Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't open MBAM due to DNSAPI.dll missing can't open browsers either


  • This topic is locked This topic is locked
24 replies to this topic

#1 Jesse365

Jesse365

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 05 October 2015 - 02:55 PM

Hi, I was redirected here. I can't open MBAM or any other anti-malware program. Spybot, ADWcleaner, and JRT found nothing. As for the browsers Firefox crashes as soon as it opens and Chrome says dns probed nxdomain or something similar. This happened after I force shutdown my laptop three days ago. Here are the FRST logs. Thanks to whoever helps.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by my (administrator) on MY-PC (05-10-2015 12:59:24)
Running from C:\Users\my\Desktop
Loaded Profiles: my (Available Profiles: my)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(wifimouse.necta.us) C:\Program Files (x86)\MouseServer\MouseServer.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [Google Update] => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [243200 2014-11-30] (wifimouse.necta.us)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\MountPoints2: {6526964d-a967-11e3-8116-5404a64c39a6} - G:\autorun.exe
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-06] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-05-06] (Jaksta Technologies Pty Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2014-03-07]
ShortcutTarget: FancyStart daemon.lnk -> C:\Users\my\AppData\Roaming\Microsoft\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2BC48B0C-EF8E-48F8-BC80-1BEA621A9517}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000 -> {8F718E24-B9C4-4E18-BD2C-88365C2F6D22} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000 -> {E072818B-D6EB-4B1B-87DD-FC33B14EE09F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
 
FireFox:
========
FF ProfilePath: C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF NetworkProxy: "http", "84.107.60.232"
FF NetworkProxy: "http_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3377700343-2179916962-3551201692-1000: @tools.google.com/Google Update;version=3 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3377700343-2179916962-3551201692-1000: @tools.google.com/Google Update;version=9 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF SearchPlugin: C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\searchplugins\yahoo-web.xml [2015-09-10]
FF Extension: Ageless - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\2341n4m3@gmail.com.xpi [2014-09-15]
FF Extension: MEGA - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\firefox@mega.co.nz.xpi [2014-03-26]
FF Extension: History Button - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\historybutton@darktrojan.net.xpi [2014-03-07]
FF Extension: Public Fox - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi [2015-06-20]
FF Extension: Adblock Plus - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-27]
FF Extension: DownThemAll! - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-09-09]
FF HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\my\AppData\Local\XDM\xdmff => not found
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\my\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-04]
CHR Extension: (Google Docs) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-04]
CHR Extension: (Google Drive) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-04]
CHR Extension: (YouTube) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-04]
CHR Extension: (Google Search) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-04]
CHR Extension: (Google Sheets) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-04]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-04]
CHR Extension: (Adblock Pro) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-06]
CHR Extension: (Gmail) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-04]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4948992 2009-07-17] (Native Instruments GmbH) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2015-04-17] (CSR plc.) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 rig3avs_x64; C:\Windows\System32\Drivers\rig3avs_x64.sys [44560 2008-12-09] (Native Instruments GmbH)
S3 rig3usb_x64; C:\Windows\System32\Drivers\rig3usb_x64.sys [233488 2008-12-09] (Native Instruments GmbH)
S3 VBAudioHFVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2014-03-27] (Windows ® Win 7 DDK provider)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S1 gknzlosm; \??\C:\Windows\system32\drivers\gknzlosm.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-05 12:59 - 2015-10-05 12:59 - 00023725 _____ C:\Users\my\Desktop\FRST.txt
2015-10-05 12:58 - 2015-10-05 12:59 - 00000000 ____D C:\FRST
2015-10-05 12:58 - 2015-10-05 12:33 - 02193920 ____N (Farbar) C:\Users\my\Desktop\FRST64.exe
2015-10-04 14:19 - 2015-10-04 14:19 - 00005300 _____ C:\Windows\system32\cc_20151004_141940.reg
2015-10-04 12:22 - 2015-10-04 13:43 - 00000000 ____D C:\Users\my\Desktop\Tweaking.com - Windows Repair
2015-10-03 14:03 - 2015-10-03 14:03 - 00000625 _____ C:\Users\my\Desktop\AdwCleaner[S8].txt
2015-10-03 13:58 - 2015-10-03 13:58 - 00001362 _____ C:\Users\my\Desktop\JRT.txt
2015-10-03 13:54 - 2015-10-03 13:56 - 00043676 _____ C:\Users\my\Desktop\MTB.txt
2015-10-02 18:32 - 2015-10-02 18:32 - 00000000 ____D C:\Users\my\Desktop\W.A.S.P.-Golgotha(2015)
2015-10-02 17:14 - 2015-10-02 17:14 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-02 15:01 - 2015-10-02 15:01 - 00000000 ____D C:\Users\my\Desktop\app
2015-10-02 15:00 - 2015-10-04 13:03 - 00000000 ____D C:\Users\my\Desktop\vid
2015-10-02 15:00 - 2015-10-04 13:03 - 00000000 ____D C:\Users\my\Desktop\pic
2015-09-30 15:39 - 2015-09-30 15:39 - 01111530 _____ C:\Users\my\Desktop\12064813_10153766479441320_1412162733_n.mp4
2015-09-29 11:54 - 2015-09-29 17:15 - 00000000 ____D C:\Users\my\Desktop\New folder (2)
2015-09-27 14:33 - 2015-09-27 14:33 - 00074372 _____ C:\Users\my\Downloads\Journey - Dont Stop Believing (Pro).gp5
2015-09-27 14:32 - 2015-09-27 14:32 - 00042820 _____ C:\Users\my\Downloads\Journey - Dont Stop Believing (Pro).gp4
2015-09-27 13:58 - 2015-09-27 13:58 - 26278953 _____ C:\Users\my\Downloads\VA+26V-T.7z
2015-09-25 17:29 - 2015-09-25 17:29 - 00014059 _____ C:\Users\my\Downloads\browse.php
2015-09-22 20:23 - 2015-10-04 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-19 11:09 - 2015-09-19 11:10 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-19 11:09 - 2015-09-19 11:09 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-19 11:09 - 2015-09-19 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-18 16:56 - 2015-09-18 16:56 - 00000000 ____D C:\Users\my\AppData\LocalLow\uTorrent
2015-09-16 19:01 - 2015-09-16 19:01 - 00693218 _____ C:\Users\my\Downloads\The Weeknd - Earned It (from 'Fifty Shades Of Grey' soundtrack) (Karaoke Version).mp3.reapeaks
2015-09-16 14:39 - 2015-09-16 14:43 - 245778696 _____ C:\Users\my\Downloads\bundestrojaner_all.zip
2015-09-15 18:31 - 2015-09-16 18:36 - 00453066 _____ C:\Users\my\Desktop\03-Temptation Revelation.mp3.reapeaks
2015-09-15 18:31 - 2015-09-15 18:31 - 00889370 _____ C:\Users\my\Desktop\04-When The Crowds Are Gone.mp3.reapeaks
2015-09-14 17:52 - 2015-09-14 17:52 - 00001815 _____ C:\Users\Public\Desktop\Apps.lnk
2015-09-14 17:52 - 2015-09-14 17:52 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-09-14 17:51 - 2015-09-14 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-09-14 17:51 - 2015-09-14 17:51 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-09-14 17:48 - 2015-09-14 17:48 - 14634624 _____ (BlueStack Systems Inc.) C:\Users\my\Downloads\ThinInstaller_native.exe
2015-09-14 16:24 - 2015-09-14 16:24 - 00484722 _____ C:\Users\my\Downloads\Selena Gomez & The Scene - Love You Like A Love Song (Official Audio).mp3.reapeaks
2015-09-14 16:10 - 2015-09-14 16:10 - 00708450 _____ C:\Users\my\Downloads\Earned It (Fifty Shades Of Grey) (From The _.mp3.reapeaks
2015-09-10 19:02 - 2015-09-10 19:02 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-09-10 18:59 - 2015-09-10 18:59 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-10 18:53 - 2015-09-10 18:53 - 00584288 _____ (Oracle Corporation) C:\Users\my\Downloads\chromeinstall-8u60.exe
2015-09-09 22:58 - 2015-09-09 23:00 - 50784982 _____ C:\Users\my\Downloads\easygoing1 3 (anal).m4v
2015-09-09 22:57 - 2015-09-09 23:00 - 45009980 _____ C:\Users\my\Downloads\easygoing 17.mp4
2015-09-09 22:55 - 2015-09-09 22:59 - 67023277 _____ C:\Users\my\Downloads\easygoing 12.mp4
2015-09-09 22:55 - 2015-09-09 22:58 - 67363800 _____ C:\Users\my\Downloads\easygoing 11.mp4
2015-09-09 22:54 - 2015-09-09 23:01 - 118860661 _____ C:\Users\my\Downloads\easygoing 6.mp4
2015-09-09 22:54 - 2015-09-09 22:58 - 73335922 _____ C:\Users\my\Downloads\easygoing 7.mp4
2015-09-09 22:53 - 2015-09-09 22:55 - 50971599 _____ C:\Users\my\Downloads\bj4mybf_20121124_0958_110514_mfc_myfreecams.mp4
2015-09-09 22:53 - 2015-09-09 22:54 - 15754820 _____ C:\Users\my\Downloads\baby_bear homemade amateur striptease.mp4
2015-09-09 22:51 - 2015-09-09 23:02 - 216811490 _____ C:\Users\my\Downloads\RobinMae.BoyGirlGoodMorningDarling.mp4
2015-09-09 22:50 - 2015-09-09 23:03 - 247268685 _____ C:\Users\my\Downloads\Rob1nM@e_StripTeaseCum.mp4
2015-09-09 22:50 - 2015-09-09 22:54 - 67216358 _____ C:\Users\my\Downloads\bj4mybf 6.flv
2015-09-09 22:50 - 2015-09-09 22:53 - 54075981 _____ C:\Users\my\Downloads\Rob1nM@e_AloneTime.mp4
2015-09-09 22:48 - 2015-09-09 22:51 - 54480884 _____ C:\Users\my\Downloads\8bitdeviants 8.m4v
2015-09-09 22:48 - 2015-09-09 22:48 - 13901864 _____ C:\Users\my\Downloads\8bitdeviants 7.m4v
2015-09-09 22:47 - 2015-09-09 22:58 - 181909477 _____ C:\Users\my\Downloads\Oh Dum Dum Private.mp4
2015-09-09 22:47 - 2015-09-09 22:51 - 62916306 _____ C:\Users\my\Downloads\8bitdeviants 1.m4v
2015-09-09 22:47 - 2015-09-09 22:50 - 33286564 _____ C:\Users\my\Downloads\8bitdeviants 2.m4v
2015-09-09 20:56 - 2015-09-09 21:17 - 124387901 _____ C:\Users\my\Downloads\n_i_k_k_i_e_l_i_o_t_-_another_anal.mp4
2015-09-09 20:56 - 2015-09-09 21:05 - 64678487 _____ C:\Users\my\Downloads\vegancat_040915_1831_mfc_myfreecams.mp4
2015-09-09 20:56 - 2015-09-09 21:04 - 48909247 _____ C:\Users\my\Downloads\IndigoWild Gets Her Hitachi and Uses It.mp4
2015-09-09 20:55 - 2015-09-09 21:14 - 130072673 _____ C:\Users\my\Downloads\CarmenWhiteGlovesFinal.wmv
2015-09-09 20:55 - 2015-09-09 21:13 - 119832537 _____ C:\Users\my\Downloads\HavenReigh-Margo03082012a.mp4
2015-09-09 20:55 - 2015-09-09 21:05 - 57813315 _____ C:\Users\my\Downloads\Havenreigh-DandelionWine 05212014a.mp4
2015-09-09 20:55 - 2015-09-09 20:59 - 22671332 _____ C:\Users\my\Downloads\Havenreigh-DandelionWine 05212014b.mp4
2015-09-09 20:30 - 2015-09-09 20:37 - 65191497 _____ C:\Users\my\Downloads\DaddysLittleGirl (5).mp4
2015-09-09 20:30 - 2015-09-09 20:32 - 23529687 _____ C:\Users\my\Downloads\DaddysLittleGirl (6).mp4
2015-09-09 20:29 - 2015-09-09 20:31 - 11633884 _____ C:\Users\my\Downloads\Pouty (1).mp4
2015-09-09 20:29 - 2015-09-09 20:30 - 08429168 _____ C:\Users\my\Downloads\Pouty (2).mp4
2015-09-09 20:28 - 2015-09-09 20:33 - 50810033 _____ C:\Users\my\Downloads\DaddysLittleGirl (7).mp4
2015-09-09 20:24 - 2015-09-09 20:24 - 04322356 _____ C:\Users\my\Downloads\54A91473.mp4
2015-09-09 20:18 - 2015-09-09 20:31 - 117144051 _____ C:\Users\my\Downloads\HavenReigh-Margo03082012b.mp4
2015-09-09 20:18 - 2015-09-09 20:23 - 39412357 _____ C:\Users\my\Downloads\HavenReigh-Margo03082012c.mp4
2015-09-09 20:03 - 2015-09-09 20:03 - 00343040 _____ (Microsoft Corporation) C:\Users\my\Downloads\mspaintXP (1).exe
2015-09-09 18:45 - 2015-09-09 18:45 - 00343040 _____ (Microsoft Corporation) C:\Users\my\Downloads\mspaintXP.exe
2015-09-09 10:45 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 10:45 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 10:45 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 10:45 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 10:45 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 10:45 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 10:45 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 10:45 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 10:45 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 10:45 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 10:45 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 10:45 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 10:45 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 10:45 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 10:45 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 10:45 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 10:45 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 10:45 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 10:45 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 10:45 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 10:45 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 10:45 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 10:45 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 10:45 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 10:45 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 10:45 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 10:45 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 10:45 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 10:45 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 10:45 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 10:45 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 10:45 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 10:45 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 10:45 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 10:45 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 10:45 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 10:45 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 10:45 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 10:45 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 10:45 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 10:45 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 10:45 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 10:45 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 10:45 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 10:45 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 10:45 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 10:45 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 10:45 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 10:45 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 10:45 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 10:45 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 10:45 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 10:45 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 10:45 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 10:45 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 10:45 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 10:45 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 10:45 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 10:45 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 10:45 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 10:45 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 10:45 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 10:45 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 10:45 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 10:45 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 10:45 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 10:42 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 10:42 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 10:42 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 10:42 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 10:42 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 10:42 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 10:42 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 10:42 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 10:42 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 10:42 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 10:42 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 10:42 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 10:42 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 10:42 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 10:42 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 10:42 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 10:42 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 10:42 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 10:42 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 10:42 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 10:42 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-05 16:32 - 2015-09-05 16:32 - 00000000 ____D C:\Users\my\AppData\LocalLow\Yousician
2015-09-05 16:30 - 2015-09-05 16:31 - 00000000 ____D C:\Users\my\AppData\Roaming\Yousician Launcher
2015-09-05 16:30 - 2015-09-05 16:30 - 08404248 _____ (Yousician ) C:\Users\my\Downloads\YousicianSetup.exe
2015-09-05 16:30 - 2015-09-05 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yousician Launcher
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-05 12:58 - 2014-11-20 02:41 - 01973394 _____ C:\Windows\WindowsUpdate.log
2015-10-05 12:51 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 12:51 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 12:44 - 2014-03-07 23:28 - 00000000 ___HD C:\ASUS.DAT
2015-10-05 12:43 - 2015-07-04 18:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 12:43 - 2015-05-28 00:29 - 00000352 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-10-05 12:43 - 2014-06-11 03:15 - 00000000 ____D C:\ProgramData\PACE
2015-10-05 12:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 12:42 - 2015-04-30 16:38 - 00157583 _____ C:\Windows\setupact.log
2015-10-04 22:37 - 2015-07-04 18:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 22:30 - 2015-01-03 02:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA.job
2015-10-04 22:29 - 2015-01-03 02:06 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core.job
2015-10-04 22:23 - 2014-04-02 10:13 - 00000000 ____D C:\Users\my\AppData\Roaming\vlc
2015-10-04 22:14 - 2014-03-05 00:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-04 21:16 - 2014-12-14 11:18 - 01801728 ___SH C:\Users\my\Desktop\Thumbs.db
2015-10-04 14:31 - 2015-04-30 16:37 - 00032230 _____ C:\Windows\PFRO.log
2015-10-04 14:31 - 2015-01-18 05:50 - 00000163 _____ C:\Windows\wininit.ini
2015-10-04 14:31 - 2014-07-19 21:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-04 14:29 - 2014-07-19 21:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-04 13:51 - 2015-01-08 11:03 - 00000000 ____D C:\Windows\pss
2015-10-04 13:44 - 2015-08-25 14:39 - 00000000 ____D C:\Users\my\Desktop\f
2015-10-04 13:44 - 2014-03-10 17:03 - 00000000 ____D C:\Users\my\AppData\Roaming\REAPER
2015-10-04 13:44 - 2014-03-05 00:08 - 00000000 ____D C:\Users\my
2015-10-04 13:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-04 13:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-04 13:43 - 2015-08-22 13:49 - 00000000 ____D C:\Users\my\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-10-04 13:43 - 2015-08-19 17:50 - 00000000 ____D C:\Users\my\AppData\Local\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B
2015-10-04 13:43 - 2015-07-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2015-10-04 13:43 - 2015-07-03 12:39 - 00000000 ____D C:\Program Files (x86)\ClipGrab
2015-10-04 13:43 - 2015-01-15 13:24 - 00000000 ____D C:\Users\my\AppData\Roaming\IrfanView
2015-10-04 13:43 - 2014-12-09 14:37 - 00000000 ____D C:\Users\my\AppData\Local\PrivaZer
2015-10-04 13:43 - 2014-08-04 07:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 13:43 - 2014-07-19 21:51 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-10-04 13:43 - 2014-07-10 18:58 - 00000000 ____D C:\Users\my\AppData\Roaming\GetRightToGo
2015-10-04 13:43 - 2014-03-05 12:37 - 00000000 ____D C:\ProgramData\P4G
2015-10-04 13:43 - 2014-03-05 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-04 13:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-10-04 13:42 - 2014-03-11 09:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-03 14:02 - 2015-08-22 13:19 - 00000000 ____D C:\AdwCleaner
2015-09-25 22:38 - 2015-07-04 18:11 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 22:14 - 2014-03-05 00:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 22:14 - 2014-03-05 00:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 22:14 - 2014-03-05 00:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 11:45 - 2009-07-14 00:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 17:34 - 2014-03-06 11:00 - 00000000 ____D C:\Users\my\AppData\Roaming\uTorrent
2015-09-16 18:53 - 2014-03-10 18:39 - 00000000 ____D C:\Users\my\Documents\REAPER Media
2015-09-16 13:32 - 2015-07-04 18:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 13:32 - 2015-07-04 18:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 13:31 - 2014-10-21 22:21 - 00000000 ____D C:\ProgramData\Windows VXM
2015-09-15 22:24 - 2015-01-03 02:06 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA
2015-09-15 22:24 - 2015-01-03 02:06 - 00003464 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core
2015-09-14 17:54 - 2015-04-04 16:17 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-09-14 17:52 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-14 17:51 - 2015-08-11 21:37 - 00000000 ____D C:\ProgramData\BlueStacks
2015-09-11 15:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-09-11 11:14 - 2014-08-04 07:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 11:11 - 2014-03-07 23:29 - 00001988 _____ C:\Windows\system32\ServiceFilter.ini
2015-09-10 19:19 - 2014-08-22 23:52 - 00000000 ____D C:\Users\my\AppData\Local\Google
2015-09-10 19:00 - 2015-08-31 12:47 - 00000000 ____D C:\Users\my\.oracle_jre_usage
2015-09-10 18:59 - 2015-07-01 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-10 13:32 - 2014-12-21 00:33 - 00295928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 13:30 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 13:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 01:30 - 2014-03-05 14:49 - 00000000 ____D C:\Windows\system32\MRT
2015-09-05 22:34 - 2014-12-10 14:01 - 00000000 ____D C:\Users\my\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2014-10-10 22:46 - 2014-10-10 22:56 - 0012479 _____ () C:\Program Files (x86)\setuplog.txt
2014-10-10 22:46 - 2014-10-10 22:56 - 0014306 _____ () C:\Program Files (x86)\uninstal.log
2014-10-31 09:19 - 2014-10-31 09:21 - 0000172 _____ () C:\Users\my\AppData\Roaming\SecretLayer.ini
2014-12-25 18:54 - 2015-06-29 22:21 - 0008192 _____ () C:\Users\my\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 09:46 - 2014-12-26 09:46 - 0001452 _____ () C:\ProgramData\tempimage.bmp
 
