from D:\Jason\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1011703464-4262661669-2174859873-500 - Administrator - Disabled)
Guest (S-1-5-21-1011703464-4262661669-2174859873-501 - Limited - Disabled)
Jason (S-1-5-21-1011703464-4262661669-2174859873-1000 - Administrator - Enabled) => C:\Users\Jason
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveHome Scripting (HKLM-x32\...\AHSDK) (Version:  - )
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Any Video to DVD Converter and Burner 5.2.0.3 (HKLM-x32\...\{66712EEE-ECBC-4CA6-A475-any-video-to-dvd}_is1) (Version:  - TopVideoSoft,Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
DVDFab 9.1.9.6 (07/04/2015) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.49 - FileZilla Project)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.03.0000 - Jasc Software Inc)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Remoteless Helper 2.3.0 (HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Remoteless Helper 2.3.0) (Version:  - )
Replay Media Catcher 6 (6.0.0.70) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.0.70 - Applian Technologies)
Ron's Editor (Remove Only) (HKLM-x32\...\Ron's Editor_is1) (Version:  - )
Spotify (HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TVMOBiLi (HKLM-x32\...\TVMOBiLi) (Version:  - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wondershare DVD Creator(Build 3.3.0) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version:  - Wondershare Software)
X10 Commander 1.9.8 (HKLM-x32\...\{220CD0D3-0EF0-4F1F-9046-08373C799A98}_is1) (Version:  - Melloware Inc)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-04-08 13:11 - 2015-05-05 11:36 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1EB08906-19CA-416F-99B0-437A014C59B9} - \ObronaCleanerUacSkip No Task File <==== ATTENTION
Task: {3C22C4F9-46D4-41D8-81FD-B685433139BE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1011703464-4262661669-2174859873-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {4039CA30-4714-4491-A6B5-00EC3983948A} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-08-21] (Enigma Software Group USA, LLC.)
Task: {4B82DF41-BACA-472E-868B-89E3138FEC68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {5F069722-0D26-40AC-BC10-674B048A08C1} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {60E7F422-AFDD-4CC2-B7F2-4173F8B2A561} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1011703464-4262661669-2174859873-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {7E160EFB-1594-455E-8F78-2B6CE315325E} - \LaunchSignup No Task File <==== ATTENTION
Task: {858AD2DE-9C5B-4946-9888-AFB4EEEA10D5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1011703464-4262661669-2174859873-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {940C23F6-A3C0-45CC-95CF-1DA3160D5A80} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {9F419C29-564B-433E-B8AA-19AFE37831AE} - \Startup Time Check No Task File <==== ATTENTION
Task: {A9F02B33-5B10-4C59-95B9-B9D521C27B4B} - System32\Tasks\DVWKW => C:\Users\Jason\AppData\Roaming\DVWKW.exe <==== ATTENTION
Task: {B3FF7DDB-7BA2-4243-8F8F-E78338E18D48} - System32\Tasks\BYTGTS => C:\ProgramData\bcf67e35f6104ae0b36aeaedc64aa8d2\bcf67e35f6104ae0b36aeaedc64aa8d2.exe
Task: {CED60399-71F0-421A-A6B4-6DE29BD41EB9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D131B82E-65E5-44F4-A439-53A5555082F5} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313235333335373531392d325b573423416c45555a2a6c => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {F8E1D826-94E6-4BC8-B6E3-F102B8C4F034} - \GlobalUpdate-ogy1y2nxzwswbtl No Task File <==== ATTENTION
Task: {FBC099D0-B236-4C0C-9FEE-A1F84821A0FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: C:\Windows\Tasks\DVWKW.job => C:\Users\Jason\AppData\Roaming\DVWKW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-09-08 14:33 - 2014-09-08 14:33 - 00069120 ____N () C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
2014-09-08 14:42 - 2014-09-08 14:42 - 01265152 _____ () C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
2011-06-30 00:14 - 2011-06-30 00:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-18 16:54 - 2010-05-18 16:54 - 00395776 _____ () C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll
2015-04-07 17:39 - 2015-04-07 17:39 - 00865880 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2015-02-03 13:38 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-03 13:38 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-03 13:38 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-03 13:38 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-03 13:38 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-10-29 19:07 - 2014-10-29 19:07 - 00065600 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2015-04-25 03:15 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-04-25 03:15 - 2014-02-15 11:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-04-30 16:22 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 16:22 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-07 17:39 - 2015-04-07 17:39 - 00573528 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jason\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [TCP Query User{CDB5180F-9363-410F-8DB3-AAD0430DAD2C}D:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) D:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [UDP Query User{4870A02F-EC66-4544-BB5B-63F11671B968}D:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) D:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [{B9074C65-E5F5-42E0-9056-E2051B111061}] => (Allow) LPort=6003
FirewallRules: [{7ED18185-EB01-4F36-AEE1-99EFB21069A4}] => (Allow) C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe
FirewallRules: [{2AA281E1-6EB9-423C-97AC-4822A7FC70E9}] => (Allow) C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe
FirewallRules: [{DBD1CBE1-E3FA-4142-B51B-77C1F49EB00F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18A14BBF-B42C-488A-B45F-5EDE899BC65B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F2A1430-5E5A-48FD-90D7-7E531F985407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36F8689B-1649-48D6-B85B-B6CF762533CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{212343A6-0323-482D-8B27-6C3E2BB4D4B5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{96BEDDF6-1295-4441-8399-480803D14EFD}E:\program files (x86)\itunes\itunes.exe] => (Allow) E:\program files (x86)\itunes\itunes.exe
FirewallRules: [{C4C29809-BEFF-4350-870F-D7D7D6512964}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{045A4FFD-F493-4774-ADE1-2CF3AE032B9C}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{6CCA9483-6051-4A6D-899A-94D9B58E7C7E}C:\program files (x86)\remotelesshelper\remotelesshelper.exe] => (Allow) C:\program files (x86)\remotelesshelper\remotelesshelper.exe
FirewallRules: [UDP Query User{87467227-BD28-4AA8-A7C7-8D407B278256}C:\program files (x86)\remotelesshelper\remotelesshelper.exe] => (Allow) C:\program files (x86)\remotelesshelper\remotelesshelper.exe
FirewallRules: [{26436A04-6476-4D0D-B38F-6A1B8F026C61}] => (Allow) C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
FirewallRules: [{64B4CFAA-73AF-4E4B-B20D-6FBAEC4404A2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{BD3D2290-DD5F-4278-882E-34803D971813}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{180E3148-A4BC-4A94-ACC1-34042353D2A4}C:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) C:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [UDP Query User{A4AA61A6-768C-4D8F-AEC4-51FE4DD53CC9}C:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) C:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [{DC566C8A-9F02-4FD4-BDAE-1746F1B0B503}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E52C4AFF-1F7C-4557-B029-208BDA99CBEC}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0A8FBE99-718A-4C04-8ED8-6AD9C077E1D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{55FF686A-65C0-49B3-85FF-9E37651AB3AD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{7DD9F2DB-76DF-4352-B114-3A4D1D63CF10}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2FD11DE1-FD76-466A-9D31-3084DAB86281}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{123DB4FE-5F6F-4372-9998-F11C59EF70A2}] => (Allow) LPort=30888
FirewallRules: [{33418E2B-1845-4E0E-B1D4-55848C8F2A44}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{257269BC-E3EC-41B7-B3DB-0CCB202A41E5}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{3924E6AD-FD62-41D7-ABC2-7B8E87922F71}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{50EF1B91-EA10-4357-903D-F8FB0D3263D0}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{4EFE8A87-4C7E-4781-832D-5C32E8CBD702}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{6E6114FC-1464-4F20-9109-B71CB2B820A6}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G3\netclean.exe
FirewallRules: [{81679C20-5220-4B25-AFE4-6445167DAED6}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G3\youtubeserv.exe
FirewallRules: [{FE386CA5-4584-4D35-A158-249F7EC6510F}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{2AD86E2F-71D0-401F-B905-35053D81BCB3}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
FirewallRules: [{FB9582F3-51E2-4A77-A5A3-01BEE46DEB7E}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
FirewallRules: [{6C078EAE-EB47-4F63-B705-4734C4306B56}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
FirewallRules: [{0B0DE64B-A1B1-44B1-980E-187826C804CA}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
FirewallRules: [{59CD9F9C-8AAA-4BB5-9B94-6DFD7F0E8051}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
FirewallRules: [{7600BD56-2205-41B9-BCF5-C08427532363}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
FirewallRules: [{DD85F47E-F93B-4497-8481-DA6169CD14F4}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
FirewallRules: [{40724ACF-6259-4334-A599-471B1256314D}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
FirewallRules: [{1D9E01C9-F98B-48D4-AC1A-FD4F49324101}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
FirewallRules: [{7C5139BB-1526-4D87-BF5F-E6130B70A966}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
FirewallRules: [{F1085099-87B5-4879-953B-16969CD85DB4}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
FirewallRules: [{A06C2295-BB2C-40E1-8DDA-5DD0F1CBDEF4}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
FirewallRules: [{83F314CC-EDA8-4808-AF72-9CA2FB70C637}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/05/2015 11:37:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 11:33:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EUdora.EXE, version: 1.5.4.14, time stamp: 0x315c36e2
Faulting module name: EUdora.EXE, version: 1.5.4.14, time stamp: 0x315c36e2
Exception code: 0xc0000005
Fault offset: 0x0002b13c
Faulting process id: 0x620c
Faulting application start time: 0xEUdora.EXE0
Faulting application path: EUdora.EXE1
Faulting module path: EUdora.EXE2
Report Id: EUdora.EXE3
 
