Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015 02 Ran by Jesus (administrator) on OPTIPLEX (28-10-2015 05:47:17) Running from C:\Users\Jesus\Desktop\jbj fix this bitch Loaded Profiles: Jesus (Available Profiles: Jesus) Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (COMPANYVERS_NAME) C:\Program Files\iWon_5k\bar\1.bin\5kbarsvc.exe () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Creative Technology Ltd) C:\Windows\System32\CtHelper.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (VER_COMPANY_NAME) C:\Program Files\iWon_5k\bar\1.bin\5kbrmon.exe (Plantronics) C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe () C:\Program Files\RealNetworks\RealDownloader\downloader2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe () C:\ProgramData\taskhost.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe () C:\Users\Jesus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe (Exent Technologies Ltd.) C:\Program Files\Free Ride Games\GPlayer.exe (Appcaster) C:\Program Files\Mobile App Sync\D2MClient.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Users\Jesus\AppData\Roaming\Gameo\gameo.exe (BitTorrent Inc.) C:\Users\Jesus\AppData\Roaming\uTorrent\uTorrent.exe (AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (Dropbox, Inc.) C:\Users\Jesus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Users\Jesus\AppData\Roaming\Gameo\gameo.exe () C:\Users\Jesus\AppData\Roaming\Gameo\gameo.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe () C:\Users\Jesus\AppData\Roaming\Gameo\gameo.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CTHelper] => C:\Windows\system32\CTHELPER.EXE [19456 2007-04-09] (Creative Technology Ltd) HKLM\...\Run: [CTxfiHlp] => C:\Windows\system32\CTXFIHLP.EXE [19968 2007-04-09] (Creative Technology Ltd) HKLM\...\Run: [ROC_roc_dec12] => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [iWon Search Scope Monitor] => C:\Program Files\iWon_5k\bar\1.bin\5kSrchMn.exe [42552 2012-04-28] (MindSpark) HKLM\...\Run: [iWon_5k Browser Plugin Loader] => C:\Program Files\iWon_5k\bar\1.bin\5kbrmon.exe [30096 2012-04-28] (VER_COMPANY_NAME) HKLM\...\Run: [SMessaging] => C:\Users\Jesus\AppData\Local\Strongvault Online Backup\SMessaging.exe HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782520 2015-10-13] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.) HKLM\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [78336 2013-04-04] (Plantronics) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] () HKLM\...\Run: [TaskTray] => [X] HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [286272 2015-07-16] (RealNetworks, Inc.) HKLM\...\Run: [RealDownloader] => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-17] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.) HKLM\...\Run: [U7dTFLnn96AD] => regsvr32.exe /s "C:\PROGRA~2\U7dTFLnn96AD.dll" HKLM\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-27] () HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.) HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3278232 2011-04-05] (Tonec Inc.) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [Spotify] => C:\Users\Jesus\AppData\Roaming\Spotify\Spotify.exe [9478320 2012-05-06] (Spotify Ltd) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [Spotify Web Helper] => C:\Users\Jesus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [932528 2012-05-06] () HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [6860288 2013-01-16] (FreeDownloadManager.ORG) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [FLV Player] => C:\Users\Jesus\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [MobileAppSync] => C:\Program Files\Mobile App Sync\D2MClient.exe [332800 2013-10-30] (Appcaster) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [TBHostSupport] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Jesus\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [Google Update] => "C:\Users\Jesus\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [BackgroundContainer] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Jesus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [Gameo] => C:\Users\Jesus\AppData\Roaming\Gameo\gameo.exe [42482176 2015-07-04] () HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [uTorrent] => C:\Users\Jesus\AppData\Roaming\uTorrent\uTorrent.exe [1774432 2015-09-17] (BitTorrent Inc.) HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-27] () HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\RunOnce: [DependencyCheck] => Performed HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\MountPoints2: F - F:\VZAccess_Manager.exe /z detect HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\MountPoints2: {57b30a71-6cb3-11e0-ba8e-806e6f6e6963} - D:\Autorun.exe HKU\S-1-5-21-11595131-3550647590-3570146784-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\DEERDR~1.SCR HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [5044624 2014-02-11] (Exent Technologies Ltd.) HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1 HKU\S-1-5-18\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe HKU\S-1-5-18\...\Run: [Chrome] => C:\ProgramData\taskhost.exe [5120 2015-10-27] () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jesus\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jesus\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jesus\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2011-03-02] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2014-04-24] ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2015-09-15] ShortcutTarget: PlutoTV.lnk -> C:\Program Files\Pluto TV\PlutoTV.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-16] ShortcutTarget: RealTimes.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-27] ShortcutTarget: Dropbox.lnk -> C:\Users\Jesus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe [2015-10-14] (Leader Technologies) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{0DB14313-E9FB-4965-B298-0F23C7833E27}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{3ED60023-FFC1-4A0C-9430-6DB5D36DD2C1}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B29FC133-F3C8-42AE-8A78-9C5B5CAB1181}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.coupons.