Some files in TEMP:
====================
C:\Users\my\AppData\Local\Temp\1587.exe
C:\Users\my\AppData\Local\Temp\fsdAE9D.exe
C:\Users\my\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\my\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\my\AppData\Local\Temp\oprun12926.exe
C:\Users\my\AppData\Local\Temp\rtdrvmon.exe
C:\Users\my\AppData\Local\Temp\SpOrder.dll
C:\Users\my\AppData\Local\Temp\sqlite3.dll
C:\Users\my\AppData\Local\Temp\Uninstall.exe
C:\Users\my\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\my\AppData\Local\Temp\ytb.exe
C:\Users\my\AppData\Local\Temp\YWS_DspIpp.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2014-03-06 09:31] - [2015-08-19 18:22] - 0357888 ____A (Microsoft Corporation) C6AABFCD82EF9419AB8F1336A478EB49
 
C:\Windows\SysWOW64\dnsapi.dll
[2014-03-06 09:31] - [2015-08-19 18:22] - 0270336 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\SysWOW64\dnsapi.dll => no Company Name <===== ATTENTION
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 13:43
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by my (2015-10-05 13:00:12)
Running from C:\Users\my\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-05 05:08:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3377700343-2179916962-3551201692-500 - Administrator - Disabled)
Guest (S-1-5-21-3377700343-2179916962-3551201692-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3377700343-2179916962-3551201692-1003 - Limited - Enabled)
my (S-1-5-21-3377700343-2179916962-3551201692-1000 - Administrator - Enabled) => C:\Users\my
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Addictive Drums (HKLM-x32\...\Addictive Drums) (Version:  - )
Addictive Drums 1.5.2 (HKLM-x32\...\Addictive Drums Inno Setup_is1) (Version:  - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Air Keyboard (HKLM-x32\...\{DBEBC979-5914-4DD2-A2CD-923BDC23A819}) (Version: 1.8.2 - SkyGears)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version:  - )
AmpegSVX (HKLM-x32\...\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}) (Version: 1.1.0 - IK Multimedia)
AmpliTube Metal (HKLM-x32\...\{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}) (Version: 1.0.0 - IK Multimedia)
AmpliTube2 (HKLM-x32\...\{FB6691DA-66D3-412E-9853-641CF7D0C35A}) (Version: 2.0.0 - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.6.6.9 (HKLM\...\ARIA Engine_is1) (Version: v1.6.6.9 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ClipGrab 3.4.11 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard 7.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.5_is1) (Version:  - EaseUS)
Edirol HQ Orchestral v1.01 (HKLM-x32\...\Edirol HQ Orchestral v1.01) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evouyn (HKLM-x32\...\Evouyn1.01) (Version: 1.01 - Noisebud)
EZmix 64-bit (HKLM\...\{3D83CC9F-E2E1-47AE-B1AF-F6D3A8825196}) (Version: 2.0.8 - Toontrack)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
Fletchy-Muncher (HKLM-x32\...\Fletchy-Muncher1.2) (Version: 1.2 - Noisebud)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Jammit (HKLM-x32\...\{665AD2EB-BBCE-43EB-8E7D-DB0C961C423E}) (Version: 1.0.108 - Jammit Inc)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Korg Legacy Collection v1.1.10 (HKLM-x32\...\Korg Legacy Collection v1.1.10) (Version:  - )
Lazy Kenneth (HKLM-x32\...\Lazy Kenneth1.51) (Version: 1.51 - Noisebud)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MachFive (HKLM-x32\...\MachFive v.1.2 Update) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MIDIHub (HKLM-x32\...\MIDIHub) (Version: 0.824 - humatic)
MouseServer version 1.5.2.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.2.0 - Necta Co.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 70s Drums (HKLM-x32\...\Native Instruments Abbey Road 70s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 80s Drums (HKLM-x32\...\Native Instruments Abbey Road 80s Drums) (Version:  - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version:  - Native Instruments)
Native Instruments Balinese Gamelan (HKLM-x32\...\Native Instruments Balinese Gamelan) (Version:  - Native Instruments)
Native Instruments Bandstand (HKLM-x32\...\Native Instruments Bandstand) (Version:  - )
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Battery Library Importer for Maschine (HKLM-x32\...\Native Instruments Battery Library Importer for Maschine) (Version:  - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version:  - Native Instruments)
Native Instruments Evolve Mutations 2 (HKLM-x32\...\Native Instruments Evolve Mutations 2) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments George Duke Soul Treasures (HKLM-x32\...\Native Instruments George Duke Soul Treasures) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Komplete 8 Ultimate (HKLM-x32\...\Native Instruments Komplete 8 Ultimate) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version:  - Native Instruments)
Native Instruments Razor (HKLM-x32\...\Native Instruments Razor) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version:  - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version:  - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version:  - Native Instruments)
Native Instruments Scarbee Jay-Bass (HKLM-x32\...\Native Instruments Scarbee Jay-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass Amped (HKLM-x32\...\Native Instruments Scarbee MM-Bass Amped) (Version:  - Native Instruments)
Native Instruments Scarbee Pre-Bass (HKLM-x32\...\Native Instruments Scarbee Pre-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee Pre-Bass Amped (HKLM-x32\...\Native Instruments Scarbee Pre-Bass Amped) (Version:  - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Session IO Driver (HKLM-x32\...\Native Instruments Session IO Driver) (Version:  - Native Instruments)
Native Instruments Session Strings Pro (HKLM-x32\...\Native Instruments Session Strings Pro) (Version:  - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version:  - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version:  - Native Instruments)
Native Instruments The Mouth (HKLM-x32\...\Native Instruments The Mouth) (Version:  - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version:  - Native Instruments)
Native Instruments Transient Master (HKLM-x32\...\Native Instruments Transient Master) (Version:  - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments VC 160 (HKLM-x32\...\Native Instruments VC 160) (Version:  - Native Instruments)
Native Instruments VC 2A (HKLM-x32\...\Native Instruments VC 2A) (Version:  - Native Instruments)
Native Instruments VC 76 (HKLM-x32\...\Native Instruments VC 76) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version:  - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version:  - Native Instruments)
Nero 8 (HKLM-x32\...\{5FCCD531-1B38-4A94-924C-127F722F1033}) (Version: 8.2.89 - Nero AG)
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.) Hidden
Pianissimo (HKLM-x32\...\Pianissimo) (Version:  - Acoustica)
Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version:  - )
Plogue sforzando v1.669 (HKLM\...\__ARIA_1014___is1) (Version: v1.669 - Plogue)
PlugSound - Vol 01 - Keyboard Collection (HKLM-x32\...\Keyboard Collection) (Version:  - )
PlugSound - Vol 02 - Fretted Instruments (HKLM-x32\...\Fretted Instruments) (Version:  - )
PlugSound - Vol 03 - Drums & Percs Elements (HKLM-x32\...\Drums & Percs Elements) (Version:  - )
PlugSound - Vol 05 - World Of Synthesizers (HKLM-x32\...\World Of Synthesizers) (Version:  - )
PlugSound - Vol 06 - Global Collection GM (HKLM-x32\...\Global Collection GM) (Version:  - )
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.23.0.0 - Goversoft LLC)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Python 3.3.2 (64-bit) (HKLM\...\{9fa9a2a6-19e4-381a-8af3-f8cf12f0dcf0}) (Version: 3.3.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)
SampleTank 2 (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.2 - IK Multimedia)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
smile (HKLM-x32\...\smile1.01) (Version: 1.01 - Noisebud)
Softube Acoustic Feedback VST RTAS v1.0.7 (HKLM-x32\...\Softube Acoustic Feedback VST RTAS_is1) (Version:  - )
Softube Bass Amp Room VST RTAS v1.0.2 (HKLM-x32\...\Softube Bass Amp Room VST RTAS_is1) (Version:  - )
Softube Metal Amp Room VST RTAS v1.1.5 (HKLM-x32\...\Softube Metal Amp Room VST RTAS_is1) (Version:  - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM-x32\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version:  - )
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version:  - )
Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.3.1 - Toontrack)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version:  - 4Front Technologies)
TruePianos: Amber Module 1.4.0 (HKLM-x32\...\TruePianos: Amber Module_is1) (Version:  - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM-x32\...\TruePianos: Diamond Module_is1) (Version:  - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM-x32\...\TruePianos: Emerald Module_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module (Pedal sounds included)_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module_is1) (Version:  - 4Front Technologies)
UVI Workstation 2.1.8 (HKLM-x32\...\UVI Workstation_is1) (Version: 2.1.8 - Univers Sons)
UVI Workstation x64 2.5.5 (HKLM\...\UVI Workstation x64_is1) (Version: 2.5.5 - UVI)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Vir2 Instruments BASiS (HKLM-x32\...\Vir2 Instruments BASiS) (Version:  - )
Vir2 Instruments Elite Orchestral Percussion (HKLM-x32\...\Vir2 Instruments Elite Orchestral Percussion) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waves Complete V9r17 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.17 - Waves)
WIDCOMM BTW Development Kit (HKLM-x32\...\{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}) (Version: 6.1.0.1506 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Data Recovery for Android(Build 1.0.0.18) (HKLM-x32\...\Wondershare Data Recovery for Android_is1) (Version: 1.0.0.18 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone for Android(Build 4.8.0.135) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.0.135 - Wondershare Software Co.,Ltd.)
X-Edit (HKLM-x32\...\X-Edit) (Version: 2.7.1.1 - DigiTech)
X-Edit (x32 Version: 2.7.1.1 - DigiTech) Hidden
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Yousician Launcher version 1.0 (HKLM-x32\...\{EF45EAE9-523E-47C3-8634-A81923B11DD5}_is1) (Version: 1.0 - Yousician)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
23-09-2015 21:43:07 Windows Update
27-09-2015 13:15:05 Windows Update
01-10-2015 12:32:48 Windows Update
02-10-2015 17:05:20 JRT Pre-Junkware Removal
04-10-2015 14:04:16 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-23 11:54 - 2015-07-23 11:54 - 00451088 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0393C180-CCE5-4A96-A366-4788E911F3E1} - System32\Tasks\{158483C6-B4AB-4572-8011-33A3ED0CE8B8} => pcalua.exe -a "G:\Elite Orchestral Percussion.exe" -d G:\
Task: {19F576E2-6D96-4DC6-92CC-3D0ACF6262FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {1AE23A90-04F6-463F-8E26-7D69B6DADE40} - System32\Tasks\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B => C:\Users\my\AppData\Local\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B.exe [2015-08-19] () <==== ATTENTION
Task: {1E7787E1-9B22-4EE0-99F3-B5A8F60A3B37} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {26C27367-1A3D-4AEC-A63A-18E2FF4CC0A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {28EECAEA-72F1-492B-A65E-D01016DC1BD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2A3719D9-C3BA-4FF6-9827-41E1E4B055D7} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {2C0C7675-62F5-4814-8D46-8FCEC5E64482} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {2D1D8D78-EE0B-41BF-B1F6-FE185189BADC} - System32\Tasks\GlobalUpdate-y2zky2nxzws5btd => C:\Users\my\AppData\Roaming\y2zky2nxzws5btd\y2zky2nxzws5btd.exe [2015-08-18] () <==== ATTENTION
Task: {51B75750-FC61-48DF-B4B4-6F7E9A5A4967} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5368D195-FFDA-47A0-BFD7-908E83EFCFF5} - System32\Tasks\{BF3D0322-B2FC-4585-A3D5-22C18CBAAE56} => pcalua.exe -a "C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\88\Setup.exe" -d "C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\88" -c /qn /norestart
Task: {57A8F272-20EF-4BF1-B348-2FCA91F359D7} - \Jarmeee -> No File <==== ATTENTION
Task: {5D7E9D7A-D7AD-4FB0-9598-B07D82CD64E9} - \Microsoft\Windows\Maintenance\Web Tool Updater -> No File <==== ATTENTION
Task: {67728564-2B57-4369-9AE4-D9E8027B9C51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {6A54C76E-12E4-4F62-A019-77E298335270} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {734F670E-9222-44DB-A49C-4B3E83F4E2C5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {740E3093-1B3A-496C-BACB-75E195F57463} - System32\Tasks\{8373570B-4A44-45CD-B708-EF5CFD92BA9D} => pcalua.exe -a "F:\music software\Guitar Pro 5.2 (with complete RSE packs)\RSE_DRUMS.exe" -d "F:\music software\Guitar Pro 5.2 (with complete RSE packs)"
Task: {84E21B11-4DFF-4206-A3DF-351E9E5903A4} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {8C946FC7-F6FA-41C3-85A8-60CE5EEE0CE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB068A77-7214-4535-9D28-B2ECF15DFE19} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {BB613F92-4A75-452E-8910-3D7CE328A20C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {C2F2CE14-528F-45C7-B291-E9B4A206FD50} - System32\Tasks\{E4772028-B9D3-4F0E-8307-C0B1C27C2AEB} => pcalua.exe -a "H:\music software\Luxonix.Purity.VSTi.v1.1.2-AiR\Luxonix Purity VSTi v1.1.2\Setup.exe" -d "H:\music software\Luxonix.Purity.VSTi.v1.1.2-AiR\Luxonix Purity VSTi v1.1.2"
Task: {D512CF79-C5CF-4178-A97C-92C5D13DE841} - \BBQLeads -> No File <==== ATTENTION
Task: {D6733241-6A82-4104-AC22-05511AA66180} - \Web Tool Runner -> No File <==== ATTENTION
Task: {DB160C48-5C27-41DB-992E-7960256A8BA6} - \RocketTab -> No File <==== ATTENTION
Task: {E35EE608-2B92-45D5-9680-8CB77676F44B} - System32\Tasks\{894819F9-5589-4CDA-BBD9-0837F89969F1} => pcalua.exe -a "F:\music software\Guitar Pro 5.2 (with complete RSE packs)\RSE_GUITARS.exe" -d "F:\music software\Guitar Pro 5.2 (with complete RSE packs)"
Task: {EC95DE48-70D9-4DF2-A060-15467E61FE5B} - System32\Tasks\{C19DF065-AAAF-4F72-964D-C1EFBCEFF299} => pcalua.exe -a "F:\music software\Guitar Pro 5.2 (with complete RSE packs)\RSE_BASSES.exe" -d "F:\music software\Guitar Pro 5.2 (with complete RSE packs)"
Task: {FE430C5C-E02E-4C56-8317-D035A99FD86B} - System32\Tasks\{CF101D15-6241-47B6-98CF-F84881367C2F} => pcalua.exe -a "G:\PC Installer\Install Instruments DVD1.exe" -d "G:\PC Installer"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core.job => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA.job => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-05 12:10 - 2011-05-05 21:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-03-05 09:05 - 2011-07-26 16:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\PACE:3F913E07D81C83B2
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\my\Downloads\Fine Metronome Downloader__3687_i1589480560.exe:typelib
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Value data Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Value data Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Value data Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 12684 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\my\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5D97858C-C5A2-4A8C-B46E-31BEE4A1E603}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6105F2EE-682D-400E-B0EA-F61F1EA9564E}] => (Allow) C:\Users\my\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83EA19F5-1C6C-404D-B6DC-59ECBCB21FCC}] => (Allow) C:\Users\my\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{69A8995C-6980-47DB-8CC1-0E7A295E3121}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [UDP Query User{B23BFC3D-AFB9-456F-AF23-ECC2EA11BA32}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [{A9CD4072-4DC0-4125-9EE4-836B3B71B3A0}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{1F9F5E80-9462-4963-A259-F3B80C20988C}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{EDF12108-C55C-4857-9FEC-D503BCA2C486}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{B4CAB488-46CF-4BD1-8E87-511BC68ECE4A}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{A8D63C34-7672-472E-9D79-3AE969D4AFA8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe
FirewallRules: [{69F49AA2-09EB-45C1-BB47-C560CAF2E818}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{C7041049-EED7-41FE-B65F-ADDC7FBFAE8E}] => (Allow) C:\Program Files (x86)\humatic\MIDIHub\MIDIHub.exe
FirewallRules: [{BFDE7E8B-FBCE-430F-BE2A-36E5022F22D7}] => (Allow) C:\Program Files (x86)\humatic\MIDIHub\MIDIHub.exe
FirewallRules: [TCP Query User{5C9CB103-B3F5-4060-8FA5-697BF3D3A477}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{E326A2B7-0F3E-459D-A156-516851230B0C}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{C262AA41-8F56-4016-B41B-4B0E59C52BF6}C:\program files (x86)\digitech\x-edit\x-edit.exe] => (Allow) C:\program files (x86)\digitech\x-edit\x-edit.exe
FirewallRules: [UDP Query User{EAF869F3-F81A-45C7-9BE2-968213559660}C:\program files (x86)\digitech\x-edit\x-edit.exe] => (Allow) C:\program files (x86)\digitech\x-edit\x-edit.exe
FirewallRules: [TCP Query User{9B2E20EF-3766-40C2-BB05-827F51EF17E9}H:\komplete\guitar rig 5\guitar rig 5.exe] => (Allow) H:\komplete\guitar rig 5\guitar rig 5.exe
FirewallRules: [UDP Query User{50AAF2CF-43C6-4E4B-9348-1D7309C5D9CB}H:\komplete\guitar rig 5\guitar rig 5.exe] => (Allow) H:\komplete\guitar rig 5\guitar rig 5.exe
FirewallRules: [TCP Query User{E6106492-3728-4BF5-86CE-F0A923EA54A4}C:\program files (x86)\machfive files\uvix\uvix.exe] => (Block) C:\program files (x86)\machfive files\uvix\uvix.exe
FirewallRules: [UDP Query User{0B29CFA5-1AC3-423C-998C-787D3B400FB0}C:\program files (x86)\machfive files\uvix\uvix.exe] => (Block) C:\program files (x86)\machfive files\uvix\uvix.exe
FirewallRules: [TCP Query User{04C91B3E-C928-43B8-BC87-AA16A949BC5A}C:\program files (x86)\guitar pro 5\gp5.exe] => (Allow) C:\program files (x86)\guitar pro 5\gp5.exe
FirewallRules: [UDP Query User{870F190A-5559-4E75-8932-99FFDE2FE2C8}C:\program files (x86)\guitar pro 5\gp5.exe] => (Allow) C:\program files (x86)\guitar pro 5\gp5.exe
FirewallRules: [TCP Query User{C3E5F2B8-AD8F-419C-85FF-792EE81D52CA}C:\program files\realtek\audio\hda\ravbg64.exe] => (Allow) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [UDP Query User{438B57E3-CC45-4162-8380-1FDC6698B08D}C:\program files\realtek\audio\hda\ravbg64.exe] => (Allow) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [TCP Query User{4DF304F5-4286-49F1-A986-38DF1F6CBF6F}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Allow) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [UDP Query User{F4ED0A3D-F325-48CC-B427-2823383F5186}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Allow) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [TCP Query User{75350F1E-5559-49A1-8DD3-3E7670E82497}C:\program files\realtek\audio\hda\ravbg64.exe] => (Block) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [UDP Query User{4C400941-1133-4985-B920-C69449B2E0E6}C:\program files\realtek\audio\hda\ravbg64.exe] => (Block) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [TCP Query User{F1A38AC4-57A4-45F0-9B3D-3F630E192214}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Block) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [UDP Query User{8E46108A-50DD-4682-9CF8-B8A02EADE621}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Block) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [{D25C768D-B6B9-404D-891A-C1D15A877CF5}] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TCP Query User{0DF8AFF8-F0E9-4B11-A274-D6C173D34AA4}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe] => (Allow) C:\program files (x86)\nero\nero8\nero showtime\showtime.exe
FirewallRules: [UDP Query User{E0743556-703F-49F0-B9C3-88388B147C24}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe] => (Allow) C:\program files (x86)\nero\nero8\nero showtime\showtime.exe
FirewallRules: [{EAFCB99C-35A8-4D9B-A872-CBB0F2BE76CF}] => (Block) %ProgramFiles% (x86)\EaseUS\EaseUS Data Recovery Wizard\DRW.exe
FirewallRules: [{D4684BDA-3E19-4FC8-9283-BAD994BF6ED9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E1F7C0BF-548E-44B7-887E-E8D5AA08C9A1}] => (Allow) LPort=2869
FirewallRules: [{C9DAC824-7DCC-4966-AE58-AE1E91786C50}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{DD430BFC-3DE9-41D8-9CE9-996A52DC20F8}C:\program files (x86)\mouseserver\mouseserver.exe] => (Block) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [UDP Query User{42413689-47B0-4583-9350-BA0C665D0154}C:\program files (x86)\mouseserver\mouseserver.exe] => (Block) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [TCP Query User{80F23350-9C3A-463D-945A-BF0FCBBB9433}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [UDP Query User{ACD711C5-EE33-4DF4-8D11-40FB49813203}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [{B063FD14-2D03-406E-9755-964BB1BF7226}] => (Block) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DrFoneAndroid.exe
FirewallRules: [TCP Query User{983A0483-718D-479C-A190-E23368898B7E}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [UDP Query User{C9165C0D-BAAE-4A94-8BAC-C057977A83DF}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [{467C2D2E-FA6F-4905-AA01-FB08F5F68979}] => (Block) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DrFoneAndroid.exe
FirewallRules: [{59D39C52-0C54-46C8-89C6-633684044C64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82DAC395-B14C-4F4A-B28C-603B0ADC70B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{023AFC05-0DB5-479A-B464-23F29FB1865F}C:\program files (x86)\malwarebytes anti-malware\mbam.exe] => (Allow) C:\program files (x86)\malwarebytes anti-malware\mbam.exe
FirewallRules: [UDP Query User{A3838348-6D94-4F53-895F-DC8BA83B1F89}C:\program files (x86)\malwarebytes anti-malware\mbam.exe] => (Allow) C:\program files (x86)\malwarebytes anti-malware\mbam.exe
FirewallRules: [TCP Query User{49B52F11-B21B-4021-8019-94BCF510A4AA}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [UDP Query User{613AC6D4-5391-4B4F-A382-5739DE3545B8}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [TCP Query User{75D7419B-0DFF-4497-9422-96B3FB72A2AC}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [UDP Query User{4806FAF6-879B-4041-A5E3-E189A57A9FCC}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [TCP Query User{441A7C7C-595E-46DB-85BE-EA224B42A660}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [UDP Query User{DB21FB10-46D0-4B83-86D7-740DDADF819A}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [{7BDDD26D-CEB7-45EE-995B-1DF7F4425E6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95E4E5FF-42F2-41BD-9827-FFE683B880A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{602CFA70-01C4-4F1D-AA55-646A559B58E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95B27A78-E4CB-4C33-9030-3A82102479B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0A91396-FEA9-4372-A845-B4B07E6E15D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{85A53008-73F8-48E6-A479-CE64BD4E5322}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{D797EF4C-013E-4B24-8AD6-F76BF93F6743}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [{9A9A5BDC-8BFE-41E9-849F-EE08CC1621B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2015 12:43:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 09:05:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 03:12:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (10/04/2015 02:53:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (10/04/2015 02:33:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 02:33:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AiChargerAP.exe, version: 2.0.0.0, time stamp: 0x50285912
Faulting module name: AiChargerAP.exe, version: 2.0.0.0, time stamp: 0x50285912
Exception code: 0xc0000409
Fault offset: 0x00001393
Faulting process id: 0xca4
Faulting application start time: 0xAiChargerAP.exe0
Faulting application path: AiChargerAP.exe1
Faulting module path: AiChargerAP.exe2
Report Id: AiChargerAP.exe3
 
