Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-12-2015 Ran by JV (administrator) on CK12 (14-12-2015 21:46:26) Running from C:\Users\JV\Desktop Loaded Profiles: JV (Available Profiles: JV & Guest) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (Chicony Electronics Co., Ltd.) C:\Program Files\ChiconyCam\CECPLFKT.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe () C:\Program Files\HexChat\hexchat.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-25] (Avast Software s.r.o.) HKLM\...\Run: [NSU_agent] => C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] () HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X] HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [DownloadAccelerator] => "C:\Program Files\DAP\DAP.EXE" /STARTUP HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [634504 2015-06-24] (Sandboxie Holdings, LLC) HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [] => [X] HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [Viber] => C:\Users\JV\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] () HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-12-02] (SUPERAntiSpyware) HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {00cd985d-f759-11e2-80af-0090f5b2a4a6} - "G:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {10e6f10b-7424-11e1-a247-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {10e6f11a-7424-11e1-a247-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {1ffbed76-b1e7-11e2-bc07-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {1ffc0235-b1e7-11e2-bc07-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {464226f4-ae93-11e2-a798-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {60434a31-ccbd-11e2-9fc8-0090f5a76241} - G:\Autorun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {60b7afb9-b277-11e2-a4da-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {7b9e0f0b-91ac-11e4-8761-806e6f6e6963} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {89d0ae4a-c116-11e2-bf24-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {89d0ae52-c116-11e2-bf24-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {9d0a7d8b-1c81-11e3-98bc-0090f5b2a4a6} - E:\Autorun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {9d65efa6-b1eb-11e2-bc07-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {9d65f2ef-b1eb-11e2-bc07-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {b7c4efcf-ce4e-11e2-96db-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {e12d7514-c2f6-11e2-b7a9-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {e2de45f5-b1fc-11e2-bc07-0090f5a76241} - F:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {ec3f2e0f-ae99-11e2-a798-0090f5a76241} - F:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {ec3f4192-ae99-11e2-a798-0090f5a76241} - E:\AutoRun.exe HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\MountPoints2: {f964ff73-94b3-11e4-af50-0090f5b2a4a6} - E:\AutoRun.exe ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-25] (Avast Software s.r.o.) Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-04-16] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * aswBoot.exe /M:24d919772 /dir:"C:\Program Files\AVAST Software\Avast" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.1 192.168.254.1 Tcpip\..\Interfaces\{28EFEA0C-3E6B-41E8-B421-601655388E88}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{7EF0F4CC-F911-4151-AE99-50219EDC6958}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{8212067E-CD09-4F98-828D-E0754EEFE98C}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{854BA6D0-002D-48F3-9B17-6F9C1513CFB0}: [DhcpNameServer] 192.168.8.1 192.168.8.1 Tcpip\..\Interfaces\{8606FECD-9B49-4F07-AB16-5DBB18B7F58C}: [DhcpNameServer] 192.168.0.1 192.168.0.1 Tcpip\..