Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop up and redirect malware [Solved]


  • This topic is locked This topic is locked

#1
gringo1

gringo1

    Member

  • Member
  • PipPip
  • 11 posts
We stayed in a hotel this weekend, and I started getting popup ads that cover part of my screen, and when I click on a page OR scroll bar I often get a new window that redirects me to "Windows 8.1 Repair Tool" and other sites.  When I try to close this page I get a "Leave This Page" message.
No help with virus scan (Avastarrow-10x10.png, Kasperskyarrow-10x10.png TDSS Killer, Superantispyware, Malawarebytes, and Spybot).
Thanks for your help,
Kevin
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by KW (administrator) on PC on 19-04-2015 20:50:41
Running from C:\Users\KW\Desktop
Loaded Profiles: KW (Available profiles: KW)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Comodoarrow-10x10.png Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODOarrow-10x10.png\launcher_service.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoftarrow-10x10.png Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Prey\platform\windows\bin\bash.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Swift Search) C:\Program Files (x86)\SwiftSearch_1.10.0.14\Service\swsesvc.exe
(TOSHIBAarrow-10x10.png Corporation) C:\Windows\System32\TODDSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Toshiba Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avastarrow-10x10.png Software s.r.o.) C:\Program Files\AVASTarrow-10x10.png Software\Avast\AvastUI.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SSUpdate64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBAarrow-10x10.png\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] => C:\Program Files (x86)\Common Files\COMODOarrow-10x10.png\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodoarrow-10x10.png Security Solutions, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Free\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilitiesarrow-10x10.png 5\StartupManager.exe [37152 2015-04-13] (Glarysoft Ltd)
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\MountPoints2: {ddc4f11d-fd9f-11e3-bec5-008cfa21446f} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\MountPoints2: {de25872b-dc2c-11e3-bebd-008cfa21446f} - "E:\LG_PC_Programs.exe" 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2013-03-30]
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKLM -> DefaultScope {F04681B0-8FC0-4965-A6B9-BACA104CF579} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {F04681B0-8FC0-4965-A6B9-BACA104CF579} URL = 
SearchScopes: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-05] (Avast Software s.r.o.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-05] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1777364C-A0B5-4DCA-8DC2-6A564A2BD387}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{2E828496-8A58-4E56-AA33-FDEB946D8406}: [NameServer] 156.154.70.22,156.154.71.22
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2873613688-3426634421-4114225331-1001: @citrixonline.com/appdetectorplugin -> C:\Users\KW\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-27] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2013-04-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2013-04-03]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.msn.com/?PC=AV01"
CHR DefaultSearchKeyword: Default -> bing1.com
CHR DefaultSuggestURL: Default -> http://api.bing.com/...=AVASDF&PC=AV01
CHR Profile: C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-27]
CHR Extension: (Google Drive) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-27]
CHR Extension: (Wondershare Video Converter Ultimate) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp [2013-10-27]
CHR Extension: (Google Search) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-27]
CHR Extension: (Avast Online Security) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-27]
CHR Extension: (Google Wallet) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Gmail) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.yahoo.com/mail"
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-05] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-19] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-03-26] (Fork Ltd.) [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095752 2013-06-04] ()