Error: (10/04/2015 02:22:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 01:58:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0xf38
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
 
Error: (10/04/2015 01:53:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 01:48:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/05/2015 01:00:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 01:00:17 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:59:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:59:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:58:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:58:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:58:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:58:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:58:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/05/2015 12:57:46 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 5921.14 MB
Available physical RAM: 4139.29 MB
Total Virtual: 11840.48 MB
Available Virtual: 9930.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:384.56 GB) (Free:120.55 GB) NTFS
Drive d: () (Fixed) (Total:546.85 GB) (Free:322.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C2C19D8F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=384.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=546.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:37 AM

Posted 05 October 2015 - 03:36 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Please disable the realtime protection of Microsoft SE


Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Jesse365

Jesse365
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 05 October 2015 - 05:46 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by my (2015-10-05 17:42:08) Run:1
Running from C:\Users\my\Desktop
Loaded Profiles: my (Available Profiles: my)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: sfc /scanfile=c:\Windows\SysWOW64\dnsapi.dll
*****************


========= sfc /scanfile=c:\Windows\SysWOW64\dnsapi.dll =========




Windows Resource Protection could not perform the requested operation.


========= End of CMD: =========

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:37 AM

Posted 06 October 2015 - 03:55 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following options are checked:
    90.PNG
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt ) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Jesse365

Jesse365
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 06 October 2015 - 01:01 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by my (administrator) on MY-PC (06-10-2015 12:39:00)
Running from C:\Users\my\Desktop
Loaded Profiles: my (Available Profiles: my)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmon.exe
( ) C:\Windows\System32\lxbkcoms.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(wifimouse.necta.us) C:\Program Files (x86)\MouseServer\MouseServer.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [Google Update] => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [243200 2014-11-30] (wifimouse.necta.us)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\MountPoints2: {6526964d-a967-11e3-8116-5404a64c39a6} - G:\autorun.exe
AppInit_DLLs: C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [311584 2014-05-06] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\Jaksta\AC\x86\jaudcap.dll => C:\Windows\Jaksta\AC\x86\jaudcap.dll [264480 2014-05-06] (Jaksta Technologies Pty Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2014-03-07]
ShortcutTarget: FancyStart daemon.lnk -> C:\Users\my\AppData\Roaming\Microsoft\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2BC48B0C-EF8E-48F8-BC80-1BEA621A9517}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000 -> {8F718E24-B9C4-4E18-BD2C-88365C2F6D22} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000 -> {E072818B-D6EB-4B1B-87DD-FC33B14EE09F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-31] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-31] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-10] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
 