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-11595131-3550647590-3570146784-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p18_serp_ie_us_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_efcc836cf317483ba84aa3bf29274106_18_38_20130222_US_ie_sp_OC1 HKU\S-1-5-21-11595131-3550647590-3570146784-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ HKU\S-1-5-21-11595131-3550647590-3570146784-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.google.com/ HKU\S-1-5-21-11595131-3550647590-3570146784-1001\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.searchnu.com/406 HKU\S-1-5-21-11595131-3550647590-3570146784-1001\Software\Microsoft\Internet Explorer\Main,OldURL = hxxp://www.amazon.com/websearch/ref=bit_bds-p18_serp_ie_us_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_efcc836cf317483ba84aa3bf29274106_18_38_20130222_US_ie_sp_OC1 URLSearchHook: HKLM - PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.) URLSearchHook: HKLM - InternetHelper1.5 Toolbar - {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - No File URLSearchHook: HKLM - xvidly3 Toolbar - {3c2adea7-a96a-4c26-adcb-9e939365b2ae} - C:\Program Files\xvidly3\prxtbxvid.dll No File URLSearchHook: HKLM - Vafmusic12 Toolbar - {38e3a123-98e8-46fc-8729-f4b49de90555} - C:\Program Files\Vafmusic12\prxtbVafm.dll (Conduit Ltd.) URLSearchHook: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} URLSearchHook: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 - (No Name) - {ece1a2a4-3672-46f1-82a7-d1137212d9dd} - C:\Program Files\iWon_5k\bar\1.bin\5kSrcAs.dll (MindSpark) SearchScopes: HKLM -> DefaultScope {9F2073B6-9259-4EAB-8A5D-4D3E497E7E9C} URL = SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} SearchScopes: HKLM -> {2f96f370-d59b-44d4-a2ef-40e54920b3f6} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm002YYus&ptnrS=ZLxdm002YYus&si=CISx0-yw168CFakZQgodAxShBw&ptb=D767A45E-2DF1-4316-8A13-78E0F179708C&ind=2012062404&n=77eda2c4&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM -> {6AFE7379-74AE-7479-C45C-1F7422602C04} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzy0BzytCyD0DyB0DyBtD0DyDtAtN0D0Tzu0CtByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1593157597 SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> DefaultScope {9F2073B6-9259-4EAB-8A5D-4D3E497E7E9C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303005&CUI=UN37483943281148613&UM=2 SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {0228B0A1-E342-4AF4-998C-945746DD15A4} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110940,17118,0,18,0 SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {1089625F-5F0E-43C0-991A-AAA9EE56C56F} URL = hxxp://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=a6bfb87a5f864b3c9756fbd33dee2951 SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {131B573A-C00D-82EC-098E-145BB127FA4F} URL = hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {2C9E0EE4-2610-B903-9AF4-523D61CB8099} URL = hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110710&user_guid=96DB51B10F894A2E93CBD1F92807F729&machine_id=41b5a2789c7867af9899b63eb4cd009f&browser=IE&os=win&os_version=6.1-x86-SP0 SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {2f96f370-d59b-44d4-a2ef-40e54920b3f6} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZLxdm002YYus&ptnrS=ZLxdm002YYus&si=CISx0-yw168CFakZQgodAxShBw&ptb=D767A45E-2DF1-4316-8A13-78E0F179708C&ind=2012062404&n=77eda2c4&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = hxxp://lf.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z051&partner_id=276&product_id=709&affiliate_id=&channel=3999&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20111031&user_guid=96DB51B10F894A2E93CBD1F92807F729&machine_id=41b5a2789c7867af9899b63eb4cd009f&browser=IE&os=win&os_version=6.1-x86-SP0&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {6AFE7379-74AE-7479-C45C-1F7422602C04} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {7E8C2074-BD91-4C0E-B6EB-51E37932B4A2} URL = hxxp://www.amazon.com/websearch/ref=bit_bds-p18_serp_ie_us_display?ie=UTF8&tag=bds-p18-serp-us-ie-20&tagbase=bds-p18&tbrId=v1_abb-channel-18_efcc836cf317483ba84aa3bf29274106_18_38_20130222_US_ie_ds_OC1&query={searchTerms} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = hxxp://maxwebsearch.com/s?type=default&user_id=2d5db6e6-baec-4013-afc6-812f90bcef0a&implmentation=browsersafeguardext&uc=20131031&type=provider&query={searchTerms} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={E89657E3-AA73-4199-B7D6-80E8D24A2E2B}&mid=0e40783545a547d1b40ad150fff13e24-a80e99c47cb451afda33fe2a4feee08034f11fa5&lang=en&ds=ts026&pr=sa&d=2012-02-09 20:22:38&v=10.0.0.7&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCzy0BzytCyD0DyB0DyBtD0DyDtAtN0D0Tzu0CtByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1593157597 SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {9F2073B6-9259-4EAB-8A5D-4D3E497E7E9C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3303005&CUI=UN37483943281148613&UM=2 SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {B85EB77B-BF42-41E8-A75D-DD136AAEF579} URL = hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms} SearchScopes: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6R8YBhzNqQ&loc=skw&search={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2011-04-05] (Internet Download Manager, Tonec Inc.) BHO: TinyBHO Class -> {00e71626-0bef-11dc-8314-0800200c9a66} -> No File BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.) BHO: SuperLyrics-16 -> {11111111-1111-1111-1111-110411411162} -> C:\Program Files\SuperLyrics-16\SuperLyrics-16-bho.dll => No File BHO: Search Assistant BHO -> {1846aebf-22a9-449d-8865-e19eea1a81d2} -> C:\Program Files\iWon_5k\bar\1.bin\5kSrcAs.dll [2012-04-28] (MindSpark) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated) BHO: InternetHelper1.5 Toolbar -> {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} -> No File BHO: RivalGaming Games -> {26D675AC-D925-4bbf-A720-62C2AA4A81EB} -> No File BHO: Vafmusic12 Toolbar -> {38e3a123-98e8-46fc-8729-f4b49de90555} -> C:\Program Files\Vafmusic12\prxtbVafm.dll [2013-10-15] (Conduit Ltd.) BHO: xvidly3 Toolbar -> {3c2adea7-a96a-4c26-adcb-9e939365b2ae} -> C:\Program Files\xvidly3\prxtbxvid.dll => No File BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited) BHO: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2011-08-05] (Siber Systems Inc.) BHO: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> No File BHO: No Name -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> No File BHO: Toolbar BHO -> {8f7f89b5-752e-4194-b92f-cf00177c1590} -> C:\Program Files\iWon_5k\bar\1.bin\5kbar.dll [2012-04-28] (MindSpark) BHO: PageRage Toolbar -> {9565115d-c7d6-46d3-bd63-b67b481a4368} -> C:\Program Files\PageRage\prxtbPage.dll [2011-05-09] (Conduit Ltd.) BHO: Search Toolbar -> {9D425283-D487-4337-BAB6-AB8354A81457} -> C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08] () BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll [2013-01-11] (FreeDownloadManager.ORG) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) BHO: smartdownloader Class -> {F1AF26F8-1828-4279-ABCE-074EF3235BD7} -> C:\Program Files\PutLockerDownloader\smarterdownloader.dll [2012-11-06] (TODO: ) BHO: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files\Coupons.com CouponBar\tbcore3.dll => No File Toolbar: HKLM - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2011-08-05] (Siber Systems Inc.) Toolbar: HKLM - Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll [2010-04-08] () Toolbar: HKLM - PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll [2011-05-09] (Conduit Ltd.) Toolbar: HKLM - iWon - {94b03f0f-4130-49fc-98ac-a8a1b3a69c59} - C:\Program Files\iWon_5k\bar\1.bin\5kbar.dll [2012-04-28] (MindSpark) Toolbar: HKLM - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No File Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.) Toolbar: HKLM - Vafmusic12 Toolbar - {38e3a123-98e8-46fc-8729-f4b49de90555} - C:\Program Files\Vafmusic12\prxtbVafm.dll [2013-10-15] (Conduit Ltd.) Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Jesus\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-09-03] (Dashlane) Toolbar: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> No Name - {C28F5072-1BFA-42F0-BA55-5A802D3490CB} - No File Toolbar: HKU\S-1-5-21-11595131-3550647590-3570146784-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab FireFox: ======== FF ProfilePath: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default FF DefaultSearchEngine: SearchFlyBar2 Customized Web Search FF SearchEngineOrder.1: Amazon FF Homepage: hxxp://www.google.com/ FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303005&SearchSource=2&CUI=UN37266934532419213&UM=2&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-27] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC) FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Free Ride Games\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @iWon_5k.com/Plugin -> C:\Program Files\iWon_5k\bar\1.bin\NP5kStub.dll [2012-04-28] (MindSpark) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation) FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media ) FF Plugin: @real.com/nppl3260;version=18.0.1.9 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-07-16] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=12.0.1.647 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-07-09] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-07-16] (RealTimes) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [No File] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.) FF Plugin: npEpicPlayDisplayHost -> C:\Program Files\EpicPlay\npEpicHost.dll [2011-10-04] ( ) FF Plugin: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll [No File] FF Plugin HKU\S-1-5-21-11595131-3550647590-3570146784-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jesus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-10-21] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-11595131-3550647590-3570146784-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Jesus\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.) FF Plugin HKU\S-1-5-21-11595131-3550647590-3570146784-1001: www.exent.com/GameTreatWidget -> C:\Program Files\Free Ride Games\npGameTreatWidget.dll [2015-05-31] (Exent Technologies Ltd.) FF user.js: detected! => C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\user.js [2013-05-17] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\amazon-distro.xml [2013-02-22] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\bingp.xml [2015-01-31] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\Cassiopesa.xml [2015-10-11] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\delta.xml [2013-05-17] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\Lasaoren.xml [2014-11-22] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\MaxWebSearch.xml [2013-10-30] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\MyStart Search.xml [2013-10-30] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\searchflybar2-customized-web-search.xml [2015-10-27] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\smod.xml [2015-10-11] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\SweetIM Search.xml [2013-09-17] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\trovi-search.xml [2014-11-08] FF SearchPlugin: C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\searchplugins\tuvaro.xml [2013-03-05] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-02-10] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml [2015-10-26] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-07-17] FF Extension: RivalGaming - C:\Users\Jesus\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-01-02] [not signed] FF Extension: EpicPlay Games - C:\Users\Jesus\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-09-20] [not signed] FF Extension: LivingPlay TextLinks - C:\Users\Jesus\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com [2011-08-21] [not signed] FF Extension: iWon - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\5kffxtbr@iWon_5k.com [2012-04-28] [not signed] FF Extension: Amazon Browser Bar - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\abb@amazon.com [2013-02-22] [not signed] FF Extension: Avira Browser Safety - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\abs@avira.com [2014-10-26] [not signed] FF Extension: Funmoods.com - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\ffxtlbr@funmoods.com [2012-09-03] [not signed] FF Extension: flashbugcoursevectorcom - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\flashbug@coursevector.com [2014-10-26] [not signed] FF Extension: deAl2deaLIt - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\h59@2.net [2014-10-26] [not signed] FF Extension: TimeLineRemove.Com - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack [2012-02-19] [not signed] FF Extension: jid1xUfzOsOFlzSOXgjetpack - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack [2014-10-26] [not signed] FF Extension: RivalGaming - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\links@rivalgaming.com [2012-01-02] [not signed] FF Extension: My Web Search - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\m3ffxtbr@mywebsearch.com [2012-06-17] [not signed] FF Extension: No Name - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\smartlinks@getsmartlinks.com [2011-09-16] [not signed] FF Extension: ArcadeWeb - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\textlinks@arcadeweb.com [2011-07-27] [not signed] FF Extension: EpicPlay Games - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\textlinks@epicplay.com [2011-09-20] [not signed] FF Extension: InternetHelper1.5 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} [2012-11-02] [not signed] FF Extension: ArcadeFrontier - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53} [2013-08-15] [not signed] FF Extension: Vafmusic12 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{38e3a123-98e8-46fc-8729-f4b49de90555} [2013-10-27] [not signed] FF Extension: xvidly3 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{3c2adea7-a96a-4c26-adcb-9e939365b2ae} [2013-05-15] [not signed] FF Extension: appbario12 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{465fcfbb-47a4-4866-a5d5-d12f9a77da00} [2013-09-15] [not signed] FF Extension: No Name - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{465fcfbb-47a4-4866-a5d5-d12f9a77da00}.oldbackup [2013-09-15] [not signed] FF Extension: MixiDJ V34 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{55b95864-3251-45e9-bb30-1a82589aaff1} [2013-05-02] [not signed] FF Extension: Yahoo! Toolbar - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011-11-09] [not signed] FF Extension: ShopToWin4 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{6cbc25b0-0a52-11df-8a39-0800200c9a66} [2015-05-26] [not signed] FF Extension: uTorrentControl_v2 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013-01-05] [not signed] FF Extension: xvidly4 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{7dfe7f41-1b0b-48a7-b58c-5389f7746c33} [2013-08-10] [not signed] FF Extension: HP Detect - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-07-11] [not signed] FF Extension: LittleFishBar - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{c28f5072-1bfa-42f0-ba55-5a802d3490cb} [2012-11-28] [not signed] FF Extension: Blackjack-Madness Community Toolbar - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{ca9aeaa0-4588-4bbe-99af-8fb0a0a9e5e1} [2012-10-19] [not signed] FF Extension: ShopToWin23 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{cea91efe-0f31-40f8-ab54-7b89290323fa} [2015-05-26] [not signed] FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [2014-11-22] [not signed] FF Extension: Greasemonkey - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-01-08] [not signed] FF Extension: ShopToWin6 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{e68d0d96-5f18-496c-87f2-c0d521d78fbe} [2015-05-26] [not signed] FF Extension: SearchFlyBar2 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{efc335aa-59ec-45b0-b287-739521153d5b} [2013-08-05] [not signed] FF Extension: VisualBee V.6 - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c} [2013-09-08] [not signed] FF Extension: FlyOrDie Quick Java Installer - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\java@flyordie.com.xpi [2012-04-28] [not signed] FF Extension: PutLockerDownloader - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012-11-06] [not signed] FF Extension: BetterLinks - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\smartlinks@getsmartlinks.com.xpi [2011-09-16] [not signed] FF Extension: Casino Toolbar - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\wagerlogic.xpi [2010-02-02] [not signed] FF Extension: Mason - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\3z4ize6m.default\Extensions\{F632A5EA-F825-4AE7-94B5-233CFBA9F423}.xpi [2011-10-05] [not signed] FF Extension: Better Brain - C:\Program Files\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c} [2014-11-22] [not signed] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-04-14] [not signed] FF Extension: Super Web Accelerator ! - C:\Program Files\Mozilla Firefox\distribution\bundles\firefox [2015-10-13] [not signed] FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa => not found FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-10-27] [not signed] FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox FF Extension: Roboform Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011-08-05] [not signed] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker => not found FF HKLM\...\Firefox\Extensions: [5kffxtbr@iWon_5k.com] - C:\Program Files\iWon_5k\bar\1.bin FF Extension: No Name - C:\Program Files\iWon_5k\bar\1.bin [2012-04-28] [not signed] FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox => not found FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox => not found FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com => not found FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi => not found FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jesus\AppData\Roaming\IDM\idmmzcc3 FF Extension: No Name - C:\Users\Jesus\AppData\Roaming\IDM\idmmzcc3 [2012-03-23] [not signed] FF HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Jesus\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} FF Extension: Dashlane - C:\Users\Jesus\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-09-03] [not signed] FF HKU\S-1-5-21-11595131-3550647590-3570146784-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Jesus\AppData\Roaming\IDM\idmmzcc3 FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2013-01-30] <==== ATTENTION Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=FABzamobl010924,d49c0bac-6890-4ce2-b464-c8a7598bf84d,&q={searchTerms} CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\afnokmplofaejjfkkanmdcghmpglgano [2015-10-26] CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2015-10-27] CHR Extension: (PutLockerDownloader) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci [2014-10-26] CHR Extension: (ILividLive - Watch Movies Online) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\appmeigfolfmgidjfciapbbgonilangd [2015-10-18] CHR Extension: (Avira Browser Safety) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-27] CHR Extension: (Request Maker) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp [2014-10-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (IdealMedia) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kalcapbpmbnnpionfgalhbdbmlihafbc [2015-10-22] CHR Extension: (Craigslist Peek) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpehhedikdgkbmhgagpcpcbclaidlmf [2015-10-27] CHR Extension: (Remote Desktop auto discovery) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo [2014-10-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION CHR Extension: (Chrome Web Store Payments) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2015-10-27] CHR Extension: (Craigslist CSS and Image Loader) - C:\Users\Jesus\AppData\Local\Google\Chrome\User Data\Default\Extensions\poopgjagcpgijjhhndgdcgflnlafcplm [2014-10-27] CHR Extension: (Extutil) - C:\Users\Jesus\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-11-22] CHR Extension: (Managera) - C:\Users\Jesus\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-11-22] CHR HKLM\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files\PutLockerDownloader\putlockerdownloader10.crx [2012-11-06] CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Jesus\AppData\Local\funmoods.crx [2012-09-03] CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Jesus\AppData\Local\funmoods-speeddial.crx [2012-09-03] CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx CHR HKLM\...\Chrome\Extension: [ebbbnjjfibbiclgolnopmabjbcpmojpn] - C:\Users\Jesus\AppData\Local\CRE\ebbbnjjfibbiclgolnopmabjbcpmojpn.crx CHR HKLM\...\Chrome\Extension: [eihlgbnhhkigaajnpjohgjldcmdhjiol] - C:\Users\Jesus\AppData\Local\CRE\eihlgbnhhkigaajnpjohgjldcmdhjiol.crx CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jesus\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Jesus\AppData\Roaming\BabSolution\CR\Delta.crx [2013-05-12] CHR HKLM\...\Chrome\Extension: [fgkbmedckhcibhkdhaokebnllokeokek] - C:\Users\Jesus\AppData\Local\CRE\fgkbmedckhcibhkdhaokebnllokeokek.crx CHR HKLM\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Jesus\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx CHR HKLM\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Jesus\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM\...\Chrome\Extension: [kbemlhjodpfopddibpbppifmogphpmil] - C:\Users\Jesus\AppData\Local\CRE\kbemlhjodpfopddibpbppifmogphpmil.crx CHR HKLM\...\Chrome\Extension: [kimdndlhnimhdcchmglaendkednpejjn] - C:\Users\Jesus\AppData\Local\CRE\kimdndlhnimhdcchmglaendkednpejjn.crx CHR HKLM\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - C:\Users\Jesus\AppData\Local\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx CHR HKLM\...\Chrome\Extension: [ngkdgphikkepnnefheniljdgolldgpld] - C:\Users\Jesus\AppData\Local\CRE\ngkdgphikkepnnefheniljdgolldgpld.crx CHR HKLM\...\Chrome\Extension: [ocoombckbcnabpaghmokhaapnbngahck] - C:\Users\Jesus\AppData\Local\CRE\ocoombckbcnabpaghmokhaapnbngahck.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Jesus\AppData\Local\funmoods.crx [2012-09-03] CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Jesus\AppData\Local\funmoods-speeddial.crx [2012-09-03] CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ebbbnjjfibbiclgolnopmabjbcpmojpn] - C:\Users\Jesus\AppData\Local\CRE\ebbbnjjfibbiclgolnopmabjbcpmojpn.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eihlgbnhhkigaajnpjohgjldcmdhjiol] - C:\Users\Jesus\AppData\Local\CRE\eihlgbnhhkigaajnpjohgjldcmdhjiol.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Jesus\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fgkbmedckhcibhkdhaokebnllokeokek] - C:\Users\Jesus\AppData\Local\CRE\fgkbmedckhcibhkdhaokebnllokeokek.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ggamifejnddpoocdmadhjdbgaijnphdi] - C:\Users\Jesus\AppData\Local\CRE\ggamifejnddpoocdmadhjdbgaijnphdi.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Jesus\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kbemlhjodpfopddibpbppifmogphpmil] - C:\Users\Jesus\AppData\Local\CRE\kbemlhjodpfopddibpbppifmogphpmil.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kimdndlhnimhdcchmglaendkednpejjn] - C:\Users\Jesus\AppData\Local\CRE\kimdndlhnimhdcchmglaendkednpejjn.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kldbiondcoemmofebkcgcnbigliglcnl] - C:\Users\Jesus\AppData\Local\CRE\kldbiondcoemmofebkcgcnbigliglcnl.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngkdgphikkepnnefheniljdgolldgpld] - C:\Users\Jesus\AppData\Local\CRE\ngkdgphikkepnnefheniljdgolldgpld.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ocoombckbcnabpaghmokhaapnbngahck] - C:\Users\Jesus\AppData\Local\CRE\ocoombckbcnabpaghmokhaapnbngahck.crx CHR HKU\S-1-5-21-11595131-3550647590-3570146784-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files\Amazon\ABB\AmazonChrome-bds-amzn.crx [2012-02-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-10-13] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-10-13] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-10-13] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1148688 2015-10-13] (Avira Operations GmbH & Co. KG) S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.) S3 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed] R2 iWon_5kService; C:\Program Files\iWon_5k\bar\1.bin\5kbarsvc.exe [42528 2012-04-28] (COMPANYVERS_NAME) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed] R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] () R2 RealTimes Desktop Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-16] (RealNetworks, Inc.) R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2012-05-15] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe" [X] S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X] S2 servervo; C:\Users\Jesus\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-10-13] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-07-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-05] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [55912 2015-10-13] (Avira Operations GmbH & Co. KG) S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [132216 2015-08-19] (BlueStack Systems) R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd) S3 CSRBC; C:\Windows\System32\Drivers\csrbcx86.sys [31744 2013-04-04] (CSR