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 swsesvc_1.10.0.14; C:\Program Files (x86)\SwiftSearch_1.10.0.14\Service\swsesvc.exe [279120 2015-04-10] (Swift Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-05] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-09-24] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-25] (Glarysoft Ltd)
S1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2014-04-17] (Riverbed Technology, Inc.)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2015-03-17] (Audials AG)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3301592 2014-02-21] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
R1 swsenfd_1_10_0_14; C:\Windows\System32\drivers\swsenfd_1_10_0_14.sys [58232 2015-04-10] (Swift Search)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 20:50 - 2015-04-19 20:50 - 00021742 _____ () C:\Users\KW\Desktop\FRST.txt
2015-04-19 20:46 - 2015-04-19 19:57 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-19 20:34 - 2015-04-19 20:34 - 01305600 _____ () C:\Users\KW\Downloads\zoek (2).exe
2015-04-19 20:33 - 2015-04-19 20:33 - 00000000 ____D () C:\Users\KW\Downloads\backups
2015-04-19 20:16 - 2015-04-19 20:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\KW\Downloads\HijackThis.exe
2015-04-19 20:16 - 2015-04-19 20:16 - 00013271 _____ () C:\Users\KW\Downloads\hijackthis.log
2015-04-19 20:00 - 2015-04-19 20:50 - 00079591 _____ () C:\zoek-results.log
2015-04-19 19:57 - 2015-04-19 20:41 - 00000000 ____D () C:\zoek_backup
2015-04-19 19:57 - 2015-04-19 19:57 - 05618696 _____ (Swearware) C:\Users\KW\Downloads\ComboFix.exe
2015-04-19 19:57 - 2015-04-19 19:57 - 01305600 _____ () C:\Users\KW\Downloads\zoek.exe
2015-04-19 19:57 - 2015-04-19 19:57 - 01305600 _____ () C:\Users\KW\Downloads\zoek (1).exe
2015-04-19 18:37 - 2015-04-19 18:38 - 00000000 ____D () C:\KVRT_Data
2015-04-19 18:36 - 2015-04-19 18:37 - 115764568 _____ (Kaspersky Lab ZAO) C:\Users\KW\Downloads\KVRT.exe
2015-04-19 18:33 - 2015-04-19 18:33 - 04176437 _____ () C:\Users\KW\Downloads\tdsskiller.zip
2015-04-19 18:06 - 2015-04-19 20:46 - 00000000 ____D () C:\Users\KW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2015-04-19 15:11 - 2015-04-19 15:12 - 00041104 _____ () C:\Users\KW\Downloads\Addition.txt
2015-04-19 15:10 - 2015-04-19 20:50 - 00000000 ____D () C:\FRST
2015-04-19 15:10 - 2015-04-19 15:12 - 00055048 _____ () C:\Users\KW\Downloads\FRST.txt
2015-04-19 15:10 - 2015-04-19 15:10 - 02098176 _____ (Farbar) C:\Users\KW\Desktop\FRST64.exe
2015-04-19 15:06 - 2015-04-19 15:06 - 00688992 _____ (Swearware) C:\Users\KW\Downloads\dds.com
2015-04-19 15:01 - 2015-04-19 15:01 - 00852616 _____ () C:\Users\KW\Downloads\SecurityCheck.exe
2015-04-19 14:59 - 2015-04-19 15:02 - 00000000 ____D () C:\AdwCleaner
2015-04-19 14:59 - 2015-04-19 14:59 - 02217984 _____ () C:\Users\KW\Downloads\adwcleaner_4.201.exe
2015-04-19 14:03 - 2015-04-19 20:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-19 14:03 - 2015-04-19 14:03 - 00000000 ____D () C:\Users\KW\AppData\Roaming\SUPERAntiSpyware.com
2015-04-19 14:03 - 2015-04-19 14:03 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-19 14:03 - 2015-04-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-19 14:02 - 2015-04-19 14:02 - 21697256 _____ (SUPERAntiSpyware) C:\Users\KW\Downloads\SUPERAntiSpyware.exe
2015-04-19 13:48 - 2015-04-19 13:48 - 00001097 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-19 08:11 - 2015-04-19 08:11 - 45142720 _____ (Microsoft Corporation) C:\Users\KW\Downloads\Windows-KB890830-x64-V5.23 (1).exe
2015-04-19 08:08 - 2015-04-19 08:08 - 44167360 _____ (Microsoft Corporation) C:\Users\KW\Downloads\Windows-KB890830-V5.23.exe
2015-04-19 08:08 - 2015-04-01 11:22 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRT.exe
2015-04-18 22:16 - 2015-04-18 22:16 - 45142720 _____ (Microsoft Corporation) C:\Users\KW\Downloads\Windows-KB890830-x64-V5.23.exe
2015-04-18 22:09 - 2015-04-18 22:09 - 00572456 _____ (F-Secure Corporation) C:\Users\KW\Downloads\F-SecureOnlineScanner.exe
2015-04-18 21:54 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-18 21:54 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-18 21:54 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-18 21:54 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-18 21:28 - 2015-04-19 20:48 - 00002270 _____ () C:\WINDOWS\PFRO.log
2015-04-18 21:23 - 2015-04-18 21:33 - 00012308 _____ () C:\Users\KW\Desktop\RBB May 2015 concerts.odt
2015-04-18 21:19 - 2015-04-18 21:24 - 00217315 _____ () C:\Users\KW\AppData\Local\census.cache