FireFox:
========
FF ProfilePath: C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default
FF NewTab: resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF NetworkProxy: "http", "84.107.60.232"
FF NetworkProxy: "http_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-31] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3377700343-2179916962-3551201692-1000: @tools.google.com/Google Update;version=3 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3377700343-2179916962-3551201692-1000: @tools.google.com/Google Update;version=9 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF SearchPlugin: C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\searchplugins\yahoo-web.xml [2015-09-10]
FF Extension: Ageless - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\2341n4m3@gmail.com.xpi [2014-09-15]
FF Extension: MEGA - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\firefox@mega.co.nz.xpi [2014-03-26]
FF Extension: History Button - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\historybutton@darktrojan.net.xpi [2014-03-07]
FF Extension: Public Fox - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi [2015-06-20]
FF Extension: Adblock Plus - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-27]
FF Extension: DownThemAll! - C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-09-09]
FF HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\my\AppData\Local\XDM\xdmff => not found
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\my\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-04]
CHR Extension: (Google Docs) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-04]
CHR Extension: (Google Drive) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-04]
CHR Extension: (YouTube) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-04]
CHR Extension: (Google Search) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-04]
CHR Extension: (Google Sheets) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-04]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-04]
CHR Extension: (Adblock Pro) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-07-06]
CHR Extension: (Gmail) - C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-04]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [565928 2008-02-19] ( )
R2 lxbk_device; C:\Windows\SysWOW64\lxbkcoms.exe [537256 2008-02-19] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4948992 2009-07-17] (Native Instruments GmbH) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2015-04-17] (CSR plc.) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 rig3avs_x64; C:\Windows\System32\Drivers\rig3avs_x64.sys [44560 2008-12-09] (Native Instruments GmbH)
S3 rig3usb_x64; C:\Windows\System32\Drivers\rig3usb_x64.sys [233488 2008-12-09] (Native Instruments GmbH)
S3 VBAudioHFVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_hfvaio64_win7.sys [33512 2014-03-27] (Windows ® Win 7 DDK provider)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S1 gknzlosm; \??\C:\Windows\system32\drivers\gknzlosm.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 12:39 - 2015-10-06 12:39 - 00023782 _____ C:\Users\my\Desktop\FRST.txt
2015-10-05 12:58 - 2015-10-06 12:39 - 00000000 ____D C:\FRST
2015-10-05 12:58 - 2015-10-05 12:33 - 02193920 ____N (Farbar) C:\Users\my\Desktop\FRST64.exe
2015-10-04 14:19 - 2015-10-04 14:19 - 00005300 _____ C:\Windows\system32\cc_20151004_141940.reg
2015-10-04 12:22 - 2015-10-04 13:43 - 00000000 ____D C:\Users\my\Desktop\Tweaking.com - Windows Repair
2015-10-03 14:03 - 2015-10-03 14:03 - 00000625 _____ C:\Users\my\Desktop\AdwCleaner[S8].txt
2015-10-03 13:58 - 2015-10-03 13:58 - 00001362 _____ C:\Users\my\Desktop\JRT.txt
2015-10-03 13:54 - 2015-10-03 13:56 - 00043676 _____ C:\Users\my\Desktop\MTB.txt
2015-10-02 18:32 - 2015-10-02 18:32 - 00000000 ____D C:\Users\my\Desktop\W.A.S.P.-Golgotha(2015)
2015-10-02 17:14 - 2015-10-02 17:14 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-02 15:01 - 2015-10-02 15:01 - 00000000 ____D C:\Users\my\Desktop\app
2015-10-02 15:00 - 2015-10-04 13:03 - 00000000 ____D C:\Users\my\Desktop\vid
2015-10-02 15:00 - 2015-10-04 13:03 - 00000000 ____D C:\Users\my\Desktop\pic
2015-09-30 15:39 - 2015-09-30 15:39 - 01111530 _____ C:\Users\my\Desktop\12064813_10153766479441320_1412162733_n.mp4
2015-09-29 11:54 - 2015-09-29 17:15 - 00000000 ____D C:\Users\my\Desktop\New folder (2)
2015-09-27 14:33 - 2015-09-27 14:33 - 00074372 _____ C:\Users\my\Downloads\Journey - Dont Stop Believing (Pro).gp5
2015-09-27 14:32 - 2015-09-27 14:32 - 00042820 _____ C:\Users\my\Downloads\Journey - Dont Stop Believing (Pro).gp4
2015-09-27 13:58 - 2015-09-27 13:58 - 26278953 _____ C:\Users\my\Downloads\VA+26V-T.7z
2015-09-25 17:29 - 2015-09-25 17:29 - 00014059 _____ C:\Users\my\Downloads\browse.php
2015-09-22 20:23 - 2015-10-04 13:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-19 11:09 - 2015-09-19 11:10 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-19 11:09 - 2015-09-19 11:09 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-19 11:09 - 2015-09-19 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-18 16:56 - 2015-09-18 16:56 - 00000000 ____D C:\Users\my\AppData\LocalLow\uTorrent
2015-09-16 19:01 - 2015-09-16 19:01 - 00693218 _____ C:\Users\my\Downloads\The Weeknd - Earned It (from 'Fifty Shades Of Grey' soundtrack) (Karaoke Version).mp3.reapeaks
2015-09-16 14:39 - 2015-09-16 14:43 - 245778696 _____ C:\Users\my\Downloads\bundestrojaner_all.zip
2015-09-15 18:31 - 2015-09-16 18:36 - 00453066 _____ C:\Users\my\Desktop\03-Temptation Revelation.mp3.reapeaks
2015-09-15 18:31 - 2015-09-15 18:31 - 00889370 _____ C:\Users\my\Desktop\04-When The Crowds Are Gone.mp3.reapeaks
2015-09-14 17:52 - 2015-09-14 17:52 - 00001815 _____ C:\Users\Public\Desktop\Apps.lnk
2015-09-14 17:52 - 2015-09-14 17:52 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-09-14 17:51 - 2015-09-14 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-09-14 17:51 - 2015-09-14 17:51 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-09-14 17:48 - 2015-09-14 17:48 - 14634624 _____ (BlueStack Systems Inc.) C:\Users\my\Downloads\ThinInstaller_native.exe
2015-09-14 16:24 - 2015-09-14 16:24 - 00484722 _____ C:\Users\my\Downloads\Selena Gomez & The Scene - Love You Like A Love Song (Official Audio).mp3.reapeaks
2015-09-14 16:10 - 2015-09-14 16:10 - 00708450 _____ C:\Users\my\Downloads\Earned It (Fifty Shades Of Grey) (From The _.mp3.reapeaks
2015-09-10 19:02 - 2015-09-10 19:02 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-09-10 18:59 - 2015-09-10 18:59 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-10 18:53 - 2015-09-10 18:53 - 00584288 _____ (Oracle Corporation) C:\Users\my\Downloads\chromeinstall-8u60.exe
2015-09-09 22:58 - 2015-09-09 23:00 - 50784982 _____ C:\Users\my\Downloads\easygoing1 3 (anal).m4v
2015-09-09 22:57 - 2015-09-09 23:00 - 45009980 _____ C:\Users\my\Downloads\easygoing 17.mp4
2015-09-09 22:55 - 2015-09-09 22:59 - 67023277 _____ C:\Users\my\Downloads\easygoing 12.mp4
2015-09-09 22:55 - 2015-09-09 22:58 - 67363800 _____ C:\Users\my\Downloads\easygoing 11.mp4
2015-09-09 22:54 - 2015-09-09 23:01 - 118860661 _____ C:\Users\my\Downloads\easygoing 6.mp4
2015-09-09 22:54 - 2015-09-09 22:58 - 73335922 _____ C:\Users\my\Downloads\easygoing 7.mp4
2015-09-09 22:53 - 2015-09-09 22:55 - 50971599 _____ C:\Users\my\Downloads\bj4mybf_20121124_0958_110514_mfc_myfreecams.mp4
2015-09-09 22:53 - 2015-09-09 22:54 - 15754820 _____ C:\Users\my\Downloads\baby_bear homemade amateur striptease.mp4
2015-09-09 22:51 - 2015-09-09 23:02 - 216811490 _____ C:\Users\my\Downloads\RobinMae.BoyGirlGoodMorningDarling.mp4
2015-09-09 22:50 - 2015-09-09 23:03 - 247268685 _____ C:\Users\my\Downloads\Rob1nM@e_StripTeaseCum.mp4
2015-09-09 22:50 - 2015-09-09 22:54 - 67216358 _____ C:\Users\my\Downloads\bj4mybf 6.flv
2015-09-09 22:50 - 2015-09-09 22:53 - 54075981 _____ C:\Users\my\Downloads\Rob1nM@e_AloneTime.mp4
2015-09-09 22:48 - 2015-09-09 22:51 - 54480884 _____ C:\Users\my\Downloads\8bitdeviants 8.m4v
2015-09-09 22:48 - 2015-09-09 22:48 - 13901864 _____ C:\Users\my\Downloads\8bitdeviants 7.m4v
2015-09-09 22:47 - 2015-09-09 22:58 - 181909477 _____ C:\Users\my\Downloads\Oh Dum Dum Private.mp4
2015-09-09 22:47 - 2015-09-09 22:51 - 62916306 _____ C:\Users\my\Downloads\8bitdeviants 1.m4v
2015-09-09 22:47 - 2015-09-09 22:50 - 33286564 _____ C:\Users\my\Downloads\8bitdeviants 2.m4v
2015-09-09 20:56 - 2015-09-09 21:17 - 124387901 _____ C:\Users\my\Downloads\n_i_k_k_i_e_l_i_o_t_-_another_anal.mp4
2015-09-09 20:56 - 2015-09-09 21:05 - 64678487 _____ C:\Users\my\Downloads\vegancat_040915_1831_mfc_myfreecams.mp4
2015-09-09 20:56 - 2015-09-09 21:04 - 48909247 _____ C:\Users\my\Downloads\IndigoWild Gets Her Hitachi and Uses It.mp4
2015-09-09 20:55 - 2015-09-09 21:14 - 130072673 _____ C:\Users\my\Downloads\CarmenWhiteGlovesFinal.wmv
2015-09-09 20:55 - 2015-09-09 21:13 - 119832537 _____ C:\Users\my\Downloads\HavenReigh-Margo03082012a.mp4
2015-09-09 20:55 - 2015-09-09 21:05 - 57813315 _____ C:\Users\my\Downloads\Havenreigh-DandelionWine 05212014a.mp4
2015-09-09 20:55 - 2015-09-09 20:59 - 22671332 _____ C:\Users\my\Downloads\Havenreigh-DandelionWine 05212014b.mp4
2015-09-09 20:30 - 2015-09-09 20:37 - 65191497 _____ C:\Users\my\Downloads\DaddysLittleGirl (5).mp4
2015-09-09 20:30 - 2015-09-09 20:32 - 23529687 _____ C:\Users\my\Downloads\DaddysLittleGirl (6).mp4
2015-09-09 20:29 - 2015-09-09 20:31 - 11633884 _____ C:\Users\my\Downloads\Pouty (1).mp4
2015-09-09 20:29 - 2015-09-09 20:30 - 08429168 _____ C:\Users\my\Downloads\Pouty (2).mp4
2015-09-09 20:28 - 2015-09-09 20:33 - 50810033 _____ C:\Users\my\Downloads\DaddysLittleGirl (7).mp4
2015-09-09 20:24 - 2015-09-09 20:24 - 04322356 _____ C:\Users\my\Downloads\54A91473.mp4
2015-09-09 20:18 - 2015-09-09 20:31 - 117144051 _____ C:\Users\my\Downloads\HavenReigh-Margo03082012b.mp4
2015-09-09 20:18 - 2015-09-09 20:23 - 39412357 _____ C:\Users\my\Downloads\HavenReigh-Margo03082012c.mp4
2015-09-09 20:03 - 2015-09-09 20:03 - 00343040 _____ (Microsoft Corporation) C:\Users\my\Downloads\mspaintXP (1).exe
2015-09-09 18:45 - 2015-09-09 18:45 - 00343040 _____ (Microsoft Corporation) C:\Users\my\Downloads\mspaintXP.exe
2015-09-09 10:45 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 10:45 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 10:45 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 10:45 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-09 10:45 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-09 10:45 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-09 10:45 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-09 10:45 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 10:45 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 10:45 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 10:45 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-09 10:45 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 10:45 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-09 10:45 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 10:45 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 10:45 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 10:45 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-09 10:45 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 10:45 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-09 10:45 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 10:45 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-09 10:45 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-09 10:45 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 10:45 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-09 10:45 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-09 10:45 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 10:45 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 10:45 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-09 10:45 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-09 10:45 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 10:45 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-09 10:45 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-09 10:45 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 10:45 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-09 10:45 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-09 10:45 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-09 10:45 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 10:45 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-09 10:45 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-09 10:45 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 10:45 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 10:45 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 10:45 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-09 10:45 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-09 10:45 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 10:45 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-09 10:45 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-09 10:45 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-09 10:45 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-09 10:45 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 10:45 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 10:45 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 10:45 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 10:45 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 10:45 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-09 10:45 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 10:45 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 10:45 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 10:45 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 10:45 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 10:45 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 10:45 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 10:45 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 10:45 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 10:45 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 10:45 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 10:42 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 10:42 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-09 10:42 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 10:42 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-09 10:42 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-09 10:42 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 10:42 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 10:42 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 10:42 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 10:42 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 10:42 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 10:42 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 10:42 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 10:42 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-09 10:42 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 10:42 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-09 10:42 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-09 10:42 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 10:42 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 10:42 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 10:42 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 10:42 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 10:42 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 10:42 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-05 16:32 - 2015-09-05 16:32 - 00000000 ____D C:\Users\my\AppData\LocalLow\Yousician
2015-09-05 16:30 - 2015-09-05 16:31 - 00000000 ____D C:\Users\my\AppData\Roaming\Yousician Launcher
2015-09-05 16:30 - 2015-09-05 16:30 - 08404248 _____ (Yousician ) C:\Users\my\Downloads\YousicianSetup.exe
2015-09-05 16:30 - 2015-09-05 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yousician Launcher
2015-09-02 19:13 - 2015-09-02 19:13 - 00033911 _____ C:\Users\my\Downloads\Whitesnake - Is This Love (Pro).gp4
2015-09-02 19:12 - 2015-09-02 19:12 - 00085498 _____ C:\Users\my\Downloads\Whitesnake - Is This Love (Pro).gpx
2015-09-02 19:09 - 2015-09-02 19:10 - 00006064 _____ C:\Users\my\Downloads\Whitesnake - Is This Love Acoustic (Pro).gp5
2015-09-02 13:45 - 2015-09-02 14:00 - 00000000 ____D C:\Users\my\Downloads\EvBr
2015-08-31 12:47 - 2015-09-10 19:00 - 00000000 ____D C:\Users\my\.oracle_jre_usage
2015-08-31 12:47 - 2015-08-31 12:47 - 00000000 ____D C:\Users\my\AppData\Roaming\Sun
2015-08-29 14:05 - 2015-08-29 14:06 - 06596389 _____ C:\Users\my\Desktop\11852064_10153475436660767_701276033_n.mp4
2015-08-25 14:39 - 2015-10-04 13:44 - 00000000 ____D C:\Users\my\Desktop\f
2015-08-22 13:49 - 2015-10-04 13:43 - 00000000 ____D C:\Users\my\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-08-22 13:19 - 2015-10-03 14:02 - 00000000 ____D C:\AdwCleaner
2015-08-22 13:18 - 2015-08-22 13:18 - 01605632 _____ C:\Users\my\Downloads\adwcleaner_5.003.exe
2015-08-22 13:04 - 2015-08-22 13:04 - 00007578 _____ C:\Windows\system32\cc_20150822_130403.reg
2015-08-22 13:03 - 2015-08-22 13:03 - 00124484 _____ C:\Windows\system32\cc_20150822_130332.reg
2015-08-19 18:22 - 2015-08-21 17:40 - 00000000 ____D C:\Windows\system32\soed
2015-08-19 17:50 - 2015-10-04 13:43 - 00000000 ____D C:\Users\my\AppData\Local\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B
2015-08-19 17:50 - 2015-08-19 17:50 - 00004258 _____ C:\Windows\System32\Tasks\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B
2015-08-19 17:50 - 2015-08-19 17:50 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-08-19 17:22 - 2015-08-19 17:24 - 00000000 ____D C:\Users\my\AppData\Roaming\Opera Software
2015-08-19 17:22 - 2015-08-19 17:24 - 00000000 ____D C:\Users\my\AppData\Local\Opera Software
2015-08-19 17:21 - 2015-08-21 17:41 - 00000000 ____D C:\Users\my\AppData\Roaming\y2zky2nxzws5btd
2015-08-19 17:21 - 2015-08-19 17:24 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-19 17:21 - 2015-08-19 17:21 - 00003238 _____ C:\Windows\System32\Tasks\GlobalUpdate-y2zky2nxzws5btd
2015-08-19 17:19 - 2015-07-23 11:54 - 00451088 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-19 17:17 - 2015-08-19 17:18 - 01123856 _____ C:\Users\my\Downloads\Fine Metronome Downloader__3687_i1589480560.exe
2015-08-12 18:32 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:31 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 12:27 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 12:27 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 12:27 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 12:27 - 2015-07-16 14:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 12:27 - 2015-07-16 14:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 12:27 - 2015-07-16 14:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 12:27 - 2015-07-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 12:26 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 12:26 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 12:26 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 12:26 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 12:26 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 12:26 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 12:26 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 12:26 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 12:26 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 12:26 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 12:26 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 12:26 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 12:26 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 12:26 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 12:26 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 12:26 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 12:26 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 12:26 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 12:26 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 12:26 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 12:26 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 12:26 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 12:26 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 12:26 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 12:26 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 12:26 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 12:26 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 12:26 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 12:26 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 12:26 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 12:26 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 12:26 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 12:26 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 12:26 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 12:26 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 12:26 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 12:26 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 12:26 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 12:26 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 12:26 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 12:26 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 12:26 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 12:26 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 12:26 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 12:26 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 12:26 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 12:26 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 12:25 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 12:25 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 12:25 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 12:25 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 12:25 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 12:25 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 12:25 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 12:25 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 12:25 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 12:25 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 12:25 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 12:25 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 12:25 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 12:25 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 12:25 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 12:25 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 12:25 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 12:25 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 12:25 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 12:25 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 12:25 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 12:25 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 12:25 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 21:37 - 2015-09-14 17:51 - 00000000 ____D C:\ProgramData\BlueStacks
2015-08-11 21:36 - 2015-08-11 21:36 - 14246072 _____ (BlueStack Systems Inc.) C:\Users\my\Downloads\BlueStacks-ThinInstaller(1).exe
2015-08-11 21:36 - 2015-08-11 21:36 - 00000000 ____D C:\Users\my\AppData\Local\Bluestacks
2015-08-11 21:30 - 2015-08-11 21:30 - 00000000 ____D C:\Users\my\AppData\Local\XamarinInsights
2015-08-11 21:27 - 2015-08-11 21:30 - 00000000 ____D C:\Users\my\AppData\Roaming\XamarinAndroidPlayer
2015-08-11 21:25 - 2015-08-11 23:22 - 00000000 ____D C:\ProgramData\XamarinAndroidPlayer
2015-08-11 21:24 - 2014-10-11 13:29 - 00917112 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-08-11 21:23 - 2014-10-11 13:27 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-08-11 21:21 - 2015-08-11 21:22 - 89980688 _____ (Xamarin) C:\Users\my\Downloads\Xamarin Android Player x64.exe
2015-08-11 20:44 - 2015-08-11 23:22 - 00000000 ____D C:\Windroy
2015-08-11 20:44 - 2015-08-11 20:44 - 00000000 ____D C:\Users\my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
2015-08-11 20:43 - 2015-08-11 21:31 - 00000000 ____D C:\Users\my\.VirtualBox
2015-08-11 20:43 - 2015-08-11 20:44 - 83252212 _____ (Windroy, Inc. ) C:\Users\my\Downloads\windroy_20140113.exe
2015-08-11 20:41 - 2015-08-11 20:41 - 00000000 ____D C:\Program Files\Oracle
2015-08-11 20:39 - 2015-08-11 20:40 - 00000000 ____D C:\Program Files\AndyOfflineInstaller44
2015-08-11 20:32 - 2015-08-11 23:23 - 00000000 ____D C:\Users\my\AppData\Roaming\Andy
2015-08-11 20:32 - 2015-08-11 23:23 - 00000000 ____D C:\Program Files\Andy
2015-08-11 20:32 - 2015-08-11 20:33 - 00000000 ___RD C:\Users\my\AppData\Roaming\Andy_44_Online
2015-08-11 20:32 - 2015-08-11 20:32 - 01324696 _____ C:\Users\my\Downloads\Andy_Android_Emulator_v44_10.exe
2015-08-11 16:12 - 2015-08-11 16:12 - 00424130 _____ C:\Users\my\Desktop\fghgtrl.wav.reapeaks
2015-08-11 16:11 - 2015-08-11 16:11 - 00424130 _____ C:\Users\my\Desktop\fghgtrr.wav.reapeaks
2015-08-11 16:08 - 2015-08-11 16:11 - 47560366 _____ C:\Users\my\Desktop\fghgtrr.wav
2015-08-11 16:08 - 2015-08-11 16:11 - 47560366 _____ C:\Users\my\Desktop\fghgtrl.wav
2015-08-08 15:00 - 2015-08-08 15:00 - 00044562 _____ C:\Users\my\Downloads\Timpani 'G' Roll with Crescendo.mp3.reapeaks
2015-08-07 15:12 - 2015-08-07 15:13 - 00030303 _____ C:\Users\my\Downloads\Savatage - Chance (Pro).mid
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2015-08-05 15:44 - 2015-08-05 16:34 - 00000000 ____D C:\Users\my\Desktop\fnn
2015-08-04 22:46 - 2015-08-04 23:38 - 471427862 _____ C:\Users\my\Downloads\KelMic-EB.rar
2015-08-04 15:23 - 2015-08-04 15:25 - 109697356 _____ C:\Users\my\Downloads\Anna W, Scandinavianfeet.rar
2015-08-02 14:27 - 2015-08-02 14:27 - 00079060 _____ C:\Users\my\Downloads\Savatage - Chance (Pro).gp5
2015-08-01 16:17 - 2015-08-01 16:17 - 00000274 _____ C:\Users\my\Desktop\ball.txt
2015-07-31 14:57 - 2015-07-31 14:57 - 02387503 _____ C:\Users\my\Downloads\NastyVCS_1.0.1.zip
2015-07-30 02:02 - 2015-07-30 02:02 - 10384080 _____ C:\Users\my\Downloads\reaper50rc10_x64-install.exe
2015-07-29 11:43 - 2015-07-29 11:43 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-24 12:55 - 2015-07-24 12:55 - 00000000 ____D C:\Users\my\AppData\Roaming\OpenDNS Updater
2015-07-24 12:54 - 2015-07-24 12:55 - 00225336 _____ C:\Users\my\Downloads\OpenDNS-Updater-2.2.1.exe
2015-07-23 16:27 - 2015-07-23 16:27 - 00000198 _____ C:\Users\my\Desktop\sng.txt
2015-07-23 13:03 - 2015-07-23 13:04 - 00116736 _____ C:\Users\my\Downloads\OpenDNSDiagnostic-1.4.1.exe
2015-07-22 12:16 - 2015-07-22 12:16 - 00000000 ____D C:\Users\my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2015-07-18 16:16 - 2015-07-18 16:28 - 734003200 _____ C:\Users\my\Downloads\Ivy Audio - Scott Drums.part4.rar
2015-07-18 16:16 - 2015-07-18 16:28 - 734003200 _____ C:\Users\my\Downloads\Ivy Audio - Scott Drums.part3.rar
2015-07-18 16:16 - 2015-07-18 16:28 - 734003200 _____ C:\Users\my\Downloads\Ivy Audio - Scott Drums.part2.rar
2015-07-18 16:16 - 2015-07-18 16:28 - 734003200 _____ C:\Users\my\Downloads\Ivy Audio - Scott Drums.part1.rar
2015-07-18 16:16 - 2015-07-18 16:21 - 237942603 _____ C:\Users\my\Downloads\Ivy Audio - Scott Drums.part5.rar
2015-07-18 15:33 - 2015-07-18 15:33 - 51388879 _____ C:\Users\my\Downloads\pocketBlakus 1.6.zip
2015-07-18 15:33 - 2015-07-18 15:33 - 21749858 _____ C:\Users\my\Downloads\pocketBlakusSpicGift.zip
2015-07-15 22:24 - 2015-07-15 22:24 - 00708714 _____ C:\Users\my\Downloads\Cypress Hill - Rock Superstar + Lyrics [HD].mp3.reapeaks
2015-07-15 21:51 - 2015-07-15 22:02 - 00000073 _____ C:\Users\my\Documents\ed.txt
2015-07-15 21:30 - 2015-07-15 21:30 - 01412337 _____ C:\Users\my\Downloads\ProxN45j.exe
2015-07-15 17:53 - 2015-07-15 17:53 - 43221600 _____ (Oracle Corporation) C:\Users\my\Downloads\jre-8u51-windows-x64.exe
2015-07-14 17:12 - 2015-07-14 17:12 - 00803634 _____ C:\Users\my\Downloads\Metallica - For whom the bell tolls (Guitar Backing Track) w_Vocals.mp3.reapeaks
2015-07-14 14:13 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 14:13 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 14:13 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 14:13 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 14:13 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 14:13 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 14:12 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 14:12 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 14:11 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 14:11 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 14:11 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 14:11 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 14:11 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 14:11 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 14:11 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 14:11 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 14:11 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 14:11 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 14:11 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 14:11 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 12:38 - 2015-07-04 18:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 12:38 - 2014-03-07 23:28 - 00000000 ___HD C:\ASUS.DAT
2015-10-06 12:37 - 2015-07-04 18:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-06 12:37 - 2014-06-11 03:15 - 00000000 ____D C:\ProgramData\PACE
2015-10-06 12:36 - 2015-05-28 00:29 - 00000352 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2015-10-06 12:36 - 2015-04-30 16:38 - 00157807 _____ C:\Windows\setupact.log
2015-10-06 12:36 - 2014-11-20 02:41 - 02066762 _____ C:\Windows\WindowsUpdate.log
2015-10-06 12:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-06 12:29 - 2015-01-03 02:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA.job
2015-10-06 12:28 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-06 12:28 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 20:14 - 2014-03-05 00:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-05 16:02 - 2014-04-02 10:13 - 00000000 ____D C:\Users\my\AppData\Roaming\vlc
2015-10-05 15:53 - 2014-07-30 20:54 - 00000081 _____ C:\Users\my\AppData\default.pls
2015-10-04 22:29 - 2015-01-03 02:06 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core.job
2015-10-04 21:16 - 2014-12-14 11:18 - 01801728 ___SH C:\Users\my\Desktop\Thumbs.db
2015-10-04 14:31 - 2015-04-30 16:37 - 00032230 _____ C:\Windows\PFRO.log
2015-10-04 14:31 - 2015-01-18 05:50 - 00000163 _____ C:\Windows\wininit.ini
2015-10-04 14:31 - 2014-07-19 21:51 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-04 14:29 - 2014-07-19 21:51 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-04 13:51 - 2015-01-08 11:03 - 00000000 ____D C:\Windows\pss
2015-10-04 13:44 - 2014-03-10 17:03 - 00000000 ____D C:\Users\my\AppData\Roaming\REAPER
2015-10-04 13:44 - 2014-03-05 00:08 - 00000000 ____D C:\Users\my
2015-10-04 13:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-04 13:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-10-04 13:43 - 2015-07-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2015-10-04 13:43 - 2015-07-03 12:39 - 00000000 ____D C:\Program Files (x86)\ClipGrab
2015-10-04 13:43 - 2015-01-15 13:24 - 00000000 ____D C:\Users\my\AppData\Roaming\IrfanView
2015-10-04 13:43 - 2014-12-09 14:37 - 00000000 ____D C:\Users\my\AppData\Local\PrivaZer
2015-10-04 13:43 - 2014-08-04 07:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-04 13:43 - 2014-07-19 21:51 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-10-04 13:43 - 2014-07-10 18:58 - 00000000 ____D C:\Users\my\AppData\Roaming\GetRightToGo
2015-10-04 13:43 - 2014-03-05 12:37 - 00000000 ____D C:\ProgramData\P4G
2015-10-04 13:43 - 2014-03-05 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-04 13:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-10-04 13:42 - 2014-03-11 09:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 22:38 - 2015-07-04 18:11 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 22:14 - 2014-03-05 00:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 22:14 - 2014-03-05 00:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 22:14 - 2014-03-05 00:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-20 11:45 - 2009-07-14 00:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 17:34 - 2014-03-06 11:00 - 00000000 ____D C:\Users\my\AppData\Roaming\uTorrent
2015-09-16 18:53 - 2014-03-10 18:39 - 00000000 ____D C:\Users\my\Documents\REAPER Media
2015-09-16 13:32 - 2015-07-04 18:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 13:32 - 2015-07-04 18:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 13:31 - 2014-10-21 22:21 - 00000000 ____D C:\ProgramData\Windows VXM
2015-09-15 22:24 - 2015-01-03 02:06 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA
2015-09-15 22:24 - 2015-01-03 02:06 - 00003464 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core
2015-09-14 17:54 - 2015-04-04 16:17 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-09-14 17:52 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-11 15:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-09-11 11:14 - 2014-08-04 07:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 11:11 - 2014-03-07 23:29 - 00001988 _____ C:\Windows\system32\ServiceFilter.ini
2015-09-10 19:19 - 2014-08-22 23:52 - 00000000 ____D C:\Users\my\AppData\Local\Google
2015-09-10 18:59 - 2015-07-01 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-10 13:32 - 2014-12-21 00:33 - 00295928 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 13:30 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 13:30 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 01:30 - 2014-03-05 14:49 - 00000000 ____D C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2014-10-10 22:46 - 2014-10-10 22:56 - 0012479 _____ () C:\Program Files (x86)\setuplog.txt
2014-10-10 22:46 - 2014-10-10 22:56 - 0014306 _____ () C:\Program Files (x86)\uninstal.log
2014-10-31 09:19 - 2014-10-31 09:21 - 0000172 _____ () C:\Users\my\AppData\Roaming\SecretLayer.ini
2014-12-25 18:54 - 2015-06-29 22:21 - 0008192 _____ () C:\Users\my\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-26 09:46 - 2014-12-26 09:46 - 0001452 _____ () C:\ProgramData\tempimage.bmp
 
Some files in TEMP:
====================
C:\Users\my\AppData\Local\Temp\1587.exe
C:\Users\my\AppData\Local\Temp\fsdAE9D.exe
C:\Users\my\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\my\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\my\AppData\Local\Temp\oprun12926.exe
C:\Users\my\AppData\Local\Temp\rtdrvmon.exe
C:\Users\my\AppData\Local\Temp\SpOrder.dll
C:\Users\my\AppData\Local\Temp\sqlite3.dll
C:\Users\my\AppData\Local\Temp\Uninstall.exe
C:\Users\my\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\my\AppData\Local\Temp\ytb.exe
C:\Users\my\AppData\Local\Temp\YWS_DspIpp.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2014-03-06 09:31] - [2015-08-19 18:22] - 0357888 ____A (Microsoft Corporation) C6AABFCD82EF9419AB8F1336A478EB49
 