plc.) S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.) R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd) S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd) S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd) S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd) S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd) S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.) S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.) R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd) R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd) R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd) S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd) S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed] S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41888 2007-05-11] (Logitech Inc.) R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.) R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.) R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21792 2011-04-13] (Microsoft Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2015-07-02] () S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [104064 2006-02-23] (Microsoft Corporation) [File not signed] R2 X6XSEx_Pr143; C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys [47400 2011-08-29] (Exent Technologies Ltd.) S2 X6XSEx; \??\C:\Program Files\Free Ride Games\X6XSEx.Sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-28 05:46 - 2015-10-28 05:48 - 00000000 ____D C:\FRST 2015-10-28 05:32 - 2015-10-28 05:47 - 00000000 ____D C:\Users\Jesus\Desktop\jbj fix this bitch 2015-10-28 03:08 - 2015-10-28 03:08 - 22908888 _____ (Malwarebytes ) C:\Users\Jesus\Downloads\mbam-setup-2.2.0.1024 (2).exe 2015-10-28 03:04 - 2015-10-28 03:05 - 22908888 _____ (Malwarebytes ) C:\Users\Jesus\Downloads\mbam-setup-2.2.0.1024.exe 2015-10-28 03:04 - 2015-10-28 03:05 - 22908888 _____ (Malwarebytes ) C:\Users\Jesus\Downloads\mbam-setup-2.2.0.1024 (1).exe 2015-10-28 02:58 - 2015-10-28 02:58 - 00001590 _____ C:\Users\Jesus\Desktop\aswMBR - Shortcut.lnk 2015-10-28 02:12 - 2015-10-28 02:12 - 00001628 _____ C:\Users\Jesus\Desktop\AppRemover - Shortcut.lnk 2015-10-28 02:08 - 2015-10-28 02:10 - 13377536 _____ C:\Users\Jesus\Downloads\OPSWAT_GEARS_CLIENT_3445-7c867995737c1853977386e89a5560c5.msi 2015-10-27 23:32 - 2015-10-27 23:36 - 01190616 _____ (Adobe Systems Incorporated) C:\Users\Jesus\Downloads\flashplayer19_ga_install.exe 2015-10-27 10:42 - 2015-10-27 10:42 - 00005120 _____ C:\ProgramData\taskhost.exe 2015-10-27 10:41 - 2015-10-27 10:41 - 00004096 _____ C:\ProgramData\U7dTFLnn96AD.dll 2015-10-27 10:24 - 2015-10-27 10:25 - 38319888 _____ (Microsoft Corporation) C:\Users\Jesus\Desktop\mpas-fe.exe 2015-10-27 10:14 - 2012-06-02 15:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-27 10:14 - 2012-06-02 15:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-27 10:14 - 2012-06-02 15:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-27 10:14 - 2012-06-02 15:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-10-27 10:14 - 2012-06-02 15:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-10-27 10:14 - 2012-06-02 15:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-27 10:14 - 2012-06-02 15:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-27 10:13 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-27 10:13 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-27 03:19 - 2015-10-27 03:19 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-27 03:19 - 2015-10-27 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-10-27 02:56 - 2015-10-27 02:56 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-10-27 02:52 - 2015-10-27 21:51 - 03215348 _____ C:\Windows\system32\CFG1315048787 2015-10-27 02:33 - 2015-10-27 03:32 - 03996360 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2015-10-27 01:03 - 2015-10-27 01:03 - 00000000 ____D C:\Users\Public\Speedup Sessions 2015-10-26 22:29 - 2015-10-26 23:06 - 00000000 ____D C:\Program Files\pandasecuritytb 2015-10-26 21:32 - 2015-10-27 02:41 - 00000000 ____D C:\ProgramData\panda_url_filtering 2015-10-26 21:27 - 2015-10-26 23:09 - 00000000 ____D C:\Program Files\Panda Security 2015-10-26 21:22 - 2015-10-26 23:05 - 00000000 ____D C:\ProgramData\Panda Security 2015-10-23 13:04 - 2015-10-27 02:41 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4} 2015-10-22 00:03 - 2015-10-22 00:03 - 00055341 _____ C:\Users\Jesus\Downloads\tattoo (1).html 2015-10-22 00:02 - 2015-10-22 00:02 - 00055341 _____ C:\Users\Jesus\Downloads\tattoo.html 2015-10-15 09:50 - 2015-10-27 02:41 - 00000000 ____D C:\Program Files\grabzilla pro V11 2015-10-14 01:09 - 2015-10-14 01:09 - 00000000 ____D C:\Program Files\Infogrames 2015-10-14 01:09 - 2015-10-14 01:09 - 00000000 ____D C:\Program Files\directx 2015-10-14 01:07 - 2015-10-14 01:07 - 00000000 _____ C:\Windows\PowerReg.dat 2015-10-13 12:38 - 2015-10-13 12:38 - 00000000 ____D C:\ProgramData\PlayGemConfig 2015-10-13 06:55 - 2015-10-13 06:55 - 00000000 ____D C:\Users\Jesus\AppData\Local\MyBrowser 2015-10-13 06:51 - 2015-10-13 06:51 - 00000000 ____D C:\Program Files\MyBrowser 2015-10-12 21:33 - 2015-10-13 12:21 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\80l3ug2MOcd 2015-10-12 21:30 - 2015-10-13 13:17 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\SoftAd 2015-10-12 21:29 - 2015-10-12 21:29 - 00000066 _____ C:\Users\Jesus\AppData\Roaming\sn.txt 2015-10-12 06:54 - 2015-10-13 13:17 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\PlusN 2015-10-12 06:54 - 2015-10-12 21:30 - 00000000 ____D C:\ProgramData\Convertor 2015-10-12 06:53 - 2015-10-12 06:53 - 03531374 _____ C:\Users\Jesus\AppData\Local\curl.zip 2015-10-12 06:53 - 2015-10-12 06:53 - 00000000 ____D C:\Users\Jesus\AppData\Local\cu 2015-10-11 04:14 - 2015-10-13 13:19 - 00000000 ____D C:\Users\Jesus\AppData\Local\17831 2015-10-11 03:54 - 2015-10-11 03:54 - 00000000 ____D C:\Program Files\4C4C4544-1444560843-3010-8048-B4C04F464331 2015-10-11 03:51 - 2015-10-11 03:51 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\c 2015-10-11 02:19 - 2015-10-11 02:19 - 00000000 ____D C:\Users\Jesus\AppData\Local\Opera Software 2015-10-11 02:11 - 2015-10-13 12:23 - 00000000 ____D C:\Users\Jesus\AppData\Local\Crsoft 2015-10-11 02:09 - 2015-10-11 02:09 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Opera Software 2015-10-11 02:01 - 2015-10-11 02:01 - 00000000 ____D C:\Users\Jesus\AppData\Local\CEF 2015-10-11 01:46 - 2015-10-13 13:19 - 00000000 ____D C:\Program Files\jogotempo 2015-10-11 01:45 - 2015-10-11 08:04 - 00000000 ____D C:\Program Files\Opera 2015-10-11 01:44 - 2015-10-13 13:19 - 00000000 ____D C:\ProgramData\FlashBeat 