Error: (05/05/2015 11:31:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7601.18741 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1200
 
Start Time: 01d0874412a34b9b
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: a647e4cd-f33b-11e4-a5af-2c27d72989c1
 
Error: (05/05/2015 10:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DVDFab.exe, version: 9.1.9.6, time stamp: 0x552387c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2684e240
Faulting process id: 0x6374
Faulting application start time: 0xDVDFab.exe0
Faulting application path: DVDFab.exe1
Faulting module path: DVDFab.exe2
Report Id: DVDFab.exe3
 
Error: (05/05/2015 10:29:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5c94
 
Start Time: 01d0873f8f8db8cf
 
Termination Time: 219
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (05/05/2015 00:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/04/2015 00:30:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/03/2015 01:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: chrome.dll, version: 42.0.2311.135, time stamp: 0x553ea523
Exception code: 0xc0000005
Fault offset: 0x00d38b6c
Faulting process id: 0x4620
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (05/03/2015 01:38:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.135, time stamp: 0x553ea9d4
Faulting module name: chrome.dll, version: 42.0.2311.135, time stamp: 0x553ea523
Exception code: 0xc0000005
Fault offset: 0x00d38b6c
Faulting process id: 0x3c78
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (05/03/2015 04:39:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/05/2015 00:05:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/05/2015 11:36:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:33:30 AM on ‎5/‎5/‎2015 was unexpected.
 
Error: (05/02/2015 09:34:10 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/29/2015 03:19:40 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/27/2015 04:17:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.703.0).
 
Error: (04/27/2015 04:17:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.699.0).
 
Error: (04/27/2015 04:17:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.197.668.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/25/2015 05:02:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/25/2015 05:02:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.
 
Error: (04/25/2015 04:16:48 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (05/05/2015 11:37:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 11:33:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EUdora.EXE1.5.4.14315c36e2EUdora.EXE1.5.4.14315c36e2c00000050002b13c620c01d08174199a589cE:\Users\Jason\Desktop\Eudora\EUdora.EXEE:\Users\Jason\Desktop\Eudora\EUdora.EXE109ae368-f33c-11e4-a5af-2c27d72989c1
 
Error: (05/05/2015 11:31:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.7601.18741120001d0874412a34b9b60000C:\Program Files (x86)\Windows Media Player\wmplayer.exea647e4cd-f33b-11e4-a5af-2c27d72989c1
 
Error: (05/05/2015 10:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DVDFab.exe9.1.9.6552387c4unknown0.0.0.000000000c00000052684e240637401d081866569707cC:\Program Files (x86)\DVDFab 9\DVDFab.exeunknown5bf3b168-f335-11e4-a5af-2c27d72989c1
 
Error: (05/05/2015 10:29:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.177285c9401d0873f8f8db8cf219C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (05/05/2015 00:32:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
 
Error: (05/04/2015 00:30:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
 
Error: (05/03/2015 01:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4chrome.dll42.0.2311.135553ea523c000000500d38b6c462001d085c7fd60d29eC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\chrome.dll499f0a53-f1bb-11e4-a5af-2c27d72989c1
 
Error: (05/03/2015 01:38:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135553ea9d4chrome.dll42.0.2311.135553ea523c000000500d38b6c3c7801d085c5b6956e1bC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\chrome.dll37c90b58-f1bb-11e4-a5af-2c27d72989c1
 
Error: (05/03/2015 04:39:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-08 01:50:14.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 01:50:14.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 01:50:12.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 01:50:12.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-30 12:02:56.263
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-30 12:02:56.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 30%
Total physical RAM: 14079.28 MB
Available physical RAM: 9775.76 MB
Total Pagefile: 28156.75 MB
Available Pagefile: 23239.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (win7) (Fixed) (Total:97.66 GB) (Free:11.92 GB) NTFS
Drive d: (data) (Fixed) (Total:833.85 GB) (Free:394.79 GB) NTFS
Drive e: (OS) (Fixed) (Total:1385.93 GB) (Free:40.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive g: (HP_RECOVERY) (Fixed) (Total:11.23 GB) (Free:11.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4D4238FF)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: F97DFB8E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=1385.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 06 May 2015 - 08:13 AM

Anyone around to help?



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:03 PM

Posted 07 May 2015 - 03:21 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

The FRST.txt is missing. :)

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:03 PM

Posted 10 May 2015 - 04:33 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 10 May 2015 - 08:47 AM