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 13:43
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by my (2015-10-06 12:40:45)
Running from C:\Users\my\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-05 05:08:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3377700343-2179916962-3551201692-500 - Administrator - Disabled)
Guest (S-1-5-21-3377700343-2179916962-3551201692-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3377700343-2179916962-3551201692-1003 - Limited - Enabled)
msy (S-1-5-21-3377700343-2179916962-3551201692-1000 - Administrator - Enabled) => C:\Users\my
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Addictive Drums (HKLM-x32\...\Addictive Drums) (Version:  - )
Addictive Drums 1.5.2 (HKLM-x32\...\Addictive Drums Inno Setup_is1) (Version:  - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Air Keyboard (HKLM-x32\...\{DBEBC979-5914-4DD2-A2CD-923BDC23A819}) (Version: 1.8.2 - SkyGears)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
AmazingMIDI (HKLM-x32\...\AmazingMIDI) (Version:  - )
AmpegSVX (HKLM-x32\...\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}) (Version: 1.1.0 - IK Multimedia)
AmpliTube Metal (HKLM-x32\...\{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}) (Version: 1.0.0 - IK Multimedia)
AmpliTube2 (HKLM-x32\...\{FB6691DA-66D3-412E-9853-641CF7D0C35A}) (Version: 2.0.0 - )
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.6.6.9 (HKLM\...\ARIA Engine_is1) (Version: v1.6.6.9 - Plogue Art et Technologie, Inc)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG2900 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2900_series) (Version: 1.00 - Canon Inc.)
Canon MG2900 series On-screen Manual (HKLM-x32\...\Canon MG2900 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG2900 series User Registration (HKLM-x32\...\Canon MG2900 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ClipGrab 3.4.11 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Data Recovery Wizard 7.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.5_is1) (Version:  - EaseUS)
Edirol HQ Orchestral v1.01 (HKLM-x32\...\Edirol HQ Orchestral v1.01) (Version:  - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evouyn (HKLM-x32\...\Evouyn1.01) (Version: 1.01 - Noisebud)
EZmix 64-bit (HKLM\...\{3D83CC9F-E2E1-47AE-B1AF-F6D3A8825196}) (Version: 2.0.8 - Toontrack)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
Fletchy-Muncher (HKLM-x32\...\Fletchy-Muncher1.2) (Version: 1.2 - Noisebud)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
Jammit (HKLM-x32\...\{665AD2EB-BBCE-43EB-8E7D-DB0C961C423E}) (Version: 1.0.108 - Jammit Inc)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Korg Legacy Collection v1.1.10 (HKLM-x32\...\Korg Legacy Collection v1.1.10) (Version:  - )
Lazy Kenneth (HKLM-x32\...\Lazy Kenneth1.51) (Version: 1.51 - Noisebud)
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MachFive (HKLM-x32\...\MachFive v.1.2 Update) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MIDIHub (HKLM-x32\...\MIDIHub) (Version: 0.824 - humatic)
MouseServer version 1.5.2.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.2.0 - Necta Co.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 70s Drums (HKLM-x32\...\Native Instruments Abbey Road 70s Drums) (Version:  - Native Instruments)
Native Instruments Abbey Road 80s Drums (HKLM-x32\...\Native Instruments Abbey Road 80s Drums) (Version:  - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version:  - Native Instruments)
Native Instruments Balinese Gamelan (HKLM-x32\...\Native Instruments Balinese Gamelan) (Version:  - Native Instruments)
Native Instruments Bandstand (HKLM-x32\...\Native Instruments Bandstand) (Version:  - )
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Battery Library Importer for Maschine (HKLM-x32\...\Native Instruments Battery Library Importer for Maschine) (Version:  - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version:  - Native Instruments)
Native Instruments Evolve Mutations 2 (HKLM-x32\...\Native Instruments Evolve Mutations 2) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments George Duke Soul Treasures (HKLM-x32\...\Native Instruments George Duke Soul Treasures) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Komplete 8 Ultimate (HKLM-x32\...\Native Instruments Komplete 8 Ultimate) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version:  - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version:  - Native Instruments)
Native Instruments Razor (HKLM-x32\...\Native Instruments Razor) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version:  - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version:  - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version:  - Native Instruments)
Native Instruments Scarbee Jay-Bass (HKLM-x32\...\Native Instruments Scarbee Jay-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee MM-Bass Amped (HKLM-x32\...\Native Instruments Scarbee MM-Bass Amped) (Version:  - Native Instruments)
Native Instruments Scarbee Pre-Bass (HKLM-x32\...\Native Instruments Scarbee Pre-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee Pre-Bass Amped (HKLM-x32\...\Native Instruments Scarbee Pre-Bass Amped) (Version:  - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Session IO Driver (HKLM-x32\...\Native Instruments Session IO Driver) (Version:  - Native Instruments)
Native Instruments Session Strings Pro (HKLM-x32\...\Native Instruments Session Strings Pro) (Version:  - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version:  - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version:  - Native Instruments)
Native Instruments The Mouth (HKLM-x32\...\Native Instruments The Mouth) (Version:  - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version:  - Native Instruments)
Native Instruments Transient Master (HKLM-x32\...\Native Instruments Transient Master) (Version:  - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments VC 160 (HKLM-x32\...\Native Instruments VC 160) (Version:  - Native Instruments)
Native Instruments VC 2A (HKLM-x32\...\Native Instruments VC 2A) (Version:  - Native Instruments)
Native Instruments VC 76 (HKLM-x32\...\Native Instruments VC 76) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version:  - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version:  - Native Instruments)
Nero 8 (HKLM-x32\...\{5FCCD531-1B38-4A94-924C-127F722F1033}) (Version: 8.2.89 - Nero AG)
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.3.1.0494 - PACE Anti-Piracy, Inc.) Hidden
Pianissimo (HKLM-x32\...\Pianissimo) (Version:  - Acoustica)
Pianoteq v2.3.0 (HKLM-x32\...\Pianoteq23) (Version:  - )
Plogue sforzando v1.669 (HKLM\...\__ARIA_1014___is1) (Version: v1.669 - Plogue)
PlugSound - Vol 01 - Keyboard Collection (HKLM-x32\...\Keyboard Collection) (Version:  - )
PlugSound - Vol 02 - Fretted Instruments (HKLM-x32\...\Fretted Instruments) (Version:  - )
PlugSound - Vol 03 - Drums & Percs Elements (HKLM-x32\...\Drums & Percs Elements) (Version:  - )
PlugSound - Vol 05 - World Of Synthesizers (HKLM-x32\...\World Of Synthesizers) (Version:  - )
PlugSound - Vol 06 - Global Collection GM (HKLM-x32\...\Global Collection GM) (Version:  - )
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.23.0.0 - Goversoft LLC)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Python 3.3.2 (64-bit) (HKLM\...\{9fa9a2a6-19e4-381a-8af3-f8cf12f0dcf0}) (Version: 3.3.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)
SampleTank 2 (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.2 - IK Multimedia)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
smile (HKLM-x32\...\smile1.01) (Version: 1.01 - Noisebud)
Softube Acoustic Feedback VST RTAS v1.0.7 (HKLM-x32\...\Softube Acoustic Feedback VST RTAS_is1) (Version:  - )
Softube Bass Amp Room VST RTAS v1.0.2 (HKLM-x32\...\Softube Bass Amp Room VST RTAS_is1) (Version:  - )
Softube Metal Amp Room VST RTAS v1.1.5 (HKLM-x32\...\Softube Metal Amp Room VST RTAS_is1) (Version:  - )
Softube Tube-Tech CL 1B VST RTAS v1.0.3 (HKLM-x32\...\Softube Tube-Tech CL 1B VST RTAS_is1) (Version:  - )
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SoundToys Native Effects VST RTAS v3.1.2 (HKLM-x32\...\SoundToys Native Effects VST RTAS_is1) (Version:  - )
Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.3.1 - Toontrack)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version:  - 4Front Technologies)
TruePianos: Amber Module 1.4.0 (HKLM-x32\...\TruePianos: Amber Module_is1) (Version:  - 4Front Technologies)
TruePianos: Diamond Module 1.4.0 (HKLM-x32\...\TruePianos: Diamond Module_is1) (Version:  - 4Front Technologies)
TruePianos: Emerald Module 1.4.0 (HKLM-x32\...\TruePianos: Emerald Module_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module (Pedal sounds included)_is1) (Version:  - 4Front Technologies)
TruePianos: Sapphire Module 1.4.0 (HKLM-x32\...\TruePianos: Sapphire Module_is1) (Version:  - 4Front Technologies)
UVI Workstation 2.1.8 (HKLM-x32\...\UVI Workstation_is1) (Version: 2.1.8 - Univers Sons)
UVI Workstation x64 2.5.5 (HKLM\...\UVI Workstation x64_is1) (Version: 2.5.5 - UVI)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Vir2 Instruments BASiS (HKLM-x32\...\Vir2 Instruments BASiS) (Version:  - )
Vir2 Instruments Elite Orchestral Percussion (HKLM-x32\...\Vir2 Instruments Elite Orchestral Percussion) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waves Complete V9r17 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.17 - Waves)
WIDCOMM BTW Development Kit (HKLM-x32\...\{0B75A75A-3D2C-479B-ACA0-A17A0B4B7628}) (Version: 6.1.0.1506 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Data Recovery for Android(Build 1.0.0.18) (HKLM-x32\...\Wondershare Data Recovery for Android_is1) (Version: 1.0.0.18 - Wondershare Software Co.,Ltd.)
Wondershare Dr.Fone for Android(Build 4.8.0.135) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.8.0.135 - Wondershare Software Co.,Ltd.)
X-Edit (HKLM-x32\...\X-Edit) (Version: 2.7.1.1 - DigiTech)
X-Edit (x32 Version: 2.7.1.1 - DigiTech) Hidden
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Yousician Launcher version 1.0 (HKLM-x32\...\{EF45EAE9-523E-47C3-8634-A81923B11DD5}_is1) (Version: 1.0 - Yousician)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3377700343-2179916962-3551201692-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\my\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
23-09-2015 21:43:07 Windows Update
27-09-2015 13:15:05 Windows Update
01-10-2015 12:32:48 Windows Update
02-10-2015 17:05:20 JRT Pre-Junkware Removal
04-10-2015 14:04:16 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-23 11:54 - 2015-07-23 11:54 - 00451088 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0393C180-CCE5-4A96-A366-4788E911F3E1} - System32\Tasks\{158483C6-B4AB-4572-8011-33A3ED0CE8B8} => pcalua.exe -a "G:\Elite Orchestral Percussion.exe" -d G:\
Task: {19F576E2-6D96-4DC6-92CC-3D0ACF6262FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {1AE23A90-04F6-463F-8E26-7D69B6DADE40} - System32\Tasks\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B => C:\Users\my\AppData\Local\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B\87ADE470-9C04-4537-AED9-ED4CBFDB3F4B.exe [2015-08-19] () <==== ATTENTION
Task: {1E7787E1-9B22-4EE0-99F3-B5A8F60A3B37} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {26C27367-1A3D-4AEC-A63A-18E2FF4CC0A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {28EECAEA-72F1-492B-A65E-D01016DC1BD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2A3719D9-C3BA-4FF6-9827-41E1E4B055D7} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {2C0C7675-62F5-4814-8D46-8FCEC5E64482} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {2D1D8D78-EE0B-41BF-B1F6-FE185189BADC} - System32\Tasks\GlobalUpdate-y2zky2nxzws5btd => C:\Users\my\AppData\Roaming\y2zky2nxzws5btd\y2zky2nxzws5btd.exe [2015-08-18] () <==== ATTENTION
Task: {51B75750-FC61-48DF-B4B4-6F7E9A5A4967} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5368D195-FFDA-47A0-BFD7-908E83EFCFF5} - System32\Tasks\{BF3D0322-B2FC-4585-A3D5-22C18CBAAE56} => pcalua.exe -a "C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\88\Setup.exe" -d "C:\Program Files (x86)\ASUS\ASUS Live Update\Temp\88" -c /qn /norestart
Task: {57A8F272-20EF-4BF1-B348-2FCA91F359D7} - \Jarmeee -> No File <==== ATTENTION
Task: {5D7E9D7A-D7AD-4FB0-9598-B07D82CD64E9} - \Microsoft\Windows\Maintenance\Web Tool Updater -> No File <==== ATTENTION
Task: {67728564-2B57-4369-9AE4-D9E8027B9C51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {6A54C76E-12E4-4F62-A019-77E298335270} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {734F670E-9222-44DB-A49C-4B3E83F4E2C5} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {740E3093-1B3A-496C-BACB-75E195F57463} - System32\Tasks\{8373570B-4A44-45CD-B708-EF5CFD92BA9D} => pcalua.exe -a "F:\music software\Guitar Pro 5.2 (with complete RSE packs)\RSE_DRUMS.exe" -d "F:\music software\Guitar Pro 5.2 (with complete RSE packs)"
Task: {84E21B11-4DFF-4206-A3DF-351E9E5903A4} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {8C946FC7-F6FA-41C3-85A8-60CE5EEE0CE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB068A77-7214-4535-9D28-B2ECF15DFE19} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {BB613F92-4A75-452E-8910-3D7CE328A20C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {C2F2CE14-528F-45C7-B291-E9B4A206FD50} - System32\Tasks\{E4772028-B9D3-4F0E-8307-C0B1C27C2AEB} => pcalua.exe -a "H:\music software\Luxonix.Purity.VSTi.v1.1.2-AiR\Luxonix Purity VSTi v1.1.2\Setup.exe" -d "H:\music software\Luxonix.Purity.VSTi.v1.1.2-AiR\Luxonix Purity VSTi v1.1.2"
Task: {D512CF79-C5CF-4178-A97C-92C5D13DE841} - \BBQLeads -> No File <==== ATTENTION
Task: {D6733241-6A82-4104-AC22-05511AA66180} - \Web Tool Runner -> No File <==== ATTENTION
Task: {DB160C48-5C27-41DB-992E-7960256A8BA6} - \RocketTab -> No File <==== ATTENTION
Task: {E35EE608-2B92-45D5-9680-8CB77676F44B} - System32\Tasks\{894819F9-5589-4CDA-BBD9-0837F89969F1} => pcalua.exe -a "F:\music software\Guitar Pro 5.2 (with complete RSE packs)\RSE_GUITARS.exe" -d "F:\music software\Guitar Pro 5.2 (with complete RSE packs)"
Task: {EC95DE48-70D9-4DF2-A060-15467E61FE5B} - System32\Tasks\{C19DF065-AAAF-4F72-964D-C1EFBCEFF299} => pcalua.exe -a "F:\music software\Guitar Pro 5.2 (with complete RSE packs)\RSE_BASSES.exe" -d "F:\music software\Guitar Pro 5.2 (with complete RSE packs)"
Task: {FE430C5C-E02E-4C56-8317-D035A99FD86B} - System32\Tasks\{CF101D15-6241-47B6-98CF-F84881367C2F} => pcalua.exe -a "G:\PC Installer\Install Instruments DVD1.exe" -d "G:\PC Installer"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000Core.job => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3377700343-2179916962-3551201692-1000UA.job => C:\Users\my\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-09 14:40 - 2014-12-09 14:40 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-03-05 12:10 - 2011-05-05 21:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-03-05 09:05 - 2011-07-26 16:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 01:39 - 2012-09-13 01:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\PACE:3F913E07D81C83B2
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\my\Downloads\Fine Metronome Downloader__3687_i1589480560.exe:typelib
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Value data Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Value data Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Value data Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 12684 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\my\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5D97858C-C5A2-4A8C-B46E-31BEE4A1E603}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6105F2EE-682D-400E-B0EA-F61F1EA9564E}] => (Allow) C:\Users\my\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83EA19F5-1C6C-404D-B6DC-59ECBCB21FCC}] => (Allow) C:\Users\my\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{69A8995C-6980-47DB-8CC1-0E7A295E3121}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [UDP Query User{B23BFC3D-AFB9-456F-AF23-ECC2EA11BA32}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [{A9CD4072-4DC0-4125-9EE4-836B3B71B3A0}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{1F9F5E80-9462-4963-A259-F3B80C20988C}] => (Allow) C:\Windows\SysWOW64\lxbkcoms.exe
FirewallRules: [{EDF12108-C55C-4857-9FEC-D503BCA2C486}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{B4CAB488-46CF-4BD1-8E87-511BC68ECE4A}] => (Allow) C:\Windows\System32\lxbkcoms.exe
FirewallRules: [{A8D63C34-7672-472E-9D79-3AE969D4AFA8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe
FirewallRules: [{69F49AA2-09EB-45C1-BB47-C560CAF2E818}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbkpswx.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{C7041049-EED7-41FE-B65F-ADDC7FBFAE8E}] => (Allow) C:\Program Files (x86)\humatic\MIDIHub\MIDIHub.exe
FirewallRules: [{BFDE7E8B-FBCE-430F-BE2A-36E5022F22D7}] => (Allow) C:\Program Files (x86)\humatic\MIDIHub\MIDIHub.exe
FirewallRules: [TCP Query User{5C9CB103-B3F5-4060-8FA5-697BF3D3A477}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{E326A2B7-0F3E-459D-A156-516851230B0C}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [TCP Query User{C262AA41-8F56-4016-B41B-4B0E59C52BF6}C:\program files (x86)\digitech\x-edit\x-edit.exe] => (Allow) C:\program files (x86)\digitech\x-edit\x-edit.exe
FirewallRules: [UDP Query User{EAF869F3-F81A-45C7-9BE2-968213559660}C:\program files (x86)\digitech\x-edit\x-edit.exe] => (Allow) C:\program files (x86)\digitech\x-edit\x-edit.exe
FirewallRules: [TCP Query User{9B2E20EF-3766-40C2-BB05-827F51EF17E9}H:\komplete\guitar rig 5\guitar rig 5.exe] => (Allow) H:\komplete\guitar rig 5\guitar rig 5.exe
FirewallRules: [UDP Query User{50AAF2CF-43C6-4E4B-9348-1D7309C5D9CB}H:\komplete\guitar rig 5\guitar rig 5.exe] => (Allow) H:\komplete\guitar rig 5\guitar rig 5.exe
FirewallRules: [TCP Query User{E6106492-3728-4BF5-86CE-F0A923EA54A4}C:\program files (x86)\machfive files\uvix\uvix.exe] => (Block) C:\program files (x86)\machfive files\uvix\uvix.exe
FirewallRules: [UDP Query User{0B29CFA5-1AC3-423C-998C-787D3B400FB0}C:\program files (x86)\machfive files\uvix\uvix.exe] => (Block) C:\program files (x86)\machfive files\uvix\uvix.exe
FirewallRules: [TCP Query User{04C91B3E-C928-43B8-BC87-AA16A949BC5A}C:\program files (x86)\guitar pro 5\gp5.exe] => (Allow) C:\program files (x86)\guitar pro 5\gp5.exe
FirewallRules: [UDP Query User{870F190A-5559-4E75-8932-99FFDE2FE2C8}C:\program files (x86)\guitar pro 5\gp5.exe] => (Allow) C:\program files (x86)\guitar pro 5\gp5.exe
FirewallRules: [TCP Query User{C3E5F2B8-AD8F-419C-85FF-792EE81D52CA}C:\program files\realtek\audio\hda\ravbg64.exe] => (Allow) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [UDP Query User{438B57E3-CC45-4162-8380-1FDC6698B08D}C:\program files\realtek\audio\hda\ravbg64.exe] => (Allow) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [TCP Query User{4DF304F5-4286-49F1-A986-38DF1F6CBF6F}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Allow) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [UDP Query User{F4ED0A3D-F325-48CC-B427-2823383F5186}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Allow) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [TCP Query User{75350F1E-5559-49A1-8DD3-3E7670E82497}C:\program files\realtek\audio\hda\ravbg64.exe] => (Block) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [UDP Query User{4C400941-1133-4985-B920-C69449B2E0E6}C:\program files\realtek\audio\hda\ravbg64.exe] => (Block) C:\program files\realtek\audio\hda\ravbg64.exe
FirewallRules: [TCP Query User{F1A38AC4-57A4-45F0-9B3D-3F630E192214}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Block) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [UDP Query User{8E46108A-50DD-4682-9CF8-B8A02EADE621}C:\program files (x86)\asus\sonic focus\sonicfocustray.exe] => (Block) C:\program files (x86)\asus\sonic focus\sonicfocustray.exe
FirewallRules: [{D25C768D-B6B9-404D-891A-C1D15A877CF5}] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TCP Query User{0DF8AFF8-F0E9-4B11-A274-D6C173D34AA4}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe] => (Allow) C:\program files (x86)\nero\nero8\nero showtime\showtime.exe
FirewallRules: [UDP Query User{E0743556-703F-49F0-B9C3-88388B147C24}C:\program files (x86)\nero\nero8\nero showtime\showtime.exe] => (Allow) C:\program files (x86)\nero\nero8\nero showtime\showtime.exe
FirewallRules: [{EAFCB99C-35A8-4D9B-A872-CBB0F2BE76CF}] => (Block) %ProgramFiles% (x86)\EaseUS\EaseUS Data Recovery Wizard\DRW.exe
FirewallRules: [{D4684BDA-3E19-4FC8-9283-BAD994BF6ED9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E1F7C0BF-548E-44B7-887E-E8D5AA08C9A1}] => (Allow) LPort=2869
FirewallRules: [{C9DAC824-7DCC-4966-AE58-AE1E91786C50}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{DD430BFC-3DE9-41D8-9CE9-996A52DC20F8}C:\program files (x86)\mouseserver\mouseserver.exe] => (Block) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [UDP Query User{42413689-47B0-4583-9350-BA0C665D0154}C:\program files (x86)\mouseserver\mouseserver.exe] => (Block) C:\program files (x86)\mouseserver\mouseserver.exe
FirewallRules: [TCP Query User{80F23350-9C3A-463D-945A-BF0FCBBB9433}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [UDP Query User{ACD711C5-EE33-4DF4-8D11-40FB49813203}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [{B063FD14-2D03-406E-9755-964BB1BF7226}] => (Block) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DrFoneAndroid.exe
FirewallRules: [TCP Query User{983A0483-718D-479C-A190-E23368898B7E}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [UDP Query User{C9165C0D-BAAE-4A94-8BAC-C057977A83DF}C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe] => (Block) C:\program files (x86)\logitech\lws\webcam software\camerahelpershell.exe
FirewallRules: [{467C2D2E-FA6F-4905-AA01-FB08F5F68979}] => (Block) C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DrFoneAndroid.exe
FirewallRules: [{59D39C52-0C54-46C8-89C6-633684044C64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{82DAC395-B14C-4F4A-B28C-603B0ADC70B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{023AFC05-0DB5-479A-B464-23F29FB1865F}C:\program files (x86)\malwarebytes anti-malware\mbam.exe] => (Allow) C:\program files (x86)\malwarebytes anti-malware\mbam.exe
FirewallRules: [UDP Query User{A3838348-6D94-4F53-895F-DC8BA83B1F89}C:\program files (x86)\malwarebytes anti-malware\mbam.exe] => (Allow) C:\program files (x86)\malwarebytes anti-malware\mbam.exe
FirewallRules: [TCP Query User{49B52F11-B21B-4021-8019-94BCF510A4AA}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [UDP Query User{613AC6D4-5391-4B4F-A382-5739DE3545B8}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [TCP Query User{75D7419B-0DFF-4497-9422-96B3FB72A2AC}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [UDP Query User{4806FAF6-879B-4041-A5E3-E189A57A9FCC}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [TCP Query User{441A7C7C-595E-46DB-85BE-EA224B42A660}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [UDP Query User{DB21FB10-46D0-4B83-86D7-740DDADF819A}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe
FirewallRules: [{7BDDD26D-CEB7-45EE-995B-1DF7F4425E6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95E4E5FF-42F2-41BD-9827-FFE683B880A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{602CFA70-01C4-4F1D-AA55-646A559B58E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95B27A78-E4CB-4C33-9030-3A82102479B1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0A91396-FEA9-4372-A845-B4B07E6E15D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{85A53008-73F8-48E6-A479-CE64BD4E5322}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [UDP Query User{D797EF4C-013E-4B24-8AD6-F76BF93F6743}C:\program files\reaper (x64)\reaper.exe] => (Allow) C:\program files\reaper (x64)\reaper.exe
FirewallRules: [{9A9A5BDC-8BFE-41E9-849F-EE08CC1621B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/06/2015 12:37:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/06/2015 12:20:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2015 09:25:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2015 07:55:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2015 05:40:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveUpdate.exe, version: 3.1.2.0, time stamp: 0x4f06724c
Faulting module name: ntdll.dll, version: 6.1.7601.18933, time stamp: 0x55a69e20
Exception code: 0xc0000008
Fault offset: 0x00082a4c
Faulting process id: 0x%9
Faulting application start time: 0xLiveUpdate.exe0
Faulting application path: LiveUpdate.exe1
Faulting module path: LiveUpdate.exe2
Report Id: LiveUpdate.exe3
 
Error: (10/05/2015 02:51:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (10/05/2015 01:47:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x143c
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
 
Error: (10/05/2015 12:43:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 09:05:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2015 03:12:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (10/06/2015 12:41:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:40:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:40:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:39:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:39:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:38:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:38:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:38:24 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:38:10 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (10/06/2015 12:37:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 5921.14 MB
Available physical RAM: 4137.61 MB
Total Virtual: 11840.48 MB
Available Virtual: 10059.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:384.56 GB) (Free:120.5 GB) NTFS
Drive d: () (Fixed) (Total:546.85 GB) (Free:322.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C2C19D8F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=384.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=546.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
I also noticed that MSE gave me a Win32/patched.ao trojan warning that popped up, Don't know if that is related to this. MSE is not in real time protection as was suggested to me by the person helping me in the other thread I started before being sent here.