2015-10-11 01:43 - 2015-10-13 13:19 - 00000000 ____D C:\ProgramData\sushileads 2015-10-11 01:37 - 2015-10-11 01:37 - 00000000 ____D C:\ProgramData\MovieDeaConfig 2015-10-11 01:31 - 2015-10-13 13:19 - 00000000 ____D C:\Program Files\MovieDea 2015-10-11 01:27 - 2015-10-13 13:19 - 00000000 ____D C:\Program Files\PlayGem 2015-10-11 01:26 - 2015-10-11 01:26 - 00000000 ___HD C:\Users\Jesus\AppData\Local\BitOptimiserUn 2015-10-11 01:26 - 2015-10-11 01:26 - 00000000 ____D C:\Users\Jesus\AppData\Local\BitOptimiser 2015-10-11 01:25 - 2015-10-11 01:25 - 00000000 __SHD C:\Users\Jesus\AppData\Local\WinDan 2015-10-11 01:24 - 2015-10-13 13:17 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\newSI_42074 2015-10-11 01:18 - 2015-10-11 01:18 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Itibiti 2015-10-11 01:16 - 2015-10-11 01:16 - 00000000 ____D C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf 2015-10-11 01:15 - 2015-10-13 13:19 - 00000000 ____D C:\ProgramData\KeyStream 2015-10-11 01:12 - 2015-10-13 13:19 - 00000000 ____D C:\Users\Jesus\AppData\Local\DeskBar 2015-10-11 01:12 - 2015-10-13 13:19 - 00000000 ____D C:\Program Files\Itibiti Soft Phone 2015-10-11 01:11 - 2015-10-11 01:15 - 00000000 ____D C:\Users\Jesus\AppData\Local\BrowserAir 2015-10-11 01:07 - 2015-10-11 01:07 - 00000000 ____D C:\Users\Jesus\Documents\Probit Software 2015-10-11 00:57 - 2015-10-13 13:19 - 00000000 ____D C:\Program Files\Faster Web 2015-10-11 00:56 - 2015-10-13 10:36 - 00000000 ____D C:\Program Files\4C4C4544-1444550214-3010-8048-B4C04F464331 2015-10-11 00:51 - 2015-10-13 13:19 - 00000000 ____D C:\Program Files\SwiftSearch_1.10.0.25 2015-10-11 00:43 - 2015-10-11 00:45 - 00000000 ____D C:\Users\Jesus\AppData\Local\PlaythruPlayer 2015-10-11 00:43 - 2015-10-11 00:45 - 00000000 ____D C:\Program Files\PCAPDownloader 2015-10-11 00:39 - 2015-10-11 00:39 - 00000000 ____D C:\ProgramData\{4BB8A37B-1B3A-72FD-AABC-027F7A3ED1F1} 2015-10-11 00:34 - 2015-10-13 13:17 - 00000000 ____D C:\Users\Jesus\AppData\Local\{7F6C4930-5BC4-2588-365C-00601234FCF8} 2015-10-11 00:30 - 2015-10-13 13:19 - 00000000 ____D C:\Program Files\winnetmng 2015-10-07 22:04 - 2015-10-28 05:44 - 00000000 ____D C:\Users\Jesus\AppData\LocalLow\uTorrent 2015-10-05 15:22 - 2015-10-05 15:24 - 00000091 _____ C:\Users\Jesus\Downloads\ecare.xls ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-28 05:53 - 2015-06-19 07:41 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-11595131-3550647590-3570146784-1001UA.job 2015-10-28 05:53 - 2013-01-05 04:34 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\uTorrent 2015-10-28 05:41 - 2013-08-15 04:30 - 00000268 _____ C:\Windows\Tasks\ArcadeFrontier.job 2015-10-28 05:39 - 2013-04-15 21:32 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-28 05:32 - 2012-04-05 02:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-28 05:26 - 2014-10-03 13:26 - 00004156 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-6.job 2015-10-28 05:18 - 2014-10-03 13:18 - 00004140 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-6.job 2015-10-28 05:09 - 2014-10-03 13:27 - 00001334 _____ C:\Windows\Tasks\HOBS.job 2015-10-28 03:17 - 2011-04-22 01:49 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\DMCache 2015-10-28 02:56 - 2011-10-05 20:59 - 00000000 ____D C:\Program Files\McAfee Security Scan 2015-10-28 02:54 - 2011-05-01 23:01 - 00000000 ____D C:\ProgramData\TEMP 2015-10-28 02:52 - 2015-06-19 07:41 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-11595131-3550647590-3570146784-1001Core.job 2015-10-28 02:49 - 2015-09-15 23:01 - 00000000 ____D C:\Users\Jesus\AppData\Local\PlutoTV 2015-10-28 02:49 - 2011-04-22 00:45 - 01632167 _____ C:\Windows\WindowsUpdate.log 2015-10-28 02:47 - 2012-09-08 20:26 - 00000000 ___RD C:\Users\Jesus\Dropbox 2015-10-28 02:46 - 2012-09-08 20:18 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Dropbox 2015-10-28 02:45 - 2015-08-01 15:26 - 00000000 ____D C:\Users\Jesus\AppData\Local\Gameo 2015-10-28 02:44 - 2011-10-30 18:31 - 00000378 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2015-10-28 02:44 - 2011-07-10 00:18 - 00000386 _____ C:\Windows\Tasks\Final Media Player Update Checker.job 2015-10-28 02:42 - 2011-07-21 11:04 - 00000000 ____D C:\Users\Jesus\AppData\LocalLow\Temp 2015-10-28 02:41 - 2012-02-20 00:29 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Spotify 2015-10-28 02:40 - 2014-10-03 13:27 - 00003474 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-1.job 2015-10-28 02:40 - 2014-10-03 13:27 - 00002444 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-5_user.job 2015-10-28 02:40 - 2014-10-03 13:27 - 00002444 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-5.job 2015-10-28 02:40 - 2014-10-03 13:27 - 00002108 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-2.job 2015-10-28 02:40 - 2014-10-03 13:27 - 00001454 _____ C:\Windows\Tasks\577db44d-d9d7-469f-92dc-7b0e6d777170.job 2015-10-28 02:40 - 2014-10-03 13:26 - 00005182 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-11.job 2015-10-28 02:40 - 2014-10-03 13:26 - 00004492 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-4.job 2015-10-28 02:40 - 2014-10-03 13:26 - 00003812 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-7.job 2015-10-28 02:40 - 2014-10-03 13:26 - 00003468 _____ C:\Windows\Tasks\c18b53c1-d7c3-48f9-96b5-786590d4f08f-3.job 2015-10-28 02:40 - 2014-10-03 13:19 - 00003106 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-1.job 2015-10-28 02:40 - 2014-10-03 13:19 - 00002428 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-5_user.job 2015-10-28 02:40 - 2014-10-03 13:19 - 00002428 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-5.job 2015-10-28 02:40 - 2014-10-03 13:19 - 00002092 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-2.job 2015-10-28 02:40 - 2014-10-03 13:19 - 00001356 _____ C:\Windows\Tasks\51188396-c59e-46c6-b628-c324c540b86b.job 2015-10-28 02:40 - 2014-10-03 13:19 - 00001340 _____ C:\Windows\Tasks\ITECXDE.job 2015-10-28 02:40 - 2014-10-03 13:18 - 00005166 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-11.job 2015-10-28 02:40 - 2014-10-03 13:18 - 00004476 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-4.job 2015-10-28 02:40 - 2014-10-03 13:18 - 00003796 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-7.job 2015-10-28 02:40 - 2014-10-03 13:18 - 00003452 _____ C:\Windows\Tasks\b8234d50-54e3-4ecf-b98e-e7ffa8a0c005-3.job 2015-10-28 02:40 - 2013-10-27 