\Interfaces\{C12ACE4E-8A69-4007-A822-BB23D8D20B47}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{C12ACE4E-8A69-4007-A822-BB23D8D20B47}: [DhcpNameServer] 192.168.254.1 192.168.254.1 Internet Explorer: ================== HKU\S-1-5-21-4288802170-422726538-3330711173-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-4288802170-422726538-3330711173-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0 HKU\S-1-5-21-4288802170-422726538-3330711173-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-4288802170-422726538-3330711173-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028 BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-10-13] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-25] (Avast Software s.r.o.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-13] (Oracle Corporation) Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-4288802170-422726538-3330711173-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10] (Microsoft Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-13] (Oracle Corporation) FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( ) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4288802170-422726538-3330711173-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\JV\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2012-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.) FF SearchPlugin: C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\i585k2w0.default\searchplugins\google-avast.xml [2014-12-18] FF SearchPlugin: C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\searchplugins\google-avast.xml [2014-12-18] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\extensions\artur.dubovoy@gmail.com [2015-12-08] FF Extension: anonymoX - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\i585k2w0.default\Extensions\client@anonymox.net.xpi [2014-12-04] [not signed] FF Extension: Firefox Old Version Update Hotfix - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\i585k2w0.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-12-04] [not signed] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\2.0@disconnect.me.xpi [2013-06-26] [not signed] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\client@anonymox.net.xpi [2013-07-01] [not signed] FF Extension: HTTPS-Everywhere - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\https-everywhere@eff.org [2013-07-01] [not signed] FF Extension: Adblock Plus - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-26] [not signed] FF Extension: BetterPrivacy - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\fi3vzewu.default-1372242972952\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-26] [not signed] FF Extension: anonymoX - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\sr7klcl4.Default User\Extensions\client@anonymox.net.xpi [2014-12-20] [not signed] FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\sr7klcl4.Default User\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-22] [not signed] FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\1isjgkdr.Jb\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-06] [not signed] FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\kdehjshi.Anon\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-23] [not signed] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\artur.dubovoy@gmail.com [2015-02-13] [not signed] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-02-13] [not signed] FF Extension: DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-01] [not signed] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\vg813slu.eliceyoung\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-02-13] [not signed] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\t3pdit8x.QueLocura\Extensions\artur.dubovoy@gmail.com [2015-03-09] [not signed] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\t3pdit8x.QueLocura\Extensions\client@anonymox.net.xpi [2015-03-12] [not signed] FF Extension: Stealthy - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\t3pdit8x.QueLocura\Extensions\stealthyextension@gmail.com.xpi [2015-02-23] [not signed] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\adblockpopups@jessehakanen.net.xpi [2015-07-16] [not signed] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\client@anonymox.net.xpi [2015-10-02] [not signed] FF Extension: FoxyProxy Standard - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\foxyproxy@eric.h.jung [2015-09-23] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\ich@maltegoetz.de.xpi [2015-10-18] [not signed] FF Extension: Video DownloadHelper - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-31] FF Extension: Adblock Plus - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\nrsqjtlc.SosMiVida\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-28] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\r0awm7rs.Default User\Extensions\artur.dubovoy@gmail.com [2015-12-01] FF Extension: No Name - C:\Users\JV\AppData\Roaming\Mozilla\Firefox\Profiles\r0awm7rs.Default User\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-01] [not signed] FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker => not found FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-14] FF HKU\S-1-5-21-4288802170-422726538-3330711173-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox => not found Chrome: ======= CHR Profile: C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-03] CHR Extension: (Google Docs) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-03] CHR Extension: (Google Drive) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03] CHR Extension: (YouTube) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-03] CHR Extension: (Google Search) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03] CHR Extension: (Google Sheets) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-03] CHR Extension: (Google Docs Offline) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-03] CHR Extension: (Avast Online Security) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-03] CHR Extension: (Video DownloadHelper) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2015-12-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-03] CHR Extension: (Gmail) - C:\Users\JV\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-03] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-13] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com) S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-25] (Avast Software s.r.o.) S4 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152576 2011-04-19] () [File not signed] S4 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] () [File not signed] S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.) R2 CECFLPKT; C:\Program Files\ChiconyCam\CECPLFKT.exe [84592 2009-11-03] (Chicony Electronics Co., Ltd.) S4 Globe Tattoo Broadband. RunOuc; C:\Program Files\Globe Tattoo Broadband\UpdateDog\ouc.exe [657504 2012-11-12] () R2 HFGService; C:\Windows\System32\HFGService.dll [413696 2009-12-21] (CSR, plc) S4 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-10-19] (Hewlett-Packard Company) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] () S4 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG) [File not signed] S4 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed] R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [134792 2015-06-24] (Sandboxie Holdings, LLC) S4 UI Assistant Service; C:\Program Files\SMART BRO\AssistantServices.exe [269648 2011-06-24] () S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed] S4 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-25] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-25] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-25] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-25] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-25] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-27] (Avast Software s.r.o.) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-25] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-25] () R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [131800 2015-03-10] (BlueStack Systems) S3 BthAudioHF; C:\Windows\System32\DRIVERS\BthAudioHF.sys [43008 2009-12-21] (CSR, plc) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc) S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [61952 2009-12-21] (CSR, plc) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-11-18] () R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-04] () [File not signed] S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [96000 2012-08-20] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70272 2012-10-29] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2012-08-20] (Huawei Technologies Co., Ltd.) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) S3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3314048 2009-12-23] (Windows (R) Win 7 DDK provider) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [162952 2015-06-24] (Sandboxie Holdings, LLC) S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-03-04] () R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-30] (Almico Software) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181912 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr)) R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [247320 2009-06-22] (silex technology, Inc.) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1119232 2010-01-11] (VIA Technologies, Inc.) S3 WIMMount; C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\x86\DISM\wimmount.sys [34248 2012-07-25] (Microsoft Corporation) S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [107776 2011-03-26] (ZTE Incorporated) R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-04-02] (CyberLink Corp.) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-14 21:44 - 2015-12-14 21:44 - 01720832 _____ (Farbar) C:\Users\JV\Desktop\FRST.exe 2015-12-14 21:42 - 2015-12-14 21:44 - 00000000 ____D C:\Users\JV\Desktop\FRST-OlderVersion 2015-12-14 21:07 - 2015-12-14 21:07 - 00001820 _____ C:\Users\JV\AppData\Roaming\Microsoft\Windows\Start Menu\REACHit Drive.lnk 2015-12-10 21:29 - 2015-12-10 21:39 - 00049702 _____ C:\Users\JV\Desktop\Addition.txt 2015-12-10 21:27 - 2015-12-14 21:46 - 00032554 _____ C:\Users\JV\Desktop\FRST.txt 2015-12-10 21:25 - 2015-12-14 21:46 - 00000000 ____D C:\FRST 2015-12-10 21:20 - 2015-12-10 21:21 - 02369024 _____ (Farbar) C:\Users\JV\Downloads\FRST64.exe 2015-12-10 05:47 - 2015-12-10 05:52 - 49934552 _____ (Microsoft Corporation) C:\Users\JV\Downloads\Windows-KB890830-V5.31.exe 2015-12-09 18:53 - 2015-12-09 18:56 - 00081268 _____ C:\Users\JV\Downloads\Excel2013_TrackChanges_Practice.xlsx 2015-12-09 18:37 - 2015-12-09 18:45 - 00011262 _____ C:\Users\JV\Downloads\Excel2013_Filtering_Practice.xlsx 2015-12-09 18:14 - 2015-12-09 18:23 - 00048623 _____ C:\Users\JV\Downloads\Excel2013_Sorting_Practice.xlsx 2015-12-09 17:31 - 2015-12-09 17:31 - 00021910 _____ C:\Users\JV\Downloads\Excel2013_Freezing_Practice.xlsx 2015-12-09 17:18 - 2015-12-09 17:22 - 00050521 _____ C:\Users\JV\Downloads\Excel2013_Functions_Practice.xlsx 2015-12-09 16:51 - 2015-12-09 16:54 - 00052866 _____ C:\Users\JV\Downloads\Excel2013_References_Practice.xlsx 2015-12-09 16:34 - 2015-12-09 16:36 - 00048994 _____ C:\Users\JV\Downloads\Excel2013_ComplexFormulas_Practice.xlsx 2015-12-09 16:18 - 2015-12-09 16:22 - 00049216 _____ C:\Users\JV\Downloads\Excel2013_SimpleFormulas_Practice(1).xlsx 2015-12-09 16:18 - 2015-12-09 16:18 - 00049333 _____ C:\Users\JV\Downloads\Excel2013_SimpleFormulas_Practice.xlsx 2015-12-08 16:48 - 2015-12-08 16:49 - 