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:37 AM

Posted 07 October 2015 - 02:13 AM

I also noticed that MSE gave me a Win32/patched.ao trojan warning that popped up, Don't know if that is related to this.

 

Yes it is. The dnsapi.dll files are patched so we have to replace them with clean copies.

rufus-128.png + FRST.gif Search with FRST from the Recovery Environment

frst.pngfrstsearch.png


Please copy the FRST64.exe from your desktop to a plugged flash drive.

Win 7:
 

  • To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




    To enter System Recovery Options by using Windows installation disc:
     
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

 

  • On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

     
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) is saved to the flashdrive.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Jesse365

Jesse365
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 07 October 2015 - 12:37 PM

Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by SYSTEM (2015-10-07 12:24:33)
Running from g:\
Boot Mode: Recovery

================== Search Files: "dnsapi.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2014-03-06 06:31][2015-08-19 15:23] 0270336 ____A (Microsoft Corporation) 27FA0CE232ECFE46AE61206ABA815926

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2010-11-20 19:24][2015-08-19 15:23] 0270336 ____A (Microsoft Corporation) BED432E987C22FD8D59972FCF90C2941

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2014-03-06 06:31][2015-08-19 15:22] 0357888 ____A (Microsoft Corporation) 049856310CA48E2A2240E3C28170E9B7

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2014-03-06 06:31][2015-08-19 15:22] 0357888 ____A (Microsoft Corporation) C6AABFCD82EF9419AB8F1336A478EB49

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 19:24][2015-08-19 15:22] 0357888 ____A (Microsoft Corporation) 8CAA0C3FF72A4DD21DCF2F88389DFD6F

C:\Windows\System32\dnsapi.dll
[2014-03-06 06:31][2015-08-19 15:22] 0357888 ____A (Microsoft Corporation) C6AABFCD82EF9419AB8F1336A478EB49

X:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 01:27][2010-11-20 05:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01

X:\Windows\System32\dnsapi.dll
[2010-11-20 01:27][2010-11-20 05:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01

====== End of Search ======

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:37 AM

Posted 07 October 2015 - 03:57 PM

Hi,

Please download the dnsapi.zip from here and extract the file to your desktop! (C:\Users\my\Desktop)

Afterwards download the attached fixlist to your flashdrive and boot into the RE like before. Open command prompt and FRST again. This time press the Fix button.
Attached File  fixlist.txt   229bytes   23 downloads


Reboot the computer and perform the search in normal mode:


Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

Edited by deeprybka, 08 October 2015 - 04:09 PM.
link has been removed

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Jesse365

Jesse365
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 08 October 2015 - 04:02 PM

Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by my (2015-10-08 15:54:19)
Running from C:\Users\my\Desktop
Boot Mode: Normal

================== Search Files: "dnsapi.dll" =============

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
[2014-03-06 09:31][2015-08-19 18:23] 0270336 ____A () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
[2015-10-08 17:26][2015-10-08 17:26] 0270336 ____A (Microsoft Corporation) B40420876B9288E0A1C8CCA8A84E5DC9 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
[2010-11-20 22:24][2015-08-19 18:23] 0270336 ____A () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
[2014-03-06 09:31][2015-08-19 18:22] 0357888 ____A (Microsoft Corporation) 049856310CA48E2A2240E3C28170E9B7 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
[2014-03-06 09:31][2015-10-08 17:16] 0357888 ____A (Microsoft Corporation) 492D07D79E7024CA310867B526D9636D [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
[2010-11-20 22:24][2015-08-19 18:22] 0357888 ____A (Microsoft Corporation) 8CAA0C3FF72A4DD21DCF2F88389DFD6F [File not signed]

C:\Windows\SysWOW64\dnsapi.dll
[2015-10-08 17:26][2010-11-21 05:24] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File is digitally signed]

C:\Windows\System32\dnsapi.dll
[2014-03-06 09:31][2010-11-20 08:26] 0357888 ____A (Microsoft Corporation) A52B6CC24063CC83C78C0E6F24DEEC01 [File is digitally signed]

C:\Users\my\Desktop\dnsapi.dll
[2015-10-08 15:31][2010-11-21 05:24] 0270336 ____A (Microsoft Corporation) 59DF156711A76BCB993253EC6C9BBF41 [File is digitally signed]

====== End of Search ======

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:37 AM

Posted 08 October 2015 - 04:08 PM

:thumbup2:

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[C#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Jesse365

Jesse365
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 09 October 2015 - 08:53 AM

Finally able to post from my computer!!! :thumbup2:

 

# AdwCleaner v5.009 - Logfile created 02/10/2015 at 17:00:24
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : my - MY-PC
# Running from : C:\Users\my\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\my\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\my\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Adobe Flash Player Updater

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{181CB734-9CA0-4AB0-8C1F-B483C71F3954}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42BBBEB3-8E8A-4E0F-800D-02B7268F9E8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7E344532-8435-4633-81F0-A2EB20761D2B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD972B83-79D2-4AE6-8A9D-8D6693E11F31}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD0A01B4-71F7-4456-9260-59595F43E7EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F811468B-A941-488C-944C-07CF652F9259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0F8CE12D-D179-41EB-847B-E9EBBA2FE25F}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0F8CE12D-D179-41EB-847B-E9EBBA2FE25F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{919ACA41-9F03-457F-AFE7-50642A7A1166}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{181CB734-9CA0-4AB0-8C1F-B483C71F3954}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42BBBEB3-8E8A-4E0F-800D-02B7268F9E8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7E344532-8435-4633-81F0-A2EB20761D2B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD972B83-79D2-4AE6-8A9D-8D6693E11F31}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CD0A01B4-71F7-4456-9260-59595F43E7EA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F811468B-A941-488C-944C-07CF652F9259}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}

***** [ Web browsers ] *****

[-] [C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [4057 bytes] ##########
# AdwCleaner v5.012 - Logfile created 09/10/2015 at 07:09:11
# Updated 08/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : my - MY-PC
# Running from : C:\Users\my\Desktop\AdwCleaner-1.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\my\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{181CB734-9CA0-4AB0-8C1F-B483C71F3954}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42BBBEB3-8E8A-4E0F-800D-02B7268F9E8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7E344532-8435-4633-81F0-A2EB20761D2B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD972B83-79D2-4AE6-8A9D-8D6693E11F31}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD0A01B4-71F7-4456-9260-59595F43E7EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F811468B-A941-488C-944C-07CF652F9259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0F8CE12D-D179-41EB-847B-E9EBBA2FE25F}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0F8CE12D-D179-41EB-847B-E9EBBA2FE25F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{919ACA41-9F03-457F-AFE7-50642A7A1166}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{181CB734-9CA0-4AB0-8C1F-B483C71F3954}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42BBBEB3-8E8A-4E0F-800D-02B7268F9E8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7E344532-8435-4633-81F0-A2EB20761D2B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD972B83-79D2-4AE6-8A9D-8D6693E11F31}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CD0A01B4-71F7-4456-9260-59595F43E7EA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F811468B-A941-488C-944C-07CF652F9259}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [6586 bytes] ##########
 

2015/10/09 07:19:40 -0500 mbam-log-2015-10-09 (07-19-36).xml yes
2.1.8.1057 v2015.10.09.02 v2015.10.06.01 free disabled disabled disabled
Windows 7 Service Pack 1 x64 my NTFS
threat completed 437263 2403 0 0 2 0 0 0 5 0
enabled enabled enabled enabled enabled disabled enabled warn enabled
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MaxDrivrUpdater_Service_RASAPI32 PUP.Optional.MaxDriverUpdater success b531cb89a0eb67cfdee7ebff996b6c94 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MaxDrivrUpdater_Service_RASMANCS PUP.Optional.MaxDriverUpdater success 9f47074dd3b8bc7aa81db832f21251af
C:\Users\my\Desktop\Music Software\Toontrack EZMix 2 v2.0.8 Inc. All Expansions Pack v1.0.0 11.1.2014 WIN OSX - R2R [deepstatus][h33t[1337x]\Toontrack.EZmix.2.v2.0.8.Incl.Keygen-R2R\r2r-1683.rar RiskWare.Tool.HCK success 95518dc7e3a8181e5ed17c05ba47817f C:\Users\my\Desktop\Music Software\Toontrack EZMix 2 v2.0.8 Inc. All Expansions Pack v1.0.0 11.1.2014 WIN OSX - R2R [deepstatus][h33t[1337x]\Toontrack.EZmix.2.v2.0.8.MacOSX.Incl.Keygen-R2R\r2r-1684.r02 RiskWare.Tool.HCK success b135361ec5c6a1957eb15c25ca3753ad C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_150nodepositbonus.com_0.localstorage PUP.Optional.ConsumerInput success 885ec1930b80c76ff41fcc1d1aeab14f C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_150nodepositbonus.com_0.localstorage-journal PUP.Optional.ConsumerInput success 8264ff55b6d5b086070cb73264a0b749 C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\prefs.js PUP.Optional.WinYahoo replaced user_pref("browser.newtab.url", "resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html"); 39adef65583340f67b90f1d63cc958a8

 

HitmanPro 3.7.10.249
www.hitmanpro.com

   Computer name . . . . : MY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : my-PC\my
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-10-09 08:17:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 17s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 18
   Traces  . . . . . . . : 299

   Objects scanned . . . : 2,493,472
   Files scanned . . . . : 88,806
   Remnants scanned  . . : 481,905 files / 1,922,761 keys

Malware _____________________________________________________________________

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E83WROCU\runasu[1].exe
      Size . . . . . . . : 212,480 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:19:17)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 8943353688E4EE4F487271FF3F42F69E8126600DAE811369F29807B2405D363A
    > Bitdefender  . . . : Gen:Variant.Adware.Graftor.207429
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E83WROCU\wordsurfer-setup-1.10.0.19[1].exe
      Size . . . . . . . : 1,172,712 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:27:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : F59C177699966AE81491C4BCBD6131987BF62951FA5E63EDEE475738CA948101
      Needs elevation  . : Yes
      Product  . . . . . : Word Surfer
      Publisher  . . . . : Word Surfer
      Description  . . . : Word Surfer Setup
      Version  . . . . . : 1.10.0.19
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Agent.PSX
    > Kaspersky  . . . . : not-a-virus:NetTool.Win64.NetFilter.l
      Fuzzy  . . . . . . : 101.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EASZ32V4\setup[1].exe
      Size . . . . . . . : 1,965,128 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:50:10)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 1CD161C5D0ADB01196276C0A1284EB274C859313E37D94AC4DF07CA743155CBF
      Product
      Publisher
      Description
      Version  . . . . . : 106.0.0.0
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
    > Bitdefender  . . . : Gen:Variant.Mikey.22593
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.CrossRider.anvj
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\SmartWebInstaller[1].exe
      Size . . . . . . . : 759,544 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 18:22:09)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : DD2C240C845542BC118ABCDA8FF676C3D836E65383B4D60C095B59AD44E76038
      Product  . . . . . : SmartWeb
      Publisher  . . . . : SoftBrain Technologies Ltd.
      Description  . . . : SoftBrain Technologies Ltd. - Price Comparison
      Version  . . . . . : 8.0.9.2
      Copyright  . . . . : SoftBrain Technologies Ltd.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Generic.1244215
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.PriceGong.a
      Fuzzy  . . . . . . : 101.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\Update_Notifier[1].exe
      Size . . . . . . . : 514,560 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:20:05)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 9D8EDEABCCB3A9FF21E0CC7DB416D875A2FE92ED114524DC21F9B32349FA2BFC
    > Kaspersky  . . . . : not-a-virus:AdWare.NSIS.ConvertAd.isy
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\check[2].exe
      Size . . . . . . . : 202,653 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:27:35)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : CFAE0BBEC9DC0E02BD6F2A5FA5C52241D53A58C369784F78AA9D3A96485658E3
    > Bitdefender  . . . : Adware.ConvertAd.Q
    > Kaspersky  . . . . : Trojan-Downloader.Win32.Genome.tqca
      Fuzzy  . . . . . . : 114.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\cmmdWriter[1].exe
      Size . . . . . . . : 41,440 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:50:08)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 9FC6D1E4EF673C5A9F7D4935F305D8D00B9E44AF6CFED154C5CCD7B6C6007593
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.xd
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\FinalInstaller_dotnet4[1].exe
      Size . . . . . . . : 3,001,344 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 18:23:27)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : CBC817FAB4D883CFBF0153C7F63FD231C7406EB752782E80ECB4AA20939C54ED
      Needs elevation  . : Yes
      Product  . . . . . : Installer
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Adware.Zusy.146056
    > Kaspersky  . . . . : not-a-virus:AdWare.MSIL.Agent.vnh
      Fuzzy  . . . . . . : 110.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\SU_Srv[1].exe
      Size . . . . . . . : 120,832 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:20:06)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : D85E079BB67A02139B69EA7FB77C627259C9A00D83C5D51FCB69250C1CE76E39
    > Bitdefender  . . . : Trojan.GenericKD.2512006
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ConvertAd.ayg
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\bc595c310903369e50e3e112aefc06dc[1].exe
      Size . . . . . . . : 68,759 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 18:22:48)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 5EC7A26114A248C7AB59BB8546139FC0F40670917FBB44BF343F4B37B6B8B094
    > Kaspersky  . . . . : not-a-virus:Downloader.NSIS.Agent.xo
      Fuzzy  . . . . . . : 110.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\pi7qh[1].exe
      Size . . . . . . . : 137,728 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:19:36)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : BC32E86353D7F83515F293D4AABE601033A0BE158CD2E8682F0705B2C961E519
    > Bitdefender  . . . : Gen:Variant.Adware.Graftor.243081
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\SFSetup[1].exe
      Size . . . . . . . : 359,945 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:19:45)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6E2FFE44D2978BC7FC45E03A64445D6867E205C68121886CCCAA9CB32494ACE9
    > Bitdefender  . . . : Trojan.GenericKD.2543609
    > Kaspersky  . . . . : not-a-virus:AdWare.NSIS.ConvertAd.gwg
      Fuzzy  . . . . . . : 114.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJSP7ZI2\runasu[1].exe
      Size . . . . . . . : 212,480 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:20:01)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 8943353688E4EE4F487271FF3F42F69E8126600DAE811369F29807B2405D363A
    > Bitdefender  . . . : Gen:Variant.Adware.Graftor.207429
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT8DYTKY\setup_362[1].exe
      Size . . . . . . . : 254,464 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 18:23:25)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 2FC12CEF0024B894C930172960669D81BC39FC3C1BE334013642CFA877E68DE4
    > Bitdefender  . . . : Gen:Variant.Adware.Graftor.200386
    > Kaspersky  . . . . : HEUR:Trojan-Downloader.Win32.Generic
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT8DYTKY\sprz[1].exe
      Size . . . . . . . : 2,963,520 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 18:21:35)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 323FED195A5A69262D2951FDE82E33B49F1AA48F43F88DB2A4176424138AFA0C
      Product  . . . . . :                                                             
      Publisher  . . . . : shopperz                                                    
      Description  . . . :                                                             
      Version
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Agent.PVZ
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Dagava.g
      Fuzzy  . . . . . . : 104.0

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ11TS99\JOSrv[1].exe
      Size . . . . . . . : 209,920 bytes
      Age  . . . . . . . : 50.6 days (2015-08-19 17:19:30)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : CEB0799DC5416D22AF042F8CDB8D8093F20EADB5F80581FC1D5EF38433867C08
    > Bitdefender  . . . : Gen:Variant.Adware.ConvertAd.16
      Fuzzy  . . . . . . : 106.0

   C:\Users\my\Desktop\droid\New folder\download\setup_Project64_2.1.exe
      Size . . . . . . . : 4,603,228 bytes
      Age  . . . . . . . : 484.5 days (2014-06-11 19:19:32)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : A199F7C70814C2C4BDBB67D09B2DA80F37CF684F3CF12D5F0DB56C158B904BD7
      Product  . . . . . : Project 64                                                  
      Publisher  . . . . :                                                             
      Description  . . . : Installation Setup of Project64 2.1                         
      Version  . . . . . : 2.1.0.1
      LanguageID . . . . : 0
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Lollipop.ib
      Fuzzy  . . . . . . : 103.0

   D:\Rocksmith\rocksmith2014-nocable-loader.exe
      Size . . . . . . . : 14,336 bytes
      Age  . . . . . . . : 387.7 days (2014-09-16 16:30:44)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 94EFF2777555182046338D111E157FCA33404836CB7E925348489EB0C3E54F73
    > Bitdefender  . . . : Gen:Variant.Kazy.207640
      Fuzzy  . . . . . . : 106.0
      References
         C:\Users\my\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocksmith 2014\Rocksmith 2014 (Without Real Tone Cable).lnk


Suspicious files ____________________________________________________________

   C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\FRST64[1].exe
      Size . . . . . . . : 2,194,944 bytes
      Age  . . . . . . . : 0.7 days (2015-10-08 15:53:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C71A17F855D73AB42D760200C8D7FF888650A20B6BCFF38A76748E285F1FDE40
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.8s C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\P6JVIHHL.txt
         -0.7s C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\9B4OQH1L.txt
         -0.6s C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ11TS99\82[1].htm
          0.0s C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\FRST64[1].exe
          0.0s C:\Users\my\Desktop\FRST64.exe
          8.9s C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\up64[1]

   C:\Users\my\AppData\Roaming\Yousician Launcher\Yousician.app\Yousician.exe
      Size . . . . . . . : 16,098,776 bytes
      Age  . . . . . . . : 33.7 days (2015-09-05 16:31:54)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 1E76D497F65CADA69159762A95B23C94E9CE3AD627427099A8CBE8D51B77F3DA
      Version  . . . . . : 5.1.1.2115324
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 23.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Authors name is missing in version info. This is not common to most programs.