Sorry, I didn't get email notification. Here is a new frst.txt:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Jason (administrator) on JASON-PC on 10-05-2015 09:43:39
Running from D:\Jason\Downloads
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
() C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Melloware Inc) C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-04-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2014-07-16] (BitTorrent, Inc.)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [GoogleChromeAutoLaunch_C39ED028119D9AF3EAEFDB705EE68BF1] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [Spotify Web Helper] => C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-29] (Spotify Ltd)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [Spotify] => C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-29] (Spotify Ltd)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-27] (Google Inc.)
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [312096 2015-04-24] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264992 2015-04-24] (Jaksta Technologies Pty Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-04-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk [2014-07-16]
ShortcutTarget: TVMOBiLiArtworkManager.lnk -> C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X10 Commander.lnk [2014-05-08]
ShortcutTarget: X10 Commander.lnk -> C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe (Melloware Inc)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1011703464-4262661669-2174859873-1000 -> DefaultScope {C281CEC5-FA42-4B36-9D4B-042B5BB32B6E} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1011703464-4262661669-2174859873-1000 -> {C281CEC5-FA42-4B36-9D4B-042B5BB32B6E} URL = https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1011703464-4262661669-2174859873-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {EAA105FE-7BBD-4196-8B96-D46743894195} http://burtman.dyndns.org/plugin/mjpegcontrol.cab
Tcpip\..\Interfaces\{5AE6F918-F36D-410E-B489-44C90396880E}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-04-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-04-07]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3334333&octid=EB_ORIGINAL_CTID&ISID=M619EF200-AEAD-48BF-B23A-A816966ABFE2&SearchSource=55&CUI=&UM=8&UP=SPC97A73DC-8CEC-49B2-9916-31A0A96E3EE9&D=032915&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-30]
CHR Extension: (Adblock for Youtube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhapkppdbakhkophacdmchjgdnjeeki [2015-04-08]
CHR Extension: (Adblock ) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmcjggioimiogfnjfaibdkahkbbmmod [2015-04-20]
CHR Extension: (Adblock Pro) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgadmgamdmljakgklekanjgomphobjlp [2015-04-08]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [774656 2015-01-09] (FileZilla Project) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-03-30] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-04-07] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 tvMobiliService; C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe [1265152 2014-09-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2010-11-01] (X10) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
R3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-05 13:43 - 2015-05-10 09:43 - 00000000 ____D () C:\FRST
2015-05-05 11:33 - 2015-05-05 11:33 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\1268
2015-04-29 15:24 - 2015-04-29 15:24 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Aspell
2015-04-25 05:46 - 2015-04-25 05:46 - 00000000 ____D () C:\ProgramData\vsosdk
2015-04-25 04:59 - 2015-04-25 04:59 - 00001253 _____ () C:\Users\Public\Desktop\Any Video to DVD Converter and Burner.lnk
2015-04-25 04:59 - 2015-04-25 04:59 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\any-video-to-dvd-converter-and-burner
2015-04-25 04:59 - 2015-04-25 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video to DVD Converter and Burner
2015-04-25 04:58 - 2015-04-25 04:59 - 00000000 ____D () C:\Program Files (x86)\Any Video to DVD Converter and Burner
2015-04-25 03:44 - 2015-04-25 03:44 - 00001003 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk
2015-04-25 03:44 - 2015-04-25 03:44 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\DVDFab9
2015-04-25 03:44 - 2015-04-25 03:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-04-25 03:43 - 2015-04-25 04:10 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2015-04-25 03:43 - 2015-04-25 03:43 - 00001198 _____ () C:\Users\Jason\Desktop\Wondershare DVD Creator.lnk
2015-04-25 03:43 - 2015-04-25 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-04-25 03:15 - 2015-04-25 03:15 - 00000000 ____D () C:\Users\Jason\AppData\Local\Wondershare
2015-04-25 03:14 - 2015-04-25 03:14 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-04-25 02:11 - 2015-04-25 02:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\Replay Media Catcher 6
2015-04-25 02:10 - 2015-04-25 02:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Replay Media Catcher 6
2015-04-25 02:09 - 2015-04-25 02:09 - 00001309 _____ () C:\Users\Public\Desktop\Replay Media Catcher 6.lnk
2015-04-25 02:09 - 2015-04-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-04-25 02:09 - 2015-04-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2015-04-25 02:09 - 2015-04-25 02:09 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-04-25 02:03 - 2015-04-25 02:03 - 00000000 ____D () C:\Windows\Jaksta
2015-04-25 02:03 - 2015-04-25 02:03 - 00000000 ____D () C:\Users\Jason\AppData\Local\Jaksta_Technologies_Pty_L
2015-04-25 02:03 - 2015-04-25 02:03 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2015-04-25 02:00 - 2015-04-25 02:00 - 00003382 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1011703464-4262661669-2174859873-1000
2015-04-22 14:58 - 2015-04-22 17:11 - 00000624 _____ () C:\Users\Jason\Desktop\becca.rwt
2015-04-22 13:03 - 2015-04-22 13:03 - 00000000 ____D () C:\Users\Jason\Desktop\My eBay_ Messages_ Inbox_ Message_files
2015-04-18 21:41 - 2015-04-18 21:41 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemotelessHelper
2015-04-18 21:37 - 2015-05-06 16:42 - 00000000 ____D () C:\Users\Jason\AppData\Local\Spotify
2015-04-18 21:37 - 2015-04-18 21:37 - 00001771 _____ () C:\Users\Jason\Desktop\Spotify.lnk
2015-04-18 21:37 - 2015-04-18 21:37 - 00001757 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-14 22:03 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 22:03 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 22:03 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 22:03 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 22:03 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 22:03 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 22:03 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 22:03 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 22:03 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 22:03 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 22:03 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 22:03 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 22:03 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 22:03 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 22:03 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 22:03 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 22:03 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 22:03 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 22:03 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 22:03 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 22:03 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 22:03 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 22:03 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 22:03 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 22:03 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 22:03 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 22:03 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 22:03 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 22:03 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 22:03 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 22:03 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 22:03 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 22:03 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 22:03 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 22:03 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 22:03 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 22:03 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 22:03 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 22:03 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 22:03 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 22:03 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 22:03 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 22:03 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 22:03 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 22:03 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 22:03 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 22:03 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 22:03 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 22:03 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 22:03 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 22:03 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 22:03 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 22:03 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 22:03 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 22:03 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 22:03 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 22:03 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 22:03 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 22:03 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 22:03 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 22:03 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 22:03 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 22:03 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 22:03 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 22:03 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 22:03 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 22:03 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 22:03 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 22:03 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 22:03 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 22:03 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 22:03 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 22:03 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 22:03 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 22:03 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 22:03 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 22:03 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 22:03 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 22:03 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 22:03 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 22:03 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 22:03 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 22:03 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 22:03 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 22:03 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 22:03 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 22:03 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 22:03 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 22:03 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 22:03 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 22:02 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 22:02 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 22:02 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 22:02 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-10 09:39 - 2014-07-16 19:24 - 00000000 ____D () C:\ProgramData\TVMOBiLi
2015-05-10 09:21 - 2014-05-07 22:50 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 06:48 - 2015-03-29 18:10 - 00001336 _____ () C:\Windows\Tasks\DVWKW.job
2015-05-10 06:37 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-10 06:37 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-10 03:00 - 2014-05-07 22:29 - 01075257 _____ () C:\Windows\WindowsUpdate.log
2015-05-09 16:21 - 2014-05-07 22:50 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-09 13:48 - 2014-05-13 12:11 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2015-05-06 17:13 - 2014-05-09 17:27 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\uTorrent
2015-05-06 13:25 - 2014-05-23 20:30 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Spotify
2015-05-05 11:42 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 11:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-05 11:36 - 2009-07-14 00:51 - 00034132 _____ () C:\Windows\setupact.log
2015-05-05 11:33 - 2015-01-13 11:20 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2015-05-03 13:22 - 2015-02-04 14:24 - 00000020 _____ () C:\Users\Jason\AppData\Roaming\appdataFr3.bin
2015-04-30 15:05 - 2014-09-03 16:37 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CoreFTP
2015-04-26 05:47 - 2014-05-07 23:49 - 00000000 ____D () C:\ProgramData\X10 Settings
2015-04-25 05:54 - 2014-05-07 22:30 - 00000000 ____D () C:\Users\Jason\AppData\Local\VirtualStore
2015-04-18 21:41 - 2014-05-23 20:50 - 00000000 ____D () C:\Program Files (x86)\RemotelessHelper
2015-04-18 20:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-18 20:35 - 2010-11-20 23:47 - 00118268 _____ () C:\Windows\PFRO.log
2015-04-15 19:20 - 2014-10-02 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 19:10 - 2015-03-30 11:47 - 00029946 _____ () C:\spyhunter.fix
2015-04-15 04:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 03:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:12 - 2014-08-09 11:43 - 00772558 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:08 - 2014-05-09 14:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:03 - 2014-05-09 14:27 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-12 00:57 - 2015-04-07 17:38 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Real
 
==================== Files in the root of some directories =======
 
2015-02-04 14:24 - 2015-05-03 13:22 - 0000020 _____ () C:\Users\Jason\AppData\Roaming\appdataFr3.bin
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Jason\AppData\Roaming\DVWKW
2015-02-03 13:49 - 2015-02-03 13:49 - 0151397 _____ () C:\Users\Jason\AppData\Local\ars.cache
2015-02-03 13:49 - 2015-02-03 13:49 - 0201877 _____ () C:\Users\Jason\AppData\Local\census.cache
2014-07-17 01:22 - 2014-07-17 01:22 - 0005632 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 13:25 - 2015-02-03 13:25 - 0000036 _____ () C:\Users\Jason\AppData\Local\housecall.guid.cache
2014-05-09 15:02 - 2014-05-09 15:02 - 0007605 _____ () C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2015-02-03 13:37 - 2015-02-03 13:37 - 0000010 _____ () C:\Users\Jason\AppData\Local\sponge.last.runtime.cache
 
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Jason\AppData\Local\Temp\lowproc.exe
C:\Users\Jason\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Jason\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 00:39
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:03 PM

Posted 10 May 2015 - 08:54 AM

Hi there,

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    SpyHunter
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 11 May 2015 - 07:28 AM

Thank you. I did everything you mentioned. Here is the information:
 