00000000 ____D C:\Users\JV\Downloads\Miss Earth 2015-12-08 10:58 - 2015-12-08 10:58 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieSiteList 2015-12-08 09:11 - 2015-12-08 09:11 - 00000218 _____ C:\Users\Guest\AppData\Local\recently-used.xbel 2015-12-08 09:11 - 2015-12-08 09:11 - 00000000 ____D C:\Users\Guest\AppData\Roaming\deluge 2015-12-08 09:08 - 2015-12-08 09:08 - 00000000 ____D C:\Users\Guest\AppData\Roaming\AVAST Software 2015-12-07 14:12 - 2015-12-07 14:12 - 00009147 _____ C:\Users\JV\Downloads\212763_yur.xlsx 2015-12-07 01:14 - 2015-12-07 01:14 - 00210912 _____ C:\Users\JV\Downloads\gadugi.ttf 2015-12-07 00:16 - 2015-12-07 00:16 - 00016879 _____ C:\Users\JV\Downloads\Excel2013_SheetBasics_Practice.xlsx 2015-12-07 00:16 - 2015-12-07 00:16 - 00016879 _____ C:\Users\JV\Downloads\Excel2013_SheetBasics_Practice(1).xlsx 2015-12-05 15:51 - 2015-12-05 18:56 - 803167914 _____ C:\Users\JV\Downloads\A Second Chance 2015 WEBRip 720p.mp4 2015-12-05 01:03 - 2015-12-05 01:03 - 00002619 _____ C:\Users\JV\Desktop\JRT.txt 2015-12-05 00:51 - 2015-12-05 00:57 - 00772292 _____ C:\TDSSKiller.3.1.0.7_05.12.2015_00.51.15_log.txt 2015-12-05 00:41 - 2015-12-05 00:41 - 00004192 _____ C:\TDSSKiller.3.1.0.7_05.12.2015_00.41.50_log.txt 2015-12-05 00:30 - 2015-12-05 00:30 - 00000000 ____D C:\TDSSKiller_Quarantine 2015-12-05 00:20 - 2015-12-05 00:30 - 00688104 _____ C:\TDSSKiller.3.1.0.7_05.12.2015_00.20.53_log.txt 2015-12-05 00:10 - 2015-12-05 00:11 - 00004546 _____ C:\TDSSKiller.3.1.0.7_05.12.2015_00.10.48_log.txt 2015-12-04 23:47 - 2015-12-04 23:56 - 00000000 ____D C:\AdwCleaner 2015-12-04 23:40 - 2015-12-08 02:33 - 00002048 _____ C:\Users\JV\Desktop\Rkill.txt 2015-12-04 23:39 - 2015-12-10 21:22 - 00000000 ____D C:\Users\JV\Downloads\PFiles 2015-12-04 23:37 - 2015-12-04 23:37 - 00001921 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2015-12-04 23:37 - 2015-12-04 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-12-04 23:35 - 2015-12-08 16:06 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-12-04 23:35 - 2015-12-04 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-12-04 23:35 - 2015-12-04 23:36 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2015-12-04 05:22 - 2015-12-04 10:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-12-04 05:21 - 2015-12-04 05:21 - 00000000 ____D C:\Users\JV\Desktop\mbar 2015-12-04 01:54 - 2015-12-04 05:08 - 00000000 ____D C:\Users\JV\Downloads\AssBandit 720p 2015-12-04 01:49 - 2015-12-04 01:49 - 00002013 _____ C:\Users\JV\Desktop\JDownloader 2.lnk 2015-12-04 01:49 - 2015-12-04 01:49 - 00000000 ____D C:\Users\JV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-12-04 01:45 - 2015-12-04 01:45 - 00000000 ____D C:\Users\JV\REACHit 2015-12-04 01:45 - 2015-12-04 01:45 - 00000000 ____D C:\Users\JV\AppData\Local\Lenovo 2015-12-04 01:44 - 2015-12-04 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2015-12-04 01:40 - 2015-12-04 01:44 - 00000000 ____D C:\Program Files\Lenovo 2015-12-04 01:38 - 2015-12-04 05:09 - 00000000 ____D C:\Users\JV\AppData\Local\JDownloader v2.0 2015-12-04 01:38 - 2015-12-04 01:38 - 00000000 ____D C:\Windows\Downloaded Installations 2015-12-04 01:30 - 2015-12-04 01:30 - 00000000 ____D C:\Users\JV\AppData\Local\Setup66548918 2015-12-04 01:30 - 2015-12-04 01:30 - 00000000 ____D C:\Users\JV\AppData\Local\dome 2015-12-04 01:30 - 2015-12-04 01:30 - 00000000 ____D C:\Users\JV\AppData\Local\{81E4B7B8-A54C-DB00-C8D4-FEE8ECBC0270} 2015-12-03 23:47 - 2015-12-03 23:52 - 00010157 _____ C:\Users\JV\Downloads\Excel2013_ModColumns_Practice.xlsx 2015-12-03 23:02 - 2015-12-03 23:02 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-03 22:28 - 2015-12-03 22:28 - 00023924 _____ C:\Users\JV\Downloads\Excel2013_CellBasics_Practice.xlsx 2015-12-03 15:51 - 2015-12-10 15:37 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-03 