   C:\Users\my\Desktop\FRST64.exe
      Size . . . . . . . : 2,194,944 bytes
      Age  . . . . . . . : 0.7 days (2015-10-08 15:53:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C71A17F855D73AB42D760200C8D7FF888650A20B6BCFF38A76748E285F1FDE40
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.8s C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\P6JVIHHL.txt
         -0.7s C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\9B4OQH1L.txt
         -0.6s C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ11TS99\82[1].htm
          0.0s C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\FRST64[1].exe
          0.0s C:\Users\my\Desktop\FRST64.exe
          8.9s C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\up64[1]

   C:\Users\my\Downloads\sws_extension_x64_1869.exe
      Size . . . . . . . : 658,552 bytes
      Age  . . . . . . . : 259.6 days (2015-01-22 18:11:54)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 072D79915F53ADFFEF4DE9F145BF1A775831A87E895DB35013B2D8C678C88125
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   C:\Users\my\AppData\Local\Jaksta_Technologies_Pty_L\ (Applian)
   C:\Users\my\AppData\Local\Jaksta_Technologies_Pty_L\fcaudiop.exe_StrongName_trcokj1ymnuk5jj2upvplr22excaoenx\5.0.1.48\ (Applian)
   C:\Users\my\AppData\Local\Jaksta_Technologies_Pty_L\fcaudiop.exe_StrongName_trcokj1ymnuk5jj2upvplr22excaoenx\5.0.1.48\user.config (Applian)
   C:\Users\my\AppData\Local\Jaksta_Technologies_Pty_L\fctubep.exe_Url_x2prjmuyd0ed15rutgd1rbvk5jzxuee0\5.0.1.48\ (Applian)
   C:\Users\my\AppData\Local\Jaksta_Technologies_Pty_L\fctubep.exe_Url_x2prjmuyd0ed15rutgd1rbvk5jzxuee0\5.0.1.48\user.config (Applian)
   C:\Users\my\AppData\Local\Jaksta_Technologies_Pty_L\fcvideop.exe_StrongName_jkhunzr53fq30jehtiyeatz1sogsrgkj\5.0.1.48\ (Applian)
   C:\Users\my\AppData\Local\Jaksta_Technologies_Pty_L\fcvideop.exe_StrongName_jkhunzr53fq30jehtiyeatz1sogsrgkj\5.0.1.48\user.config (Applian)
   HKLM\SOFTWARE\Classes\AppID\{98879caa-45c8-4f98-a2cf-24fb0d2a619c}\ (Shopperz)
   HKLM\SOFTWARE\Classes\AppID\{b7261ada-35df-4aaa-b434-a0cbd74a2a46}\ (Shopperz)
   HKLM\SOFTWARE\Classes\AppID\{BA74DBC1-0F90-4725-a960-AA2C3CCDEF13}\ (Shopperz)
   HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A}\ (Shopperz)
   HKLM\SOFTWARE\Classes\CLSID\{A8EB6EE7-D746-45CE-874D-6848BBC9D504}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Interface\{8DF8C342-E568-49DC-8723-AB633F4C0F65}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Interface\{CB7C1830-E6DA-49AA-A3E3-6B2EF21BB460}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{98879caa-45c8-4f98-a2cf-24fb0d2a619c}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{b7261ada-35df-4aaa-b434-a0cbd74a2a46}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BA74DBC1-0F90-4725-a960-AA2C3CCDEF13}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{08ACFB57-8187-47f0-AF93-56360D03634A}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A8EB6EE7-D746-45CE-874D-6848BBC9D504}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8DF8C342-E568-49DC-8723-AB633F4C0F65}\ (Shopperz)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CB7C1830-E6DA-49AA-A3E3-6B2EF21BB460}\ (Shopperz)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Tracing\wb_RASAPI32\ (WebBar)
   HKLM\SOFTWARE\Microsoft\Tracing\wb_RASMANCS\ (WebBar)
   HKLM\SOFTWARE\Wow6432Node\Applian Technologies\ (Applian)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASAPI32\ (WajWebEnhance)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASMANCS\ (WajWebEnhance)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32\ (WordSurfer)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS\ (WordSurfer)
   HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\Uiviuuj\ (Shopperz)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_WSAFD_1_10_0_19\ (WordSurfer)
   HKLM\SYSTEM\ControlSet001\services\eventlog\Application\wbsvc\ (WebBar)
   HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\Uiviuuj\ (Shopperz)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_WSAFD_1_10_0_19\ (WordSurfer)
   HKLM\SYSTEM\ControlSet002\services\eventlog\Application\wbsvc\ (WebBar)
   HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Uiviuuj\ (Shopperz)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F06DEFF2-5B9C-490D-910F-35D3A9119622\ (Linkey)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WSAFD_1_10_0_19\ (WordSurfer)
   HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\wbsvc\ (WebBar)
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Stats\{3ea54411-9f2a-4a18-a93a-84312350f7c1}\ (Shopperz)
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Stats\{3ea54411-9f2a-4a18-a93a-84312350f7c1}\ (Shopperz)
   HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Stats\{3ea54411-9f2a-4a18-a93a-84312350f7c1}\ (Shopperz)
   HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Stats\{3ea54411-9f2a-4a18-a93a-84312350f7c1}\ (Shopperz)
   HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Software\Classes\Software\{98ad4c4e-92ab-47b9-a529-a437e2e545e0}\ (Shopperz)
   HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} (Linkey)
   HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Software\Microsoft\Internet Explorer\Stats\{3ea54411-9f2a-4a18-a93a-84312350f7c1}\ (Shopperz)
   HKU\S-1-5-21-3377700343-2179916962-3551201692-1000\Software\ProPCCleanerConfig\ (ProPCCleaner)
   HKU\S-1-5-21-3377700343-2179916962-3551201692-1000_Classes\Software\{98ad4c4e-92ab-47b9-a529-a437e2e545e0}\ (Shopperz)

Cookies _____________________________________________________________________

   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:1369090036.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:146312396.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:1557470023.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:169879785.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:261889587.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:279547401.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:554924358.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:589110604.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:631700291.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:698985673.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:7431252.log.optimizely.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adition.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad-center.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adplxmd.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsby.bidtheatre.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechjp.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:amgdgt.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:audienceiq.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:bankofamerica.tt.omtrdc.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:bizrate.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:bofa.demdex.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.adform.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:cbs.112.2o7.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:cbsi.demdex.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:cm.dpclk.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtry.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpclk.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:ezakus.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:firstdata.122.2o7.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:genieessp.jp
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:genieesspv.jp
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.flx1.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:href.asia
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:kau.li
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:liverail.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:metrigo.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:mmstat.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:nasbxa.122.2o7.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:omtrdc.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:outbrain.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.d1.sc.omtrdc.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:po.st
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:rhythmxchange.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:rodale.d1.sc.omtrdc.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:rs.gwallet.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:rtbidder.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:samsung.demdex.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:samsungelectronicsamericainc.demdex.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexchan.info
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexystuffbymail.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.complex.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.kiwitracker2015.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.trackerpros.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:trc.taboola.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:triggit.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:univide.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:vindicosuite.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\092TVT8F.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\0R2CTV5H.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\2E1618FJ.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WZQXA01.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\30X3JS6C.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EBBBZUE.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KECG30E.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\3M3U65FI.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\3MI116NU.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\45IWA3M6.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\472MOLLJ.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\535RIIT6.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\54AGXB3H.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RLL0GO8.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\5W6FNDWX.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\663KJZIU.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\6F6DDKQL.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\6L1XPAOC.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\80ZSA81H.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\8LYIQO36.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\8P6HDE2K.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\AKY2T3UK.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\AS5MB09D.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\AU31O3A0.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\AVZZ0H1U.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\BJXQOJC1.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\BX0KNFQ9.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\BX6BTFKQ.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\C3HADQV1.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCTJFIHB.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\CTXBNPTC.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWJNUX0T.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5BNACI5.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\EVTNQNBY.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\GF2DYMHE.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\GFT9GVAW.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWBV1QCA.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\HD4SXJHJ.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\HFR2QHPS.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\HOGL7EV5.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1IDAYH2.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8J1T1SA.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\IEJA3FMR.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOE4UJJ1.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\IXBEQIBV.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\IXO0X1J3.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\IZ34DOQY.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\J4OY2QUM.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\JAMITJY2.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\JD6E2NUW.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPTFMXWD.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\K0GR265A.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\K9AT8AKM.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\KLPLBP7C.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\KRG3KJQ6.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\LRE9XB1S.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\LRKZGMG4.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\LU0PT3HG.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\M1WWWUPO.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\MAUXGNDW.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKB7I8XF.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\NS2SQABB.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\OBX025XR.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\OSUDKR6O.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\OTT31D9G.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\P2XUBF7L.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\PPU74TV7.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\PVRIFTD0.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\PX03DVLU.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q6CBM2JN.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQCEZI8K.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\R3SQK9N4.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\RQ2RA2A0.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQT5D00O.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\SSPTE3RQ.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\TMDDSP1Y.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\TMHN7CTT.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\UIYOZ0Z5.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJ36EMGG.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\UW7P1VSN.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\W5CKR34O.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\W8EHWWM9.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\WNWB418N.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQ7RY1N6.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\XR60B2KA.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFN4VPVD.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\YNGFORMH.txt
   C:\Users\my\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z9CJH0QT.txt
   C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\cookies.sqlite:krxd.net
   C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\cookies.sqlite:skimresources.com
 

#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:37 AM

Posted 09 October 2015 - 11:32 AM

Please post the MBAM Log in *.txt format:

scanlog1.png
scanlog2.png

Edited by deeprybka, 09 October 2015 - 11:33 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Jesse365

Jesse365
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 09 October 2015 - 01:13 PM

oops sorry

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/9/2015
Scan Time: 7:19 AM
Logfile: mx.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.09.02
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: my

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 437263
Time Elapsed: 40 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MaxDriverUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MaxDrivrUpdater_Service_RASAPI32, Quarantined, [b531cb89a0eb67cfdee7ebff996b6c94],
PUP.Optional.MaxDriverUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MaxDrivrUpdater_Service_RASMANCS, Quarantined, [9f47074dd3b8bc7aa81db832f21251af],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
RiskWare.Tool.HCK, C:\Users\my\Desktop\Music Software\Toontrack EZMix 2 v2.0.8 Inc. All Expansions Pack v1.0.0 11.1.2014 WIN OSX - R2R [deepstatus][h33t[1337x]\Toontrack.EZmix.2.v2.0.8.Incl.Keygen-R2R\r2r-1683.rar, Quarantined, [95518dc7e3a8181e5ed17c05ba47817f],
RiskWare.Tool.HCK, C:\Users\my\Desktop\Music Software\Toontrack EZMix 2 v2.0.8 Inc. All Expansions Pack v1.0.0 11.1.2014 WIN OSX - R2R [deepstatus][h33t[1337x]\Toontrack.EZmix.2.v2.0.8.MacOSX.Incl.Keygen-R2R\r2r-1684.r02, Quarantined, [b135361ec5c6a1957eb15c25ca3753ad],
PUP.Optional.ConsumerInput, C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_150nodepositbonus.com_0.localstorage, Quarantined, [885ec1930b80c76ff41fcc1d1aeab14f],
PUP.Optional.ConsumerInput, C:\Users\my\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_150nodepositbonus.com_0.localstorage-journal, Quarantined, [8264ff55b6d5b086070cb73264a0b749],
PUP.Optional.WinYahoo, C:\Users\my\AppData\Roaming\Mozilla\Firefox\Profiles\ozirr7th.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html");), Replaced,[39adef65583340f67b90f1d63cc958a8]

Physical Sectors: 0
(No malicious items detected)


(end)



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:37 AM

Posted 09 October 2015 - 01:16 PM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Jesse365

Jesse365
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 10 October 2015 - 03:04 PM