# AdwCleaner v4.203 - Logfile created 11/05/2015 at 08:25:31
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jason - JASON-PC
# Running from : D:\Jason\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\c4849e9c00000975
Folder Deleted : C:\Program Files (x86)\BorderlineFunc
Folder Deleted : C:\Users\Jason\AppData\Roaming\KingSoft
Folder Deleted : C:\Users\Jason\AppData\Roaming\15668BA5-1427660623-33E4-F4AB-8713D4C8ACE0
[!] Folder Deleted : C:\Users\Jason\Desktop\hosts
File Deleted : C:\Users\Jason\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_news.delta.com_0.localstorage
File Deleted : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_news.delta.com_0.localstorage-journal
File Deleted : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Deleted : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : ObronaCleanerUacSkip
Task Deleted : Startup Time Check
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\600cd667-881d-f648-750d-3a161a21b767
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\IGS
Key Deleted : HKLM\SOFTWARE\Universal
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Google Chrome v42.0.2311.135
 
[C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3334333&octid=EB_ORIGINAL_CTID&ISID=M619EF200-AEAD-48BF-B23A-A816966ABFE2&SearchSource=55&CUI=&UM=8&UP=SPC97A73DC-8CEC-49B2-9916-31A0A96E3EE9&D=032915&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [4000 bytes] - [11/02/2015 14:19:15]
AdwCleaner[R1].txt - [922 bytes] - [11/02/2015 14:50:25]
AdwCleaner[R2].txt - [981 bytes] - [11/02/2015 14:53:38]
AdwCleaner[R3].txt - [3147 bytes] - [11/05/2015 08:22:10]
AdwCleaner[S0].txt - [4134 bytes] - [11/02/2015 14:21:51]
AdwCleaner[S1].txt - [3074 bytes] - [11/05/2015 08:25:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3133  bytes] ##########


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:03 PM

Posted 11 May 2015 - 09:50 AM

Hi there,

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 11 May 2015 - 10:36 AM

Thanks again, here are the logs.

Frst.txt:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Jason (administrator) on JASON-PC on 11-05-2015 11:33:13
Running from D:\Jason\Downloads
Loaded Profiles: Jason (Available profiles: Jason)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
() C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
(Melloware Inc) C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(X10) C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-04-07] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [969104 2014-07-16] (BitTorrent, Inc.)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [GoogleChromeAutoLaunch_C39ED028119D9AF3EAEFDB705EE68BF1] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [Spotify Web Helper] => C:\Users\Jason\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-29] (Spotify Ltd)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Run: [Spotify] => C:\Users\Jason\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-29] (Spotify Ltd)
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-27] (Google Inc.)
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [312096 2015-04-24] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264992 2015-04-24] (Jaksta Technologies Pty Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-04-07]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVMOBiLiArtworkManager.lnk [2014-07-16]
ShortcutTarget: TVMOBiLiArtworkManager.lnk -> C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe ()
Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X10 Commander.lnk [2014-05-08]
ShortcutTarget: X10 Commander.lnk -> C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe (Melloware Inc)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1011703464-4262661669-2174859873-1000 -> {C281CEC5-FA42-4B36-9D4B-042B5BB32B6E} URL = https://www.google.com/search?q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-04] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1011703464-4262661669-2174859873-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {EAA105FE-7BBD-4196-8B96-D46743894195} http://burtman.dyndns.org/plugin/mjpegcontrol.cab
Tcpip\..\Interfaces\{5AE6F918-F36D-410E-B489-44C90396880E}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-04-07] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-04-07] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-04-07]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-30]
CHR Extension: (Adblock for Youtube) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhapkppdbakhkophacdmchjgdnjeeki [2015-04-08]
CHR Extension: (Adblock ) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmcjggioimiogfnjfaibdkahkbbmmod [2015-04-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-11]
CHR Extension: (Adblock Pro) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgadmgamdmljakgklekanjgomphobjlp [2015-04-08]
CHR Extension: (Google Wallet) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [774656 2015-01-09] (FileZilla Project) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-11] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-04-07] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 tvMobiliService; C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe [1265152 2014-09-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 x10nets; C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe [20480 2010-11-01] (X10) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-11 08:18 - 2015-05-11 08:18 - 00001272 _____ () C:\Users\Jason\Desktop\Revo Uninstaller.lnk
2015-05-11 08:18 - 2015-05-11 08:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-05 13:43 - 2015-05-11 11:33 - 00000000 ____D () C:\FRST
2015-05-05 11:33 - 2015-05-05 11:33 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\1268
2015-04-29 15:24 - 2015-04-29 15:24 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Aspell
2015-04-25 05:46 - 2015-04-25 05:46 - 00000000 ____D () C:\ProgramData\vsosdk
2015-04-25 04:59 - 2015-04-25 04:59 - 00001253 _____ () C:\Users\Public\Desktop\Any Video to DVD Converter and Burner.lnk
2015-04-25 04:59 - 2015-04-25 04:59 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\any-video-to-dvd-converter-and-burner
2015-04-25 04:59 - 2015-04-25 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video to DVD Converter and Burner
2015-04-25 04:58 - 2015-04-25 04:59 - 00000000 ____D () C:\Program Files (x86)\Any Video to DVD Converter and Burner
2015-04-25 03:44 - 2015-04-25 03:44 - 00001003 _____ () C:\Users\Public\Desktop\DVDFab 9.lnk
2015-04-25 03:44 - 2015-04-25 03:44 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\DVDFab9
2015-04-25 03:44 - 2015-04-25 03:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-04-25 03:43 - 2015-04-25 04:10 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9
2015-04-25 03:43 - 2015-04-25 03:43 - 00001198 _____ () C:\Users\Jason\Desktop\Wondershare DVD Creator.lnk
2015-04-25 03:43 - 2015-04-25 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-04-25 03:15 - 2015-04-25 03:15 - 00000000 ____D () C:\Users\Jason\AppData\Local\Wondershare
2015-04-25 03:14 - 2015-04-25 03:14 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-04-25 02:11 - 2015-04-25 02:11 - 00000000 ____D () C:\Users\Jason\AppData\Local\Replay Media Catcher 6
2015-04-25 02:10 - 2015-04-25 02:10 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Replay Media Catcher 6
2015-04-25 02:09 - 2015-04-25 02:09 - 00001309 _____ () C:\Users\Public\Desktop\Replay Media Catcher 6.lnk
2015-04-25 02:09 - 2015-04-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-04-25 02:09 - 2015-04-25 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2015-04-25 02:09 - 2015-04-25 02:09 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-04-25 02:03 - 2015-04-25 02:03 - 00000000 ____D () C:\Windows\Jaksta
2015-04-25 02:03 - 2015-04-25 02:03 - 00000000 ____D () C:\Users\Jason\AppData\Local\Jaksta_Technologies_Pty_L
2015-04-25 02:03 - 2015-04-25 02:03 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2015-04-25 02:00 - 2015-04-25 02:00 - 00003382 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1011703464-4262661669-2174859873-1000
2015-04-22 14:58 - 2015-04-22 17:11 - 00000624 _____ () C:\Users\Jason\Desktop\becca.rwt
2015-04-22 13:03 - 2015-04-22 13:03 - 00000000 ____D () C:\Users\Jason\Desktop\My eBay_ Messages_ Inbox_ Message_files
2015-04-18 21:41 - 2015-04-18 21:41 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemotelessHelper
2015-04-18 21:37 - 2015-05-11 08:35 - 00000000 ____D () C:\Users\Jason\AppData\Local\Spotify
2015-04-18 21:37 - 2015-04-18 21:37 - 00001771 _____ () C:\Users\Jason\Desktop\Spotify.lnk
2015-04-18 21:37 - 2015-04-18 21:37 - 00001757 _____ () C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-04-14 22:03 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 22:03 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 22:03 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 22:03 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 22:03 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 22:03 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 22:03 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 22:03 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 22:03 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 22:03 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 22:03 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 22:03 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 22:03 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 22:03 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 22:03 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 22:03 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 22:03 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 22:03 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 22:03 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 22:03 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 22:03 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 22:03 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 22:03 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 22:03 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 22:03 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 22:03 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 22:03 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 22:03 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 22:03 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 22:03 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 22:03 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 22:03 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 22:03 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 22:03 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 22:03 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 22:03 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 22:03 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 22:03 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 22:03 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 22:03 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 22:03 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 22:03 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 22:03 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 22:03 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 22:03 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 22:03 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 22:03 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 22:03 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 22:03 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 22:03 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 22:03 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 22:03 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 22:03 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 22:03 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 22:03 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 22:03 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 22:03 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 22:03 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 22:03 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 22:03 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 22:03 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 22:03 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 22:03 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 22:03 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 22:03 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 22:03 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 22:03 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 22:03 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 22:03 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 22:03 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 22:03 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 22:03 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 22:03 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 22:03 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 22:03 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 22:03 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 22:03 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 22:03 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 22:03 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 22:03 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 22:03 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 22:03 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 22:03 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 22:03 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 22:03 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 22:03 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 22:03 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 22:03 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 22:03 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 22:03 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 22:03 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 22:03 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 22:03 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 22:03 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 22:03 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 22:03 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 22:03 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 22:02 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 22:02 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 22:02 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 22:02 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-11 11:33 - 2014-07-16 19:24 - 00000000 ____D () C:\ProgramData\TVMOBiLi
2015-05-11 11:30 - 2014-05-09 17:27 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\uTorrent
2015-05-11 11:21 - 2014-05-07 22:50 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 10:08 - 2014-05-13 12:11 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\vlc
2015-05-11 08:35 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 08:35 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 08:33 - 2014-05-07 22:29 - 01164168 _____ () C:\Windows\WindowsUpdate.log
2015-05-11 08:33 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-11 08:32 - 2014-05-23 20:30 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Spotify
2015-05-11 08:27 - 2015-02-04 14:24 - 00000020 _____ () C:\Users\Jason\AppData\Roaming\appdataFr3.bin
2015-05-11 08:26 - 2015-03-29 18:10 - 00001336 _____ () C:\Windows\Tasks\DVWKW.job
2015-05-11 08:26 - 2014-05-07 22:50 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 08:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-11 08:26 - 2009-07-14 00:51 - 00034188 _____ () C:\Windows\setupact.log
2015-05-11 08:25 - 2015-02-11 14:19 - 00000000 ____D () C:\AdwCleaner
2015-05-11 08:19 - 2015-03-30 00:01 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-05-10 12:29 - 2015-01-13 11:20 - 00000000 ____D () C:\Users\Jason\AppData\Local\CrashDumps
2015-04-30 15:05 - 2014-09-03 16:37 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\CoreFTP
2015-04-26 05:47 - 2014-05-07 23:49 - 00000000 ____D () C:\ProgramData\X10 Settings
2015-04-25 05:54 - 2014-05-07 22:30 - 00000000 ____D () C:\Users\Jason\AppData\Local\VirtualStore
2015-04-18 21:41 - 2014-05-23 20:50 - 00000000 ____D () C:\Program Files (x86)\RemotelessHelper
2015-04-18 20:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-18 20:35 - 2010-11-20 23:47 - 00118268 _____ () C:\Windows\PFRO.log
2015-04-15 19:20 - 2014-10-02 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 19:10 - 2015-03-30 11:47 - 00029946 _____ () C:\spyhunter.fix
2015-04-15 04:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 03:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:12 - 2014-08-09 11:43 - 00772558 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:08 - 2014-05-09 14:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:03 - 2014-05-09 14:27 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-12 00:57 - 2015-04-07 17:38 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Real
 