15:51 - 2015-12-03 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-03 15:46 - 2015-12-14 20:59 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-03 15:46 - 2015-12-14 20:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-03 15:39 - 2015-12-03 15:39 - 00001053 _____ C:\Users\Public\Desktop\Opera.lnk 2015-12-03 15:39 - 2015-12-03 15:39 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-12-03 15:39 - 2015-12-03 15:39 - 00000000 ____D C:\Users\JV\AppData\Roaming\Opera Software 2015-12-03 15:39 - 2015-12-03 15:39 - 00000000 ____D C:\Users\JV\AppData\Local\Opera Software 2015-12-03 15:36 - 2015-12-10 15:41 - 00000000 ____D C:\Program Files\Opera 2015-12-03 15:34 - 2015-12-03 15:34 - 00929872 _____ (Google Inc.) C:\Users\JV\Downloads\ChromeSetup.exe 2015-12-03 07:02 - 2015-12-03 07:02 - 00001373 _____ C:\Users\JV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-02 22:58 - 2015-12-02 22:58 - 00002838 _____ C:\Users\JV\AppData\Local\recently-used.xbel 2015-12-02 12:25 - 2015-12-02 12:25 - 00717208 _____ (Opera Software) C:\Users\JV\Downloads\Opera_NI_stable.exe 2015-12-02 06:33 - 2015-12-02 12:26 - 15353232 _____ C:\Users\JV\Downloads\operausb1217en.zip 2015-12-01 23:31 - 2015-12-01 23:32 - 00000000 ____D C:\Users\JV\Downloads\Ceecee 2015-12-01 00:42 - 2015-12-01 00:42 - 00000000 ____D C:\Users\JV\Downloads\The.Lingerie.Murder.2015.HDRip.720p.x264.cinema2satu.net 2015-11-30 22:40 - 2015-12-01 00:41 - 599570826 _____ C:\Users\JV\Downloads\The.Lingerie.Murder.2015.HDRip.720p.x264.cinema2satu.net.rar 2015-11-30 22:40 - 2015-11-30 22:40 - 00000000 _____ C:\Users\JV\Documents\1448894405.dap 2015-11-30 22:31 - 2015-11-30 22:40 - 604125586 _____ C:\Users\JV\Documents\The.Lingerie.Murder.2015.HDRip.720p.x264.cinema2satu.net.mp4.dap 2015-11-30 22:03 - 2015-11-30 22:03 - 00000000 _____ C:\Users\JV\Documents\The.Lingerie.Murder.2015.720p.HDRip.600MB.Ganool.Video.mkv.dap 2015-11-28 23:19 - 2015-11-28 23:20 - 00288738 _____ C:\Users\JV\Downloads\photo.htm 2015-11-27 18:32 - 2015-11-27 18:32 - 00000000 ____D C:\Users\JV\AppData\Local\Viber Media S.à r.l 2015-11-27 18:32 - 2015-11-27 18:32 - 00000000 ____D C:\Users\JV\.ViberPC 2015-11-27 18:32 - 2015-11-27 18:32 - 00000000 ____D C:\Users\JV\.QtWebEngineProcess 2015-11-26 10:21 - 2015-11-27 22:33 - 00000412 _____ C:\Users\JV\AppData\Roaming\ceccam11.ini 2015-11-26 10:21 - 2015-11-26 10:21 - 00001823 _____ C:\Users\Public\Desktop\ChiconyCam.lnk 2015-11-26 10:21 - 2015-11-26 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChiconyCam 2015-11-26 10:20 - 2015-11-26 10:20 - 00000000 ____D C:\Program Files\ChiconyCam 2015-11-26 10:20 - 2009-12-23 13:46 - 03314048 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\S6000KNT.sys 2015-11-26 10:20 - 2009-12-23 13:42 - 00338432 _____ C:\Windows\system\S6000Dex.dll 2015-11-26 10:20 - 2009-12-15 10:34 - 00141824 _____ () C:\Windows\system\S6000Vex.dll 2015-11-26 10:20 - 2009-12-15 10:32 - 00059904 _____ C:\Windows\system\S6000Rmv.dll 2015-11-26 10:20 - 2009-12-15 10:31 - 00076288 _____ C:\Windows\system32\S6000DIF.dll 2015-11-26 10:20 - 2009-12-15 10:27 - 00012288 _____ C:\Windows\system\S6000Remov.exe 2015-11-26 10:20 - 2003-09-23 05:36 - 00013448 _____ C:\Windows\S6000Twn.src 2015-11-26 10:20 - 2003-09-23 04:49 - 00015190 _____ C:\Windows\S6000Twn.ini 2015-11-26 10:19 - 2015-11-26 10:19 - 00000000 ____D C:\Users\JV\Downloads\02_Camera W7 Vista 2015-11-26 10:17 - 2015-11-26 10:19 - 19252286 _____ C:\Users\JV\Downloads\02_Camera W7 Vista.zip 2015-11-26 00:11 - 2015-12-05 21:24 - 00000000 ____D C:\Users\JV\Documents\ViberDownloads 2015-11-24 07:27 - 2015-12-14 21:01 - 00000000 ____D C:\Users\JV\AppData\Roaming\ViberPC 2015-11-24 07:27 - 2015-11-27 18:32 - 00000000 ____D C:\Users\JV\AppData\Local\Viber 2015-11-24 07:27 - 2015-11-24 07:27 - 00000899 _____ C:\Users\JV\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk 2015-11-24 07:27 - 2015-11-24 07:27 - 00000897 _____ C:\Users\JV\Desktop\Viber.lnk 2015-11-24 07:27 - 2015-11-24 07:27 - 00000000 ____D C:\Users\JV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber 2015-11-24 07:26 - 2015-11-24 07:26 - 00000000 ____D C:\Users\JV\AppData\Local\Package Cache 2015-11-23 00:09 - 2015-11-23 00:09 - 01432738 _____ C:\Users\JV\Downloads\WarrantyPolicyv1.0.pdf 2015-11-21 22:47 - 2015-11-21 22:47 - 00460757 _____ C:\Users\JV\Documents\MyIcon1.xcf 2015-11-21 22:43 - 2015-11-21 22:47 - 00460757 _____ C:\Users\JV\Documents\MyIcon2.xcf 2015-11-21 22:42 - 2015-11-21 22:42 - 00460876 _____ C:\Users\JV\Documents\MyIcon.xcf 2015-11-21 01:07 - 2015-11-21 01:10 - 00000000 ____D C:\Fraps 2015-11-21 01:07 - 2015-11-21 01:07 - 00000562 _____ C:\Users\JV\Desktop\Fraps.lnk 2015-11-21 01:07 - 2015-11-21 01:07 - 00000000 ____D C:\Users\JV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps 2015-11-21 01:04 - 2015-11-21 01:06 - 02129648 _____ (Beepa Pty Ltd) C:\Users\JV\Downloads\setup.exe 2015-11-21 00:12 - 2015-11-23 14:22 - 00000000 ____D C:\Users\JV\SignOfWish 2015-11-21 00:12 - 2015-11-21 00:12 - 00000000 ____D C:\Users\JV\New folder 2015-11-21 00:11 - 2015-11-21 00:11 - 00000000 ____D C:\Master 2015-11-20 06:39 - 2015-11-20 06:45 - 1125094666 _____ C:\Users\JV\Documents\Etiquette.For.Mistresses.2015.HDRip.720p.x264-RSG.mp4.dap 2015-11-20 06:32 - 2015-11-20 06:34 - 00000000 ____D C:\Users\JV\Downloads\Etiquette.For.Mistresses.2015.HDRip.720p.x264-RSG 2015-11-20 06:32 - 2015-11-20 06:32 - 00081903 _____ C:\Users\JV\Downloads\[kat.cr]etiquette.for.mistresses.2015.hdrip.720p.x264.rsg.torrent 2015-11-20 00:22 - 2015-11-20 00:22 - 00000000 ____D C:\Users\JV\Downloads\NetBeans IDE 8 Cookbook 2015-11-20 00:14 - 2015-11-20 00:19 - 35349920 _____ C:\Users\JV\Downloads\NetBeans IDE 8 Cookbook.rar 2015-11-19 23:49 - 2015-11-19 23:50 - 00000000 ____D C:\Users\JV\Downloads\nb4 2015-11-18 12:59 - 2015-11-18 12:59 - 00272746 _____ C:\Users\JV\Downloads\Alden Richards - Magmahalan Tayo Ngayong Pasko _Official Lyrics_.mp3.part 2015-11-16 23:10 - 2015-11-16 23:30 - 65654114 _____ C:\Users\JV\Downloads\Dragon Ball Super 019.mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-14 21:18 - 2014-12-12 19:56 - 00000000 ____D C:\Users\JV\AppData\Roaming\HexChat 2015-12-14 21:07 - 2013-05-07 16:59 - 00000000 ____D C:\Users\JV\AppData\Local\Downloaded Installations 2015-12-14 21:02 - 2009-07-14 12:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-14 21:02 - 2009-07-14 12:34 - 00017536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-14 20:59 - 2015-07-15 15:01 - 00001718 _____ C:\Windows\Sandboxie.ini 2015-12-14 20:59 - 2013-04-17 06:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-14 20:59 - 2009-07-14 10:37 - 00000000 ____D C:\Windows 2015-12-14 20:53 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-13 15:02 - 2010-11-21 05:01 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-13 15:02 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf 2015-12-12 21:33 - 2013-04-16 19:37 - 00000894 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4288802170-422726538-3330711173-1000Core.job 2015-12-12 21:19 - 2013-04-16 19:37 - 00000916 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4288802170-422726538-3330711173-1000UA.job 2015-12-10 08:59 - 2014-12-15 23:01 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-09 15:27 - 2012-06-04 21:28 - 00000000 ____D C:\Users\JV\AppData\Roaming\vlc 2015-12-08 18:44 - 2015-08-10 21:57 - 00000000 ____D C:\Program Files\PCSX2 1.2.1 2015-12-08 10:56 - 2012-06-04 22:06 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc 2015-12-07 17:45 - 2012-03-21 09:56 - 00116144 _____ C:\Users\JV\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-07 12:19 - 2014-11-21 13:32 - 00000000 ____D C:\Users\Guest\Documents\Chinese Recipe 2004 2015-12-07 11:36 - 2009-07-14 12:33 - 00441952 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-06 14:43 - 2015-11-11 13:37 - 00000000 ____D C:\Users\JV\Documents\Montesorri 2015-12-06 02:59 - 2009-07-14 12:53 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-12-05 00:05 - 2015-07-21 18:43 - 00000000 ____D C:\Users\JV\.MeePasswords_DefaultStorage 2015-12-04 23:37 - 2012-03-22 23:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-12-04 22:01 - 2013-05-12 07:04 - 00000000 ____D C:\ProgramData\TEMP 2015-12-04 13:21 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\schemas 2015-12-04 05:25 - 2014-12-15 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-12-04 05:25 - 2014-12-15 22:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-12-04 05:25 - 2013-08-20 21:24 - 00001020 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-12-04 05:05 - 2013-09-13 22:57 - 00000000 ____D C:\Program Files\SMART BRO 2015-12-04 01:57 - 2014-12-27 19:53 - 00001350 _____ C:\Users\JV\Desktop\My DAP Downloads.lnk 2015-12-04 01:45 - 2012-03-20 23:50 - 00000000 ____D C:\Users\JV 2015-12-04 01:43 - 2014-12-12 19:45 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-03 18:01 - 2013-04-24 23:40 - 00000000 ____D C:\Users\JV\AppData\Local\Google 2015-12-03 15:50 - 2012-03-22 22:47 - 00000000 ____D C:\Program Files\Google 2015-12-03 00:02 - 2015-10-14 19:01 - 00000000 ____D C:\Users\JV\AppData\Roaming\HandBrake 2015-12-02 22:58 - 2014-05-19 00:10 - 00000000 ____D C:\Users\JV\AppData\Local\gtk-2.0 2015-12-02 22:58 - 2014-03-27 20:00 - 00000000 ____D C:\Users\JV\.gimp-2.8 2015-12-01 01:33 - 2015-03-09 04:59 - 00000000 ____D C:\Users\JV\dwhelper 2015-12-01 00:59 - 2014-12-21 20:20 - 00000000 ____D C:\Users\JV\Downloads\videocacheview 2015-11-27 21:06 - 2015-01-06 13:20 - 00000000 ____D C:\videocacheview 2015-11-26 10:20 - 2012-03-21 16:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-11-26 10:20 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system 2015-11-23 19:09 - 2012-04-12 22:11 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-20 03:25 - 2015-11-06 19:20 - 00000000 ____D C:\Users\JV\Documents\NetBeansProjects ==================== Files in the root of some directories ======= 2014-12-04 18:25 - 2014-12-04 18:30 - 14108096 _____ (Citrix Systems, Inc.) C:\Program Files\CitrixOnlinePluginWeb.exe 2014-12-04 18:41 - 2014-12-04 18:41 - 0001339 _____ () C:\Program Files\launch.ica.dap 2014-12-04 18:42 - 2014-12-04 18:42 - 0001339 _____ () C:\Program Files\launch_1.ica 2012-03-22 00:21 - 2011-12-31 14:18 - 461881224 _____ (Microsoft Corporation) C:\Program Files\OPPLUS-EN.EXE 2014-12-04 23:14 - 2014-12-04 23:14 - 0000093 _____ () C:\Users\JV\AppData\Roaming\ARCompanion.log 2015-11-26 10:21 - 2015-11-27 22:33 - 0000412 _____ () C:\Users\JV\AppData\Roaming\ceccam11.ini 2013-05-06 14:43 - 2013-05-06 14:43 - 0000037 ___SH () C:\Users\JV\AppData\Local\70149b02515b3bb20dd492.47983420 2012-09-06 19:21 - 2012-09-06 19:28 - 0005632 _____ () C:\Users\JV\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-02 22:58 - 2015-12-02 22:58 - 0002838 _____ () C:\Users\JV\AppData\Local\recently-used.xbel 2015-07-26 15:09 - 2015-07-26 15:10 - 0007605 _____ () C:\Users\JV\AppData\Local\Resmon.ResmonCfg 2015-04-04 14:59 - 2015-04-04 14:59 - 0642316 _____ () C:\ProgramData\AndyDrivers.zip Files to move or delete: ==================== C:\Users\JV\HexChat 2.10.2 x86.exe Some files in TEMP: ==================== C:\Users\JV\AppData\Local\Temp\Checkupdate.exe C:\Users\JV\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\JV\AppData\Local\Temp\gcapi_dll.dll C:\Users\JV\AppData\Local\Temp\gtapi_signed.dll C:\Users\JV\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-10 06:18 ==================== End of FRST.txt ============================