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8b74e96a0c999845a53ab190e5a01fe6
# end=init
# utc_time=2015-10-09 06:46:35
# local_time=2015-10-09 01:46:35 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8b74e96a0c999845a53ab190e5a01fe6
# end=init
# utc_time=2015-10-09 06:47:01
# local_time=2015-10-09 01:47:01 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26165
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8b74e96a0c999845a53ab190e5a01fe6
# end=updated
# utc_time=2015-10-09 06:51:08
# local_time=2015-10-09 01:51:08 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8b74e96a0c999845a53ab190e5a01fe6
# engine=26165
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-09 10:54:22
# local_time=2015-10-09 05:54:22 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11918467 66464856 0 0
# scanned=296682
# found=65
# cleaned=0
# scan_time=14594
sh=AA2BA9D6607589A3C93D1C760E3512EC8E61F968 ft=1 fh=f770637cdb111250 vn="Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\my\AppData\Local\SmartWeb\SmartWebHelper.exe.vir"
sh=0205823ADC53F1E862F73E68CF80241849252A1C ft=1 fh=171ad21500ced99e vn="Android/Exploit.Lotoor.EZ trojan" ac=I fn="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\Temp\drfone-for-android_full1464.exe"
sh=C4E11CDE355ED41A7FB015CF6C795FC304B058B5 ft=1 fh=63ef0b65cf5ad90c vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Doblon\SiglosPro\Power_Karaoke.exe"
sh=60351A0CCEC4023901451ED275E6223521751846 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Doblon\SiglosPro\Power_Karaoke.xpi"
sh=838B0FFEAEAB5B80E3150604A609EB0DCA13A537 ft=0 fh=0000000000000000 vn="a variant of Android/Exploit.Lotoor.CX trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\exynos-abuse"
sh=BCD5B546FFEF25A51C5BEBD2A4B9D8278DC00DC6 ft=0 fh=0000000000000000 vn="Android/Exploit.MempoDroid.A trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\mempodroid"
sh=12E471ABF8369B85ACB5E3CEEEBE55A6C5BDF73B ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EF trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\rootf.apk"
sh=E62D61156CBA90EEB010336E58AD144CC319DC35 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EZ trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\run_root_shell"
sh=696C4A111D0E0D40871AC638281B9D7C114F25AD ft=1 fh=c7b36c02b2c3486b vn="a variant of Win32/Adware.ConvertAd.XO application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E83WROCU\runasu[1].exe"
sh=5B402E290F5AD46623285D50DC15F86F1DD61CF9 ft=1 fh=7052bcf69de9ad90 vn="multiple threats" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E83WROCU\wordsurfer-setup-1.10.0.19[1].exe"
sh=82F2B59147BDBDAF6E17E319175DF0AE57E92E05 ft=1 fh=8a155eb559d6967a vn="a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EASZ32V4\setup[1].exe"
sh=3705670AF8CD8741D870A62B421EC5696A97BEFC ft=1 fh=097437150c7024d4 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\SmartWebInstaller[1].exe"
sh=DCAB19C3B29983F8202126485987DBC2D4890ED2 ft=1 fh=b61413e006807dfc vn="a variant of Win32/Adware.ConvertAd.XQ application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\Update_Notifier[1].exe"
sh=427CA23403C70357F0D988D1098F9F3B3A18154C ft=1 fh=0218361e7aa93713 vn="a variant of Win32/Adware.ConvertAd.XI.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\77cad82b74d4d90cd84b074c108e0ce1[1].exe"
sh=574BDC64C4C790A31E010AABB2D6789E690B8E7D ft=1 fh=be1af8505cbed5bf vn="a variant of Win32/Adware.ConvertAd.XD.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\check[2].exe"
sh=C98D7CF7AE934A46CE23DF3017469B961C862AD9 ft=1 fh=e4f536f3f580d5c1 vn="a variant of MSIL/Adware.Imali.A application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\FinalInstaller_dotnet4[1].exe"
sh=89A374B457E92AF2AF2623B8F85A2A5C14D5CAB3 ft=1 fh=c3f4930aa34ec276 vn="a variant of Win32/Adware.ConvertAd.WD application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\policyname[1].exe"
sh=491164FE123DB6DA6E777864326D6213AD986A78 ft=1 fh=3cc6bbefcd819d9d vn="Win32/Adware.ConvertAd.UC application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\SU_Srv[1].exe"
sh=8B2E84ADE880AB3163D4943E5ACE2A9915C9741F ft=1 fh=00c1549ada18c676 vn="a variant of Win32/Adware.ConvertAd.XV application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\pi7qh[1].exe"
sh=F2F94C43D7C9E1A2210C8443CE31F2EED41C5245 ft=1 fh=17f6cd6b608050b9 vn="a variant of Win32/Adware.ConvertAd.YB.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\SFSetup[1].exe"
sh=E7B7F95437C63331B5403ED337A04A110A862CC2 ft=1 fh=db5ca7363141132f vn="Win32/InstallMonetizer.BG potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\VuuPC_VO2_8907[1].exe"
sh=696C4A111D0E0D40871AC638281B9D7C114F25AD ft=1 fh=c7b36c02b2c3486b vn="a variant of Win32/Adware.ConvertAd.XO application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJSP7ZI2\runasu[1].exe"
sh=E5A8FA6169C7195369F39DC49676AAC100D24807 ft=1 fh=6a4bfd5fd08dd2fa vn="a variant of Win32/Adware.Imali.E application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT8DYTKY\setup_362[1].exe"
sh=CF5B18726799E6CF124D782CE565747519B48256 ft=1 fh=674a5cde54eae380 vn="a variant of Win32/Toolbar.Perion.V potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT8DYTKY\sprz[1].exe"
sh=AF15265B8354ED3411E23C26FF494947F1A28159 ft=1 fh=125e1e0c9e182f1d vn="a variant of Win32/Adware.ConvertAd.XI.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ11TS99\cb369ad7b027b8588a356348424ef3c4[1].exe"
sh=01DFA0A821C951125BA94C3C6C807B7081250E03 ft=1 fh=aa6acea55cb815ff vn="a variant of Win32/Adware.ConvertAd.VI application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ11TS99\JOSrv[1].exe"
sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkaT5V5CUA\ISightSDK.dll"
sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkF8RhbHAb\ISightSDK.dll"
sh=6CA18D8D116E0C0C20175DBD898166B7838F50EA ft=1 fh=c71c0011d61cf2a7 vn="a variant of Win32/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkricUNJZf\ISightSDK.dll"
sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkRNy5tppF\ISightSDK.dll"
sh=C885802C60940C98AD69E7147352CE59189868EA ft=1 fh=92375844a5a83029 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Roaming\uTorrent\updates\3.4.0_30635.exe"
sh=A9F04068CF0055460E94B1255AF94DC14E78B152 ft=1 fh=d35a44ff2660ecf1 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\my\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe"
sh=E7F6578F45FC7E00C962AD3F37F016F12DCD5F75 ft=1 fh=5135d5609c2efd53 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\my\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe"
sh=565B645851C49C4FB5CF1AF90540A4129033CE66 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Desktop\Hiren's.BootCD.15.2.iso"
sh=CBB293497FED41EFD7ECA045C36A050E2B1799C6 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\droid\New folder\clockworkmod\backup\1980-01-06.00.00.55\data.ext4.tar"
sh=3DBE9EC934DEEDDD4558C202AAF806DDB6244435 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\droid\New folder\clockworkmod\backup\2014-06-12.00.01.41\data.ext4.tar"
sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D application" ac=I fn="C:\Users\my\Desktop\droid\New folder\download\setup_Project64_2.1.exe"
sh=0501AB101488D1879639E372B13074D7E5E899F1 ft=1 fh=0c07247473b4a6dd vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\my\Desktop\Music Software\amazingmidi-setup.exe"
sh=F9BDC2FB0B8D18FFCE90E048B12A0C196D0B82D0 ft=1 fh=c13e83df3604b959 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\my\Desktop\Music Software\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe"
sh=CBB293497FED41EFD7ECA045C36A050E2B1799C6 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\clockworkmod\backup\1980-01-06.00.00.55\data.ext4.tar"
sh=3DBE9EC934DEEDDD4558C202AAF806DDB6244435 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\clockworkmod\backup\2014-06-12.00.01.41\data.ext4.tar"
sh=99B3B2C051E6918F7A0DDCC340900E3886E38D32 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\download\Mp4TubePlayer_v5.541.apk"
sh=F1DCF7E2FE7BD853AFFE19BC60B69F67662C538B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\download\phonebooster_587766a65beaeb0358b7ed48304d4c31.apk"
sh=ED42AE6A6068CD2877845C84D5B85DD7E59363B0 ft=1 fh=12c356a8e7a3174c vn="Android/Exploit.Lotoor.EZ trojan" ac=I fn="C:\Users\my\Downloads\android-data-recovery.exe"
sh=7669F3D56E0CD22381C7EACE00B9D3B1DD41BF07 ft=1 fh=fc296988becdd3eb vn="Win32/Somoto.Q potentially unwanted application" ac=I fn="C:\Users\my\Downloads\Core-Temp-installer.exe"
sh=0BAA0ACC1DAF7EA9374CDDFEDBA1B0003B0C5F69 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Downloads\DrFone.for.And.4.8.0.135.rar"
sh=8B47F8F9C0CB46B01F19259C99F08D57223581C9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Downloads\Hirens.BootCD.15.2.zip"
sh=7AC8CEB7C09D97ACA2D9BEAFB91A099C5CB0D28E ft=1 fh=9dbe11b2102c090b vn="a variant of Win32/DownloadSponsor.C potentially unwanted application" ac=I fn="C:\Users\my\Downloads\recuva.exe"
sh=53D5AF808C6050974BC18EB1A3C2F16EBA948D58 ft=0 fh=0000000000000000 vn="a variant of Android/Monitor.Walien.G potentially unsafe application" ac=I fn="C:\Users\my\Downloads\TitaniumBackup.zip"
sh=0F893BD5DF5B340F9F7E37FD0204FB193C696C75 ft=1 fh=9edfaf33d4b5bf40 vn="multiple threats" ac=I fn="C:\Users\Public\Documents\Wondershare\drfone-for-android_full1464.exe"
sh=B9C4A66F7344B5F19E9B42077168A046D2B4AF25 ft=1 fh=da8842957a7de5c1 vn="a variant of Win32/Adware.Dowsserve.C application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\winvxm-update_r5[1].exe"
sh=4CB7F80EA079EBA1DB65DBEE3FE4D20821A3A20C ft=1 fh=4459f5aceb3eab26 vn="a variant of Win32/Adware.Dowsserve.B application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-downloader-ytdforim-update[1].exe"
sh=16ABB790BB1F54C4D0A5084C409842558F608596 ft=1 fh=2135059d48464ef4 vn="a variant of Win32/Adware.Dowsserve.B application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-downloader-ytdforim-update[2].exe"
sh=133FCE08CCA06F31C1EA1EC4BACA75983FCB1721 ft=1 fh=377f737f3fc5397e vn="multiple threats" ac=I fn="D:\Downloads\drfone-for-android_full1464.exe"
sh=F9BDC2FB0B8D18FFCE90E048B12A0C196D0B82D0 ft=1 fh=c13e83df3604b959 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Downloads\1\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe"
sh=DF00775B7FFDBF7812C85E2F08B86681A3A47A74 ft=1 fh=f0a15079f00c7688 vn="Win32/Keygen.FV potentially unsafe application" ac=I fn="D:\Downloads\Amplitube\IK Multimedia AmpliTube v2.1\KeyGen.exe"
sh=951F32EF83B321E17E43709AF9481980A6F8CB35 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Downloads\Doblon Siglos Karaoke Professional 1.2.55 + Key [RH]\DSKP.1.2.55_[RH].rar"
sh=90D31CC95D34F1F3F5FF195B69B4B20D6C6D3710 ft=1 fh=1d0741f076510a8d vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Downloads\Doblon Siglos Karaoke Professional 1.2.55 + Key [RH]\DSKP.1.2.55_[RH]\Doblon Siglos Karaoke Professional 1.2.55\siglos-karaoke-pro-1.2.55.exe"
sh=4B8B3E40BA593071FA7BF1C4F1C9A84040F91049 ft=0 fh=0000000000000000 vn="a variant of Generik.YHIZHV trojan" ac=I fn="D:\Downloads\IK.Multimedia.Ampeg.SVX.VST.RTAS.v1.1.1.incl.Keygen-AiR\IK.Multimedia.Ampeg.SVX.VST.RTAS.v1.1.1.incl.Keygen-AiR.rar"
sh=329405D9239728418A17BE7D3975D27E7BDCE9AB ft=1 fh=7143f9da6354b427 vn="a variant of Generik.YHIZHV trojan" ac=I fn="D:\Downloads\IK.Multimedia.Ampeg.SVX.VST.RTAS.v1.1.1.incl.Keygen-AiR\Keygen.exe"
sh=66AB33A28EDCFD6B2865C4DE55F41A79C1DB7D94 ft=1 fh=c1e6f3fb32f32de8 vn="Win32/Toolbar.AskSBar potentially unwanted application" ac=I fn="D:\Downloads\Nero 8 Ultra Edition 8.2.8.0+ser\Nero-8.2.8.0_eng_trial.exe"
sh=99B3B2C051E6918F7A0DDCC340900E3886E38D32 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\q\Download\Mp4TubePlayer_v5.541.apk"
sh=F1DCF7E2FE7BD853AFFE19BC60B69F67662C538B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\q\Download\phonebooster_587766a65beaeb0358b7ed48304d4c31.apk"
sh=3FCA6CD5510F1BF8EEBBDC095C3E600120D725C9 ft=1 fh=f46005361e32cba2 vn="a variant of Win32/HackTool.Patcher.N potentially unsafe application" ac=I fn="D:\Rocksmith\rocksmith2014-nocable-loader.exe"
sh=F9DD95D86B06DBEEE329858A476E4D1748700241 ft=1 fh=9dd51c648046d765 vn="Win32/HackTool.Crack.DG potentially unsafe application" ac=I fn="D:\Rocksmith\uplay_r1.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8b74e96a0c999845a53ab190e5a01fe6
# end=init
# utc_time=2015-10-10 03:27:30
# local_time=2015-10-10 10:27:30 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26174
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=8b74e96a0c999845a53ab190e5a01fe6
# end=updated
# utc_time=2015-10-10 03:31:29
# local_time=2015-10-10 10:31:29 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=8b74e96a0c999845a53ab190e5a01fe6
# engine=26174
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-10 07:46:34
# local_time=2015-10-10 02:46:34 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11993599 66539988 0 0
# scanned=298957
# found=65
# cleaned=0
# scan_time=15305
sh=AA2BA9D6607589A3C93D1C760E3512EC8E61F968 ft=1 fh=f770637cdb111250 vn="Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\my\AppData\Local\SmartWeb\SmartWebHelper.exe.vir"
sh=0205823ADC53F1E862F73E68CF80241849252A1C ft=1 fh=171ad21500ced99e vn="Android/Exploit.Lotoor.EZ trojan" ac=I fn="C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\Temp\drfone-for-android_full1464.exe"
sh=C4E11CDE355ED41A7FB015CF6C795FC304B058B5 ft=1 fh=63ef0b65cf5ad90c vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Doblon\SiglosPro\Power_Karaoke.exe"
sh=60351A0CCEC4023901451ED275E6223521751846 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Doblon\SiglosPro\Power_Karaoke.xpi"
sh=838B0FFEAEAB5B80E3150604A609EB0DCA13A537 ft=0 fh=0000000000000000 vn="a variant of Android/Exploit.Lotoor.CX trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\exynos-abuse"
sh=BCD5B546FFEF25A51C5BEBD2A4B9D8278DC00DC6 ft=0 fh=0000000000000000 vn="Android/Exploit.MempoDroid.A trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\mempodroid"
sh=12E471ABF8369B85ACB5E3CEEEBE55A6C5BDF73B ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EF trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\rootf.apk"
sh=E62D61156CBA90EEB010336E58AD144CC319DC35 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.EZ trojan" ac=I fn="C:\Program Files (x86)\Wondershare\Dr.Fone for Android\Root\run_root_shell"
sh=696C4A111D0E0D40871AC638281B9D7C114F25AD ft=1 fh=c7b36c02b2c3486b vn="a variant of Win32/Adware.ConvertAd.XO application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E83WROCU\runasu[1].exe"
sh=5B402E290F5AD46623285D50DC15F86F1DD61CF9 ft=1 fh=7052bcf69de9ad90 vn="multiple threats" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E83WROCU\wordsurfer-setup-1.10.0.19[1].exe"
sh=82F2B59147BDBDAF6E17E319175DF0AE57E92E05 ft=1 fh=8a155eb559d6967a vn="a variant of Win32/Toolbar.CrossRider.CZ potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EASZ32V4\setup[1].exe"
sh=3705670AF8CD8741D870A62B421EC5696A97BEFC ft=1 fh=097437150c7024d4 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\SmartWebInstaller[1].exe"
sh=DCAB19C3B29983F8202126485987DBC2D4890ED2 ft=1 fh=b61413e006807dfc vn="a variant of Win32/Adware.ConvertAd.XQ application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVS8BSHR\Update_Notifier[1].exe"
sh=427CA23403C70357F0D988D1098F9F3B3A18154C ft=1 fh=0218361e7aa93713 vn="a variant of Win32/Adware.ConvertAd.XI.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\77cad82b74d4d90cd84b074c108e0ce1[1].exe"
sh=574BDC64C4C790A31E010AABB2D6789E690B8E7D ft=1 fh=be1af8505cbed5bf vn="a variant of Win32/Adware.ConvertAd.XD.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\check[2].exe"
sh=C98D7CF7AE934A46CE23DF3017469B961C862AD9 ft=1 fh=e4f536f3f580d5c1 vn="a variant of MSIL/Adware.Imali.A application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\FinalInstaller_dotnet4[1].exe"
sh=89A374B457E92AF2AF2623B8F85A2A5C14D5CAB3 ft=1 fh=c3f4930aa34ec276 vn="a variant of Win32/Adware.ConvertAd.WD application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\policyname[1].exe"
sh=491164FE123DB6DA6E777864326D6213AD986A78 ft=1 fh=3cc6bbefcd819d9d vn="Win32/Adware.ConvertAd.UC application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5THREGD\SU_Srv[1].exe"
sh=8B2E84ADE880AB3163D4943E5ACE2A9915C9741F ft=1 fh=00c1549ada18c676 vn="a variant of Win32/Adware.ConvertAd.XV application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\pi7qh[1].exe"
sh=F2F94C43D7C9E1A2210C8443CE31F2EED41C5245 ft=1 fh=17f6cd6b608050b9 vn="a variant of Win32/Adware.ConvertAd.YB.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\SFSetup[1].exe"
sh=E7B7F95437C63331B5403ED337A04A110A862CC2 ft=1 fh=db5ca7363141132f vn="Win32/InstallMonetizer.BG potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T5OQKJW4\VuuPC_VO2_8907[1].exe"
sh=696C4A111D0E0D40871AC638281B9D7C114F25AD ft=1 fh=c7b36c02b2c3486b vn="a variant of Win32/Adware.ConvertAd.XO application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZJSP7ZI2\runasu[1].exe"
sh=E5A8FA6169C7195369F39DC49676AAC100D24807 ft=1 fh=6a4bfd5fd08dd2fa vn="a variant of Win32/Adware.Imali.E application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT8DYTKY\setup_362[1].exe"
sh=CF5B18726799E6CF124D782CE565747519B48256 ft=1 fh=674a5cde54eae380 vn="a variant of Win32/Toolbar.Perion.V potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZT8DYTKY\sprz[1].exe"
sh=AF15265B8354ED3411E23C26FF494947F1A28159 ft=1 fh=125e1e0c9e182f1d vn="a variant of Win32/Adware.ConvertAd.XI.gen application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ11TS99\cb369ad7b027b8588a356348424ef3c4[1].exe"
sh=01DFA0A821C951125BA94C3C6C807B7081250E03 ft=1 fh=aa6acea55cb815ff vn="a variant of Win32/Adware.ConvertAd.VI application" ac=I fn="C:\Users\my\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZ11TS99\JOSrv[1].exe"
sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkaT5V5CUA\ISightSDK.dll"
sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkF8RhbHAb\ISightSDK.dll"
sh=6CA18D8D116E0C0C20175DBD898166B7838F50EA ft=1 fh=c71c0011d61cf2a7 vn="a variant of Win32/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkricUNJZf\ISightSDK.dll"
sh=3A0E88DB9A01F8C99BE6DC949F36BDC8255D4982 ft=1 fh=1fd43bfb4dc2e5c3 vn="Win64/WebBar.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Local\Temp\isdkRNy5tppF\ISightSDK.dll"
sh=C885802C60940C98AD69E7147352CE59189868EA ft=1 fh=92375844a5a83029 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\my\AppData\Roaming\uTorrent\updates\3.4.0_30635.exe"
sh=A9F04068CF0055460E94B1255AF94DC14E78B152 ft=1 fh=d35a44ff2660ecf1 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\my\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe"
sh=E7F6578F45FC7E00C962AD3F37F016F12DCD5F75 ft=1 fh=5135d5609c2efd53 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\my\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe"
sh=565B645851C49C4FB5CF1AF90540A4129033CE66 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Desktop\Hiren's.BootCD.15.2.iso"
sh=CBB293497FED41EFD7ECA045C36A050E2B1799C6 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\droid\New folder\clockworkmod\backup\1980-01-06.00.00.55\data.ext4.tar"
sh=3DBE9EC934DEEDDD4558C202AAF806DDB6244435 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\droid\New folder\clockworkmod\backup\2014-06-12.00.01.41\data.ext4.tar"
sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D application" ac=I fn="C:\Users\my\Desktop\droid\New folder\download\setup_Project64_2.1.exe"
sh=0501AB101488D1879639E372B13074D7E5E899F1 ft=1 fh=0c07247473b4a6dd vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\my\Desktop\Music Software\amazingmidi-setup.exe"
sh=F9BDC2FB0B8D18FFCE90E048B12A0C196D0B82D0 ft=1 fh=c13e83df3604b959 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\my\Desktop\Music Software\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe"
sh=CBB293497FED41EFD7ECA045C36A050E2B1799C6 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\clockworkmod\backup\1980-01-06.00.00.55\data.ext4.tar"
sh=3DBE9EC934DEEDDD4558C202AAF806DDB6244435 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AppFlood.A potentially unwanted application" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\clockworkmod\backup\2014-06-12.00.01.41\data.ext4.tar"
sh=99B3B2C051E6918F7A0DDCC340900E3886E38D32 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\download\Mp4TubePlayer_v5.541.apk"
sh=F1DCF7E2FE7BD853AFFE19BC60B69F67662C538B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Desktop\New folder (2)\card\download\phonebooster_587766a65beaeb0358b7ed48304d4c31.apk"
sh=ED42AE6A6068CD2877845C84D5B85DD7E59363B0 ft=1 fh=12c356a8e7a3174c vn="Android/Exploit.Lotoor.EZ trojan" ac=I fn="C:\Users\my\Downloads\android-data-recovery.exe"
sh=7669F3D56E0CD22381C7EACE00B9D3B1DD41BF07 ft=1 fh=fc296988becdd3eb vn="Win32/Somoto.Q potentially unwanted application" ac=I fn="C:\Users\my\Downloads\Core-Temp-installer.exe"
sh=0BAA0ACC1DAF7EA9374CDDFEDBA1B0003B0C5F69 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Downloads\DrFone.for.And.4.8.0.135.rar"
sh=8B47F8F9C0CB46B01F19259C99F08D57223581C9 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\my\Downloads\Hirens.BootCD.15.2.zip"
sh=7AC8CEB7C09D97ACA2D9BEAFB91A099C5CB0D28E ft=1 fh=9dbe11b2102c090b vn="a variant of Win32/DownloadSponsor.C potentially unwanted application" ac=I fn="C:\Users\my\Downloads\recuva.exe"
sh=53D5AF808C6050974BC18EB1A3C2F16EBA948D58 ft=0 fh=0000000000000000 vn="a variant of Android/Monitor.Walien.G potentially unsafe application" ac=I fn="C:\Users\my\Downloads\TitaniumBackup.zip"
sh=0F893BD5DF5B340F9F7E37FD0204FB193C696C75 ft=1 fh=9edfaf33d4b5bf40 vn="multiple threats" ac=I fn="C:\Users\Public\Documents\Wondershare\drfone-for-android_full1464.exe"
sh=B9C4A66F7344B5F19E9B42077168A046D2B4AF25 ft=1 fh=da8842957a7de5c1 vn="a variant of Win32/Adware.Dowsserve.C application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\winvxm-update_r5[1].exe"
sh=4CB7F80EA079EBA1DB65DBEE3FE4D20821A3A20C ft=1 fh=4459f5aceb3eab26 vn="a variant of Win32/Adware.Dowsserve.B application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-downloader-ytdforim-update[1].exe"
sh=16ABB790BB1F54C4D0A5084C409842558F608596 ft=1 fh=2135059d48464ef4 vn="a variant of Win32/Adware.Dowsserve.B application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-downloader-ytdforim-update[2].exe"
sh=133FCE08CCA06F31C1EA1EC4BACA75983FCB1721 ft=1 fh=377f737f3fc5397e vn="multiple threats" ac=I fn="D:\Downloads\drfone-for-android_full1464.exe"
sh=F9BDC2FB0B8D18FFCE90E048B12A0C196D0B82D0 ft=1 fh=c13e83df3604b959 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="D:\Downloads\1\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]\flstudio_11.0.4.exe"
sh=DF00775B7FFDBF7812C85E2F08B86681A3A47A74 ft=1 fh=f0a15079f00c7688 vn="Win32/Keygen.FV potentially unsafe application" ac=I fn="D:\Downloads\Amplitube\IK Multimedia AmpliTube v2.1\KeyGen.exe"
sh=951F32EF83B321E17E43709AF9481980A6F8CB35 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Downloads\Doblon Siglos Karaoke Professional 1.2.55 + Key [RH]\DSKP.1.2.55_[RH].rar"
sh=90D31CC95D34F1F3F5FF195B69B4B20D6C6D3710 ft=1 fh=1d0741f076510a8d vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="D:\Downloads\Doblon Siglos Karaoke Professional 1.2.55 + Key [RH]\DSKP.1.2.55_[RH]\Doblon Siglos Karaoke Professional 1.2.55\siglos-karaoke-pro-1.2.55.exe"
sh=4B8B3E40BA593071FA7BF1C4F1C9A84040F91049 ft=0 fh=0000000000000000 vn="a variant of Generik.YHIZHV trojan" ac=I fn="D:\Downloads\IK.Multimedia.Ampeg.SVX.VST.RTAS.v1.1.1.incl.Keygen-AiR\IK.Multimedia.Ampeg.SVX.VST.RTAS.v1.1.1.incl.Keygen-AiR.rar"
sh=329405D9239728418A17BE7D3975D27E7BDCE9AB ft=1 fh=7143f9da6354b427 vn="a variant of Generik.YHIZHV trojan" ac=I fn="D:\Downloads\IK.Multimedia.Ampeg.SVX.VST.RTAS.v1.1.1.incl.Keygen-AiR\Keygen.exe"
sh=66AB33A28EDCFD6B2865C4DE55F41A79C1DB7D94 ft=1 fh=c1e6f3fb32f32de8 vn="Win32/Toolbar.AskSBar potentially unwanted application" ac=I fn="D:\Downloads\Nero 8 Ultra Edition 8.2.8.0+ser\Nero-8.2.8.0_eng_trial.exe"
sh=99B3B2C051E6918F7A0DDCC340900E3886E38D32 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\q\Download\Mp4TubePlayer_v5.541.apk"
sh=F1DCF7E2FE7BD853AFFE19BC60B69F67662C538B ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\q\Download\phonebooster_587766a65beaeb0358b7ed48304d4c31.apk"
sh=3FCA6CD5510F1BF8EEBBDC095C3E600120D725C9 ft=1 fh=f46005361e32cba2 vn="a variant of Win32/HackTool.Patcher.N potentially unsafe application" ac=I fn="D:\Rocksmith\rocksmith2014-nocable-loader.exe"
sh=F9DD95D86B06DBEEE329858A476E4D1748700241 ft=1 fh=9dd51c648046d765 vn="Win32/HackTool.Crack.DG potentially unsafe application" ac=I fn="D:\Rocksmith\uplay_r1.dll"
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users