==================== Files in the root of some directories =======
 
2015-02-04 14:24 - 2015-05-11 08:27 - 0000020 _____ () C:\Users\Jason\AppData\Roaming\appdataFr3.bin
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Jason\AppData\Roaming\DVWKW
2015-02-03 13:49 - 2015-02-03 13:49 - 0151397 _____ () C:\Users\Jason\AppData\Local\ars.cache
2015-02-03 13:49 - 2015-02-03 13:49 - 0201877 _____ () C:\Users\Jason\AppData\Local\census.cache
2014-07-17 01:22 - 2014-07-17 01:22 - 0005632 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-03 13:25 - 2015-02-03 13:25 - 0000036 _____ () C:\Users\Jason\AppData\Local\housecall.guid.cache
2014-05-09 15:02 - 2014-05-09 15:02 - 0007605 _____ () C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2015-02-03 13:37 - 2015-02-03 13:37 - 0000010 _____ () C:\Users\Jason\AppData\Local\sponge.last.runtime.cache
 
Some content of TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Jason\AppData\Local\Temp\lowproc.exe
C:\Users\Jason\AppData\Local\Temp\Quarantine.exe
C:\Users\Jason\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Jason\AppData\Local\Temp\sqlite3.dll
C:\Users\Jason\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 00:39
 