12:36 - 00001340 _____ C:\Windows\Tasks\SuperLyrics-16-updater.job 2015-10-28 02:40 - 2013-10-27 12:35 - 00001146 _____ C:\Windows\Tasks\SuperLyrics-16-enabler.job 2015-10-28 02:40 - 2013-10-27 12:34 - 00001246 _____ C:\Windows\Tasks\SuperLyrics-16-codedownloader.job 2015-10-28 02:40 - 2013-10-27 12:33 - 00001872 _____ C:\Windows\Tasks\SuperLyrics-16-firefoxinstaller.job 2015-10-28 02:40 - 2013-10-27 12:32 - 00001948 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job 2015-10-28 02:40 - 2013-09-08 00:32 - 00001906 _____ C:\Windows\Tasks\VisualBee-chromeinstaller.job 2015-10-28 02:40 - 2013-09-08 00:32 - 00001830 _____ C:\Windows\Tasks\VisualBee-firefoxinstaller.job 2015-10-28 02:40 - 2013-04-15 21:32 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-28 02:40 - 2013-03-07 12:32 - 00020209 _____ C:\Windows\setupact.log 2015-10-28 02:40 - 2013-03-07 12:31 - 00306368 _____ C:\Windows\PFRO.log 2015-10-28 02:40 - 2012-02-09 19:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2015-10-28 02:40 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-28 01:14 - 2009-07-13 21:34 - 00013584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-28 01:14 - 2009-07-13 21:34 - 00013584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-28 00:37 - 2013-04-04 21:46 - 00000000 ____D C:\ProgramData\Package Cache 2015-10-28 00:37 - 2013-03-02 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-10-28 00:37 - 2013-03-02 20:57 - 00000000 ____D C:\ProgramData\Avira 2015-10-28 00:37 - 2013-03-02 20:57 - 00000000 ____D C:\Program Files\Avira 2015-10-27 03:32 - 2012-04-05 02:18 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-10-27 03:32 - 2011-09-16 21:12 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-10-27 02:32 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\LogFiles 2015-10-27 02:27 - 2011-04-22 00:47 - 00000000 ____D C:\Users\Jesus 2015-10-27 02:27 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\wfp 2015-10-27 02:25 - 2015-08-01 15:25 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\Gameo 2015-10-27 02:25 - 2013-11-01 01:36 - 00000000 ____D C:\Users\Jesus\AppData\Local\TBHostSupport 2015-10-27 02:25 - 2013-02-22 01:11 - 00000000 ____D C:\Program Files\Amazon Browser Bar 2015-10-27 02:25 - 2011-10-30 18:32 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\FreeFileViewer 2015-10-27 02:25 - 2011-07-10 00:18 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\FinalMediaPlayer 2015-10-27 02:25 - 2011-07-02 07:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-10-27 02:25 - 2011-04-28 16:59 - 00000000 ____D C:\Users\Jesus\AppData\Roaming\VTExtra 2015-10-27 02:25 - 2011-04-28 16:56 - 00000000 ____D C:\Users\Jesus\AppData\Local\VTShared 2015-10-27 02:25 - 2009-07-14 00:48 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-10-27 02:25 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF 2015-10-27 02:24 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\registration 2015-10-27 02:23 - 2009-07-13 19:37 - 00000000 ___RD C:\Users\Public 2015-10-27 02:22 - 2011-06-10 17:35 - 00000000 ____D C:\ProgramData\Real 2015-10-27 01:54 - 2013-05-02 22:56 - 00057952 _____ C:\Users\Jesus\AppData\Local\GDIPFONTCACHEV1.DAT 2015-10-26 23:37 - 2011-10-25 15:08 - 03830784 ___SH C:\Users\Jesus\Downloads\Thumbs.db 2015-10-14 01:05 - 2011-06-03 12:36 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2015-10-13 14:48 - 2013-05-07 22:12 - 00055912 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-10-13 14:48 - 2013-03-02 20:57 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-10-13 14:09 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-10-13 13:23 - 2015-09-23 10:38 - 00000000 ____D C:\ProgramData\BlueStacks 2015-10-13 13:23 - 2015-09-23 10:38 - 00000000 ____D C:\Program Files\BlueStacks 2015-10-13 13:22 - 2014-10-01 21:03 - 00000000 ____D C:\Users\Jesus\Documents\Fax 2015-10-13 13:21 - 2009-07-13 19:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-10-13 13:20 - 2015-09-23 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 2015-10-13 13:20 - 2013-10-20 22:18 - 00000000 ____D C:\Program Files\AdFender ==================== Files in the root of some directories ======= 2015-08-28 13:09 - 2015-08-28 13:09 - 6420480 _____ () C:\Program Files\GUTD05A.tmp 2011-05-01 22:55 - 2011-05-01 23:09 - 0087608 _____ () C:\Users\Jesus\AppData\Roaming\inst.exe 2011-05-01 22:55 - 2011-05-01 23:09 - 0007887 _____ () C:\Users\Jesus\AppData\Roaming\pcouffin.cat 2011-05-01 22:55 - 2011-05-01 23:09 - 0001144 _____ () C:\Users\Jesus\AppData\Roaming\pcouffin.inf 2011-05-01 22:56 - 2011-05-01 23:09 - 0000034 _____ () C:\Users\Jesus\AppData\Roaming\pcouffin.log 2011-05-01 22:55 - 2011-05-01 23:09 - 0047360 _____ (VSO Software) C:\Users\Jesus\AppData\Roaming\pcouffin.sys 2015-10-12 21:29 - 2015-10-12 21:29 - 0000066 _____ () C:\Users\Jesus\AppData\Roaming\sn.txt 2013-09-15 11:00 - 2013-09-15 10:59 - 0030894 _____ () C:\Users\Jesus\AppData\Roaming\speedanalysis.ico 2011-05-01 20:35 - 2015-03-27 22:58 - 0001044 _____ () C:\Users\Jesus\AppData\Roaming\vso_ts_preview.xml 2015-10-12 06:53 - 2015-10-12 06:53 - 3531374 _____ () C:\Users\Jesus\AppData\Local\curl.zip 2012-09-03 18:01 - 2012-09-03 18:01 - 0384844 _____ () C:\Users\Jesus\AppData\Local\funmoods-speeddial.crx 2012-09-03 18:01 - 2012-09-03 18:01 - 0031465 _____ () C:\Users\Jesus\AppData\Local\funmoods.crx 2012-04-21 14:09 - 2012-04-21 14:17 - 0001667 _____ () C:\Users\Jesus\AppData\Local\Temp1.html 2012-04-21 14:09 - 2012-04-21 14:17 - 0002419 _____ () C:\Users\Jesus\AppData\Local\Temp2.html 2012-07-11 06:04 - 2013-05-02 23:18 - 0023066 _____ () C:\ProgramData\hpzinstall.log 2015-10-27 10:42 - 2015-10-27 10:42 - 0005120 _____ () C:\ProgramData\taskhost.exe 2015-10-27 10:41 - 2015-10-27 10:41 - 0004096 _____ () C:\ProgramData\U7dTFLnn96AD.dll Files to move or delete: ==================== C:\ProgramData\taskhost.exe C:\ProgramData\U7dTFLnn96AD.dll C:\Users\Jesus\g2ax_customer_downloadhelper_win32_x86.exe C:\Users\Jesus\jxpiinstall.exe C:\Users\Public\AlexaNSISPlugin.5284.dll Some files in TEMP: ==================== C:\Users\Jesus\AppData\Local\Temp\avgnt.exe C:\Users\Jesus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4byjhj.dll C:\Users\Jesus\AppData\Local\Temp\Setup.exe C:\Users\Jesus\AppData\Local\Temp\Setup_V2.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-21 00:38 ==================== End of FRST.txt ============================