==================== End Of Log ============================


Addtion.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Jason at 2015-05-11 11:34:37
Running from D:\Jason\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1011703464-4262661669-2174859873-500 - Administrator - Disabled)
Guest (S-1-5-21-1011703464-4262661669-2174859873-501 - Limited - Disabled)
Jason (S-1-5-21-1011703464-4262661669-2174859873-1000 - Administrator - Enabled) => C:\Users\Jason
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveHome Scripting (HKLM-x32\...\AHSDK) (Version:  - )
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Any Video to DVD Converter and Burner 5.2.0.3 (HKLM-x32\...\{66712EEE-ECBC-4CA6-A475-any-video-to-dvd}_is1) (Version:  - TopVideoSoft,Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BCC01139-903A-6FC7-3358-85B0AE332601}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
DVDFab 9.1.9.6 (07/04/2015) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.49 - FileZilla Project)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.1.0.0 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
iExplorer 3.3.2.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.03.0000 - Jasc Software Inc)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Remoteless Helper 2.3.0 (HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Remoteless Helper 2.3.0) (Version:  - )
Replay Media Catcher 6 (6.0.0.70) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.0.70 - Applian Technologies)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Ron's Editor (Remove Only) (HKLM-x32\...\Ron's Editor_is1) (Version:  - )
Spotify (HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TVMOBiLi (HKLM-x32\...\TVMOBiLi) (Version:  - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wondershare DVD Creator(Build 3.3.0) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version:  - Wondershare Software)
X10 Commander 1.9.8 (HKLM-x32\...\{220CD0D3-0EF0-4F1F-9046-08373C799A98}_is1) (Version:  - Melloware Inc)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
11-05-2015 08:45:04 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-04-08 13:11 - 2015-05-05 11:36 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3C22C4F9-46D4-41D8-81FD-B685433139BE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1011703464-4262661669-2174859873-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {4B82DF41-BACA-472E-868B-89E3138FEC68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {5F069722-0D26-40AC-BC10-674B048A08C1} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {60E7F422-AFDD-4CC2-B7F2-4173F8B2A561} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1011703464-4262661669-2174859873-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {7E160EFB-1594-455E-8F78-2B6CE315325E} - \LaunchSignup No Task File <==== ATTENTION
Task: {858AD2DE-9C5B-4946-9888-AFB4EEEA10D5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1011703464-4262661669-2174859873-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {940C23F6-A3C0-45CC-95CF-1DA3160D5A80} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {A9F02B33-5B10-4C59-95B9-B9D521C27B4B} - System32\Tasks\DVWKW => C:\Users\Jason\AppData\Roaming\DVWKW.exe <==== ATTENTION
Task: {B3FF7DDB-7BA2-4243-8F8F-E78338E18D48} - System32\Tasks\BYTGTS => C:\ProgramData\bcf67e35f6104ae0b36aeaedc64aa8d2\bcf67e35f6104ae0b36aeaedc64aa8d2.exe
Task: {CED60399-71F0-421A-A6B4-6DE29BD41EB9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D131B82E-65E5-44F4-A439-53A5555082F5} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313235333335373531392d325b573423416c45555a2a6c => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {F8E1D826-94E6-4BC8-B6E3-F102B8C4F034} - \GlobalUpdate-ogy1y2nxzwswbtl No Task File <==== ATTENTION
Task: {FBC099D0-B236-4C0C-9FEE-A1F84821A0FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: C:\Windows\Tasks\DVWKW.job => C:\Users\Jason\AppData\Roaming\DVWKW.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-09-08 14:33 - 2014-09-08 14:33 - 00069120 ____N () C:\Program Files (x86)\TVMOBiLi\bin\iTunesAlbumArtGenerator.exe
2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-09-08 14:42 - 2014-09-08 14:42 - 01265152 _____ () C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
2011-06-30 00:14 - 2011-06-30 00:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-07 17:39 - 2015-04-07 17:39 - 00865880 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2015-02-03 13:38 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-03 13:38 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-03 13:38 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-03 13:38 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-03 13:38 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-10-29 19:07 - 2014-10-29 19:07 - 00065600 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2015-04-25 03:15 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-04-25 03:15 - 2014-02-15 11:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-04-30 16:22 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 16:22 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 16:22 - 2015-04-27 22:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jason\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [TCP Query User{CDB5180F-9363-410F-8DB3-AAD0430DAD2C}D:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) D:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [UDP Query User{4870A02F-EC66-4544-BB5B-63F11671B968}D:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) D:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [{B9074C65-E5F5-42E0-9056-E2051B111061}] => (Allow) LPort=6003
FirewallRules: [{7ED18185-EB01-4F36-AEE1-99EFB21069A4}] => (Allow) C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe
FirewallRules: [{2AA281E1-6EB9-423C-97AC-4822A7FC70E9}] => (Allow) C:\Program Files (x86)\Melloware\X10Commander\X10Commander.exe
FirewallRules: [{DBD1CBE1-E3FA-4142-B51B-77C1F49EB00F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18A14BBF-B42C-488A-B45F-5EDE899BC65B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F2A1430-5E5A-48FD-90D7-7E531F985407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36F8689B-1649-48D6-B85B-B6CF762533CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{212343A6-0323-482D-8B27-6C3E2BB4D4B5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{96BEDDF6-1295-4441-8399-480803D14EFD}E:\program files (x86)\itunes\itunes.exe] => (Allow) E:\program files (x86)\itunes\itunes.exe
FirewallRules: [{C4C29809-BEFF-4350-870F-D7D7D6512964}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{045A4FFD-F493-4774-ADE1-2CF3AE032B9C}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [TCP Query User{6CCA9483-6051-4A6D-899A-94D9B58E7C7E}C:\program files (x86)\remotelesshelper\remotelesshelper.exe] => (Allow) C:\program files (x86)\remotelesshelper\remotelesshelper.exe
FirewallRules: [UDP Query User{87467227-BD28-4AA8-A7C7-8D407B278256}C:\program files (x86)\remotelesshelper\remotelesshelper.exe] => (Allow) C:\program files (x86)\remotelesshelper\remotelesshelper.exe
FirewallRules: [{26436A04-6476-4D0D-B38F-6A1B8F026C61}] => (Allow) C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
FirewallRules: [{64B4CFAA-73AF-4E4B-B20D-6FBAEC4404A2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{BD3D2290-DD5F-4278-882E-34803D971813}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{180E3148-A4BC-4A94-ACC1-34042353D2A4}C:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) C:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [UDP Query User{A4AA61A6-768C-4D8F-AEC4-51FE4DD53CC9}C:\program files (x86)\melloware\x10commander\x10commander.exe] => (Allow) C:\program files (x86)\melloware\x10commander\x10commander.exe
FirewallRules: [{DC566C8A-9F02-4FD4-BDAE-1746F1B0B503}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{E52C4AFF-1F7C-4557-B029-208BDA99CBEC}] => (Allow) C:\Users\Jason\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{0A8FBE99-718A-4C04-8ED8-6AD9C077E1D8}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{55FF686A-65C0-49B3-85FF-9E37651AB3AD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{7DD9F2DB-76DF-4352-B114-3A4D1D63CF10}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2FD11DE1-FD76-466A-9D31-3084DAB86281}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{123DB4FE-5F6F-4372-9998-F11C59EF70A2}] => (Allow) LPort=30888
FirewallRules: [{33418E2B-1845-4E0E-B1D4-55848C8F2A44}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{257269BC-E3EC-41B7-B3DB-0CCB202A41E5}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{3924E6AD-FD62-41D7-ABC2-7B8E87922F71}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{50EF1B91-EA10-4357-903D-F8FB0D3263D0}] => (Allow) C:\Program Files (x86)\CoreFTP\coreftp.exe
FirewallRules: [{4EFE8A87-4C7E-4781-832D-5C32E8CBD702}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{6E6114FC-1464-4F20-9109-B71CB2B820A6}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G3\netclean.exe
FirewallRules: [{81679C20-5220-4B25-AFE4-6445167DAED6}] => (Allow) C:\Program Files (x86)\YouTube Download Pool\G3\youtubeserv.exe
FirewallRules: [{FE386CA5-4584-4D35-A158-249F7EC6510F}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{2AD86E2F-71D0-401F-B905-35053D81BCB3}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
FirewallRules: [{FB9582F3-51E2-4A77-A5A3-01BEE46DEB7E}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
FirewallRules: [{6C078EAE-EB47-4F63-B705-4734C4306B56}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
FirewallRules: [{0B0DE64B-A1B1-44B1-980E-187826C804CA}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
FirewallRules: [{59CD9F9C-8AAA-4BB5-9B94-6DFD7F0E8051}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
FirewallRules: [{7600BD56-2205-41B9-BCF5-C08427532363}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
FirewallRules: [{DD85F47E-F93B-4497-8481-DA6169CD14F4}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
FirewallRules: [{40724ACF-6259-4334-A599-471B1256314D}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
FirewallRules: [{1D9E01C9-F98B-48D4-AC1A-FD4F49324101}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
FirewallRules: [{7C5139BB-1526-4D87-BF5F-E6130B70A966}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
FirewallRules: [{F1085099-87B5-4879-953B-16969CD85DB4}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
FirewallRules: [{A06C2295-BB2C-40E1-8DDA-5DD0F1CBDEF4}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
FirewallRules: [{83F314CC-EDA8-4808-AF72-9CA2FB70C637}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/11/2015 11:03:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/11/2015 08:27:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2015 08:23:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 259c
 
Start Time: 01d08844b582df09
 
Termination Time: 19
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (05/10/2015 00:29:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: downloader2.exe, version: 17.0.15.7, time stamp: 0x54519d30
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0xc0000417
Fault offset: 0x0008af3e
Faulting process id: 0x850
Faulting application start time: 0xdownloader2.exe0
Faulting application path: downloader2.exe1
Faulting module path: downloader2.exe2
Report Id: downloader2.exe3
 
Error: (05/08/2015 00:31:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/07/2015 01:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/06/2015 00:32:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/05/2015 11:37:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 11:33:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EUdora.EXE, version: 1.5.4.14, time stamp: 0x315c36e2
Faulting module name: EUdora.EXE, version: 1.5.4.14, time stamp: 0x315c36e2
Exception code: 0xc0000005
Fault offset: 0x0002b13c
Faulting process id: 0x620c
Faulting application start time: 0xEUdora.EXE0
Faulting application path: EUdora.EXE1
Faulting module path: EUdora.EXE2
Report Id: EUdora.EXE3
 
Error: (05/05/2015 11:31:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7601.18741 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1200
 
Start Time: 01d0874412a34b9b
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: a647e4cd-f33b-11e4-a5af-2c27d72989c1
 
 
System errors:
=============
Error: (05/11/2015 08:25:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/11/2015 08:25:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (05/11/2015 08:25:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/11/2015 08:25:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/11/2015 08:25:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (05/11/2015 08:25:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/11/2015 08:25:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/11/2015 08:25:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The X10 Device Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/11/2015 08:25:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The tvMobiliService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/11/2015 08:25:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/11/2015 11:03:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
 
Error: (05/11/2015 08:27:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/11/2015 08:23:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17728259c01d08844b582df0919C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (05/10/2015 00:29:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: downloader2.exe17.0.15.754519d30MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e85001d0874947d86692C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exeC:\Windows\system32\MSVCR100.dllbecd6c7b-f731-11e4-8613-2c27d72989c1
 
Error: (05/08/2015 00:31:16 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
 
Error: (05/07/2015 01:32:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
 
Error: (05/06/2015 00:32:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe
 
Error: (05/05/2015 11:37:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/05/2015 11:33:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EUdora.EXE1.5.4.14315c36e2EUdora.EXE1.5.4.14315c36e2c00000050002b13c620c01d08174199a589cE:\Users\Jason\Desktop\Eudora\EUdora.EXEE:\Users\Jason\Desktop\Eudora\EUdora.EXE109ae368-f33c-11e4-a5af-2c27d72989c1
 
Error: (05/05/2015 11:31:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.7601.18741120001d0874412a34b9b60000C:\Program Files (x86)\Windows Media Player\wmplayer.exea647e4cd-f33b-11e4-a5af-2c27d72989c1
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-08 01:50:14.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 01:50:14.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 01:50:12.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 01:50:12.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-30 12:02:56.263
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-03-30 12:02:56.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 645 Processor
Percentage of memory in use: 35%
Total physical RAM: 14079.28 MB
Available physical RAM: 9113.88 MB
Total Pagefile: 28156.75 MB
Available Pagefile: 22567 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (win7) (Fixed) (Total:97.66 GB) (Free:10.94 GB) NTFS
Drive d: (data) (Fixed) (Total:833.85 GB) (Free:388.35 GB) NTFS
Drive e: (OS) (Fixed) (Total:1385.93 GB) (Free:40.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive g: (HP_RECOVERY) (Fixed) (Total:11.23 GB) (Free:11.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4D4238FF)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: F97DFB8E)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=1385.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:03 PM

Posted 11 May 2015 - 03:27 PM

Hi there,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-1011703464-4262661669-2174859873-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    C:\Program Files (x86)\Enigma Software Group
    2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Jason\AppData\Roaming\DVWKW
    C:\Users\Jason\AppData\Roaming\DVWKW.exe 
    C:\ProgramData\bcf67e35f6104ae0b36aeaedc64aa8d2
    Task: {7E160EFB-1594-455E-8F78-2B6CE315325E} - \LaunchSignup No Task File 
    Task: {940C23F6-A3C0-45CC-95CF-1DA3160D5A80} - \Optimizer Pro Schedule No Task File 
    Task: {A9F02B33-5B10-4C59-95B9-B9D521C27B4B} - System32\Tasks\DVWKW => C:\Users\Jason\AppData\Roaming\DVWKW.exe 
    Task: {B3FF7DDB-7BA2-4243-8F8F-E78338E18D48} - System32\Tasks\BYTGTS => C:\ProgramData\bcf67e35f6104ae0b36aeaedc64aa8d2\bcf67e35f6104ae0b36aeaedc64aa8d2.exe
    Task: {D131B82E-65E5-44F4-A439-53A5555082F5} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313235333335373531392d325b573423416c45555a2a6c => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
    Task: {F8E1D826-94E6-4BC8-B6E3-F102B8C4F034} - \GlobalUpdate-ogy1y2nxzwswbtl No Task File 
    Task: C:\Windows\Tasks\DVWKW.job => C:\Users\Jason\AppData\Roaming\DVWKW.exe 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

(Backup your favorites, if needed)

revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 3

Reinstall Google Chrome. Download

Step 4

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 12 May 2015 - 09:53 AM

Thanks again. fixlog.txt
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Jason at 2015-05-12 10:27:51 Run:1
Running from D:\Jason\Downloads
Loaded Profiles: Jason (Available profiles: Jason)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-1011703464-4262661669-2174859873-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files (x86)\Enigma Software Group
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Jason\AppData\Roaming\DVWKW
C:\Users\Jason\AppData\Roaming\DVWKW.exe 
C:\ProgramData\bcf67e35f6104ae0b36aeaedc64aa8d2
Task: {7E160EFB-1594-455E-8F78-2B6CE315325E} - \LaunchSignup No Task File 
Task: {940C23F6-A3C0-45CC-95CF-1DA3160D5A80} - \Optimizer Pro Schedule No Task File 
Task: {A9F02B33-5B10-4C59-95B9-B9D521C27B4B} - System32\Tasks\DVWKW => C:\Users\Jason\AppData\Roaming\DVWKW.exe 
Task: {B3FF7DDB-7BA2-4243-8F8F-E78338E18D48} - System32\Tasks\BYTGTS => C:\ProgramData\bcf67e35f6104ae0b36aeaedc64aa8d2\bcf67e35f6104ae0b36aeaedc64aa8d2.exe
Task: {D131B82E-65E5-44F4-A439-53A5555082F5} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313235333335373531392d325b573423416c45555a2a6c => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {F8E1D826-94E6-4BC8-B6E3-F102B8C4F034} - \GlobalUpdate-ogy1y2nxzwswbtl No Task File 
Task: C:\Windows\Tasks\DVWKW.job => C:\Users\Jason\AppData\Roaming\DVWKW.exe 
EmptyTemp:
*****************
 
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1011703464-4262661669-2174859873-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
esgiguard => Service deleted successfully.
C:\Program Files (x86)\Enigma Software Group => Moved successfully.
C:\Users\Jason\AppData\Roaming\DVWKW => Moved successfully.
"C:\Users\Jason\AppData\Roaming\DVWKW.exe" => File/Directory not found.
C:\ProgramData\bcf67e35f6104ae0b36aeaedc64aa8d2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E160EFB-1594-455E-8F78-2B6CE315325E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E160EFB-1594-455E-8F78-2B6CE315325E}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{940C23F6-A3C0-45CC-95CF-1DA3160D5A80}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{940C23F6-A3C0-45CC-95CF-1DA3160D5A80}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9F02B33-5B10-4C59-95B9-B9D521C27B4B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9F02B33-5B10-4C59-95B9-B9D521C27B4B}" => Key deleted successfully.
C:\Windows\System32\Tasks\DVWKW => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DVWKW" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3FF7DDB-7BA2-4243-8F8F-E78338E18D48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3FF7DDB-7BA2-4243-8F8F-E78338E18D48}" => Key deleted successfully.
C:\Windows\System32\Tasks\BYTGTS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BYTGTS" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D131B82E-65E5-44F4-A439-53A5555082F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D131B82E-65E5-44F4-A439-53A5555082F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313235333335373531392d325b573423416c45555a2a6c => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313235333335373531392d325b573423416c45555a2a6c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8E1D826-94E6-4BC8-B6E3-F102B8C4F034}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8E1D826-94E6-4BC8-B6E3-F102B8C4F034}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlobalUpdate-ogy1y2nxzwswbtl" => Key deleted successfully.
C:\Windows\Tasks\DVWKW.job => Moved successfully.
EmptyTemp: => Removed 1.8 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:28:24 ====

After chrome was re-installed, I can still see ads loading int he chrome window on the bottom left of the window. For ex, when loading the bleepingcomputer.com website, and at the bottom left of screren it shows what's loading, I can see things that say ads, etc, making the website load slower (like it's loading ads in the background... I only went to bleepingcomputer.com site since re-install.

ESET scanner is running as we speak. Will post log of that when done.

 

Edited by Jason B, 12 May 2015 - 09:54 AM.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:03 PM

Posted 12 May 2015 - 10:34 AM

ESET scanner is running as we speak. Will post log of that when done.


OK. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 12 May 2015 - 06:12 PM

The Eset scanner took 5 hours to complete! :) Here you go. Thanks again:
 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e45576a58ef6f8488529d2beac564cd8
# engine=23810
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-12 08:00:52
# local_time=2015-05-12 04:00:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6897241 54336846 0 0
# scanned=400634
# found=34
# cleaned=0
# scan_time=18755
sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ealkobhojfiiflcjglpphhhikeacompf\content.js.vir"
sh=B75070669CA9B1E7031B715612C6CAB3FA0BA282 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ealkobhojfiiflcjglpphhhikeacompf\WMJ.js.vir"
sh=9594EC9D27441FFCC420E24E5A3C51F4AB24602C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmclcmgpgccglcihghigmobkkcfgmpn\8.3\Dv0G.js.vir"
sh=9F7B9E7E4913995C217D9A0894AA158B7493C175 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmclcmgpgccglcihghigmobkkcfgmpn\8.3\lsdb.js.vir"
sh=6CDD7B7988AE14A2043A6497B1E3884DE7B93EFB ft=1 fh=5e48f78a64258bb0 vn="a variant of Win32/Adware.ConvertAd.EQ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jason\AppData\Roaming\15668BA5-1427660623-33E4-F4AB-8713D4C8ACE0\rnsoFCF3.exe.vir"
sh=641347F2A6B57487C57AFCD6686E00B714284ABB ft=1 fh=fa66c266c9342b27 vn="Win32/Adware.ConvertAd.EB application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jason\AppData\Roaming\15668BA5-1427660623-33E4-F4AB-8713D4C8ACE0\Uninstall.exe.vir"
sh=F04C4A8235B4DA688083CF1D8E8F7BD9F6F3AD78 ft=1 fh=214bf72c66f4a172 vn="a variant of Win32/Adware.ConvertAd.KZ.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jason\AppData\Roaming\15668BA5-1427660623-33E4-F4AB-8713D4C8ACE0\vnsoA2DC.tmp.vir"
sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Jason\AppData\Roaming\DVWKW.xBAD"
sh=236E9B77218EA4F4C41D071C4851FD60D7B98843 ft=1 fh=876d10472c82787a vn="a variant of Win32/Packed.VMProtect.ABO trojan" ac=I fn="C:\Program Files (x86)\DVDFab 9\BRD.dll"
sh=EE5D3C11E365140EE51062BBE7A657560674CEBB ft=1 fh=85b0f9a7e01c0d8c vn="MSIL/Adware.ObronaAds.A application" ac=I fn="C:\Program Files (x86)\UaestWfish\LoopbackForWin8.exe"
sh=D1F433E1DECF239C0BE514101963FD8C611249AB ft=1 fh=8633109ada524130 vn="a variant of Generik.GWZTJVB trojan" ac=I fn="D:\Jason\Documents\public_html\badass\Homestore_Desktop_Tour_MLS_ID10134257-Harrisburg.exe"
sh=FE69293799623944F2D917A76B1C9933D8B9C7CB ft=1 fh=fdee577382884ed1 vn="Win32/Adware.WBug.A application" ac=I fn="D:\Jason\Documents\public_html\land\AIM.exe"
sh=FE69293799623944F2D917A76B1C9933D8B9C7CB ft=1 fh=fdee577382884ed1 vn="Win32/Adware.WBug.A application" ac=I fn="D:\Jason\Documents\public_html\snow\Install_AIM_5.5.3595.exe"
sh=D1F433E1DECF239C0BE514101963FD8C611249AB ft=1 fh=8633109ada524130 vn="a variant of Generik.GWZTJVB trojan" ac=I fn="D:\Jason\Documents\www\badass\Homestore_Desktop_Tour_MLS_ID10134257-Harrisburg.exe"
sh=D1F433E1DECF239C0BE514101963FD8C611249AB ft=1 fh=8633109ada524130 vn="a variant of Generik.GWZTJVB trojan" ac=I fn="D:\Jason\Documents\www\images\public_html\badass\Homestore_Desktop_Tour_MLS_ID10134257-Harrisburg.exe"
sh=FE69293799623944F2D917A76B1C9933D8B9C7CB ft=1 fh=fdee577382884ed1 vn="Win32/Adware.WBug.A application" ac=I fn="D:\Jason\Documents\www\images\public_html\snow\Install_AIM_5.5.3595.exe"
sh=FE69293799623944F2D917A76B1C9933D8B9C7CB ft=1 fh=fdee577382884ed1 vn="Win32/Adware.WBug.A application" ac=I fn="D:\Jason\Documents\www\land\AIM.exe"
sh=FE69293799623944F2D917A76B1C9933D8B9C7CB ft=1 fh=fdee577382884ed1 vn="Win32/Adware.WBug.A application" ac=I fn="D:\Jason\Documents\www\snow\Install_AIM_5.5.3595.exe"
sh=6DA4286ED85C8CF58D8F1246C5A5D01B1754DF11 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\Jason\Downloads\backup-9.17.2014_14-29-56_burtmanindustrie.tar.gz"
sh=69C01C4C6DFD895A6C273CF0B8D710B2B0AD6743 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\Jason\Downloads\backup-burtmanindustries.com-1-10-2015_home directory.tar.gz"
sh=3C4529354FCC8E7C11A2C085F6ACCAC1BFCD52B4 ft=1 fh=3b2de6eae57a673c vn="a variant of Win32/InstallCore.UE potentially unwanted application" ac=I fn="D:\Jason\Downloads\FileZilla_Server-0_9_49.exe"
sh=866988FE815F4A4950207340F4704D545E5AFCB6 ft=0 fh=0000000000000000 vn="a variant of Win32/Amonetize.EO potentially unwanted application" ac=I fn="D:\Jason\Downloads\Harman Kardon Gla 55 Speaker S Downloader.zip"
sh=A30686D0767FE462C09AA371156717AAE09CD590 ft=1 fh=52d20a66b18491a5 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="D:\Jason\Videos\other\dvd fab\DVDFab.v9.1.9.6.Multilingual-BRD\Patch.exe"
sh=04D783FF97EBBEEB28A11110811A60158A5B9AC4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="E:\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar"
sh=3C17E3047B323D91F2EDE7E85B28DECC41ABB679 ft=1 fh=37716860d48e333d vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="E:\ProgramData\SpeedBit\DAP\Offers\VA32_DapSo.exe"
sh=C3263C889C59DE6EE0FEC6D0E3186E2F1F5D245A ft=1 fh=615783887b929f9d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="E:\Qoobox\Quarantine\C\Users\Jason\Videos\spsetup125.exe.vir"
sh=62421BB38BDB4B21F392DA9BFDEAC821E5CDDEEC ft=1 fh=27e8632451d6090b vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="E:\Users\Jason\Desktop\54809\FreeAudioCDBurner.exe"
sh=FEDA5BD276FDE777CE43F547F56B0A50FC748894 ft=1 fh=07df0a172decda51 vn="a variant of Win32/SWInformer.B potentially unwanted application" ac=I fn="E:\Users\Jason\Documents\My DAP Downloads\iphonebrowser.exe"
sh=9221AD55F397CFE8229F62DB84376D5EA450B3EF ft=1 fh=cd85a436bef50ec5 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="E:\Users\Jason\Downloads\downloads\PFPortChecker.exe"
sh=0AF7A31A5E742A2011F96A2B2ADC9B3A6158792C ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AI potentially unsafe application" ac=I fn="E:\Users\Jason\Downloads\WinRAR 3.92 Final\WinRAR 3.92 Final.rar"
sh=38F09ED2E28E466A1D0CC4D6D99658EDC7A53AD8 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AI potentially unsafe application" ac=I fn="E:\Users\Jason\Downloads\WinRAR 4.01 Final\WinRAR 4.01 Final.rar"
sh=88CBEC706DBB998887419452F0142E2358A1EEF7 ft=1 fh=2a4d2bc5a86537a4 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="E:\Users\Jason\Videos\HitmanPro.v3.7.8.Build208\hitmanpro.3.7.x-patch.exe"
sh=A9CE5DB910FC70F4D609F269C4E0CD3F272B9D6D ft=1 fh=bd74de647a7a90dc vn="a variant of Win32/4Shared.K potentially unwanted application" ac=I fn="E:\Users\Jason\Videos\xray\Wondershare+Dr.Fone+v2.0...iPhone+4+incl.+Patch.exe"
sh=B90E6888173092ADEBE9203B41458E4F7079E890 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="E:\Windows\Installer\4875b6.msi"


 



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:03 PM

Posted 12 May 2015 - 11:50 PM

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Jason B

Jason B
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 13 May 2015 - 08:49 AM

Thank you. Someone I know has be en using my machine and I'm going to need to tell them to get their OWN computer. Thank you for the info.

Is there a way I can stop these pop ups from happening? It's manly pop-ups and ads that show in browser. When I website should be loading, it looks like the browser loads other stuff before the websites.... Any help would be appreciated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users