2015-04-18 21:19 - 2015-04-18 21:24 - 00103662 _____ () C:\Users\KW\AppData\Local\ars.cache
2015-04-18 21:17 - 2015-04-18 21:21 - 00000010 _____ () C:\Users\KW\AppData\Local\sponge.last.runtime.cache
2015-04-18 21:11 - 2015-04-18 21:11 - 02073512 _____ (Trend Micro Inc.) C:\Users\KW\Downloads\HousecallLauncher.exe
2015-04-18 21:11 - 2015-04-18 21:11 - 00000036 _____ () C:\Users\KW\AppData\Local\housecall.guid.cache
2015-04-18 20:56 - 2015-04-18 20:56 - 00588816 _____ () C:\Users\KW\Downloads\Autoruns.zip
2015-04-18 20:56 - 2015-04-18 20:56 - 00000000 ____D () C:\Users\KW\Downloads\Autoruns
2015-04-18 20:52 - 2015-04-18 20:53 - 159485920 _____ (Emsisoft Ltd. ) C:\Users\KW\Downloads\EmsisoftAntiMalwareSetup.exe
2015-04-18 20:45 - 2015-04-18 20:45 - 00640104 _____ ( ) C:\Users\KW\Downloads\RKill.exe
2015-04-18 20:36 - 2015-04-18 20:36 - 00000000 ____D () C:\Users\KW\AppData\Local\PC_Cleanup_Utility_Inc
2015-04-18 20:36 - 2015-04-18 20:36 - 00000000 ____D () C:\Users\KW\AppData\Local\PC Cleanup Utility Inc
2015-04-18 20:36 - 2015-04-18 20:36 - 00000000 ____D () C:\ProgramData\PC Cleanup Utility Inc
2015-04-18 20:23 - 2015-04-18 20:23 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-04-18 20:22 - 2015-04-18 20:22 - 01549632 _____ (Kaspersky Lab) C:\Users\KW\Downloads\kav15.0.0.463en_7000.exe
2015-04-18 11:55 - 2015-04-18 11:55 - 00000000 ____D () C:\WINDOWS\pss
2015-04-18 10:36 - 2015-04-19 20:48 - 00000616 _____ () C:\WINDOWS\setupact.log
2015-04-18 10:36 - 2015-04-18 10:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-18 08:55 - 2015-04-18 09:09 - 257762827 _____ () C:\Users\KW\Desktop\Dynamics Within Rock & Blues.mp4
2015-04-18 08:55 - 2015-04-18 09:07 - 197832815 _____ () C:\Users\KW\Desktop\Building A Vocabulary In Jazz #2.mp4
2015-04-18 08:53 - 2015-04-18 08:53 - 15058624 _____ () C:\Users\KW\Downloads\Glary_Utilities_v5.23.0.42.exe
2015-04-17 21:31 - 2015-04-17 21:31 - 00001267 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2015-04-17 21:31 - 2015-04-17 21:31 - 00001153 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2015-04-17 21:31 - 2015-04-17 21:31 - 00001141 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2015-04-17 21:22 - 2015-04-17 21:23 - 01621568 _____ (NCH Software) C:\Users\KW\Downloads\debutsetup.exe
2015-04-17 21:22 - 2015-04-17 21:22 - 00000970 _____ () C:\Users\Public\Desktop\Audials 12.lnk
2015-04-17 21:20 - 2015-04-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 12
2015-04-17 21:20 - 2015-04-17 21:21 - 00000000 ____D () C:\ProgramData\RapidSolution
2015-04-17 21:20 - 2015-04-17 21:20 - 00000000 ____D () C:\Program Files (x86)\Audials
2015-04-17 21:18 - 2015-04-17 21:18 - 00000000 ____D () C:\Users\KW\AppData\Local\RapidSolution
2015-04-17 21:12 - 2015-04-17 21:16 - 66612384 _____ () C:\Users\KW\Downloads\Audials_Moviebox-Setup__741.exe
2015-04-17 20:56 - 2015-04-17 20:56 - 00000000 ____D () C:\Users\KW\Documents\Streaming Video Recorder
2015-04-17 20:52 - 2015-04-17 20:54 - 27868272 _____ (APOWERSOFT LIMITED ) C:\Users\KW\Downloads\streaming-video-recorder-cnet.exe
2015-04-17 20:48 - 2015-04-17 20:48 - 06543896 _____ (Bolide Software ) C:\Users\KW\Downloads\wsr_setup.exe
2015-04-15 22:10 - 2015-04-15 22:10 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 22:09 - 2015-04-15 22:09 - 00000000 ____D () C:\Users\KW\AppData\Roaming\TotalRecorder
2015-04-15 22:08 - 2015-04-15 22:08 - 05041864 _____ () C:\Users\KW\Downloads\tr85se.exe
2015-04-15 22:08 - 2015-04-15 22:08 - 00001259 _____ () C:\Users\Public\Desktop\Total Recorder.LNK
2015-04-15 22:08 - 2015-04-15 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Recorder
2015-04-15 22:08 - 2015-04-15 22:08 - 00000000 ____D () C:\Program Files (x86)\HighCriteria
2015-04-15 22:08 - 2014-04-30 15:37 - 00125640 _____ (High Criteria inc.) C:\WINDOWS\system32\Drivers\TotRec8.sys
2015-04-15 21:20 - 2015-04-15 21:20 - 00001217 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2015-04-15 21:20 - 2015-04-15 21:20 - 00000049 _____ () C:\WINDOWS\SysWOW64\ScrRecX.log
2015-04-15 21:20 - 2015-04-15 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-04-15 21:20 - 2015-04-15 21:20 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2015-04-15 21:20 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2015-04-15 21:19 - 2015-04-15 21:19 - 16490312 _____ (DsNET Corp ) C:\Users\KW\Downloads\aTube_Catcher_SOMOTO_8004.exe
2015-04-15 20:38 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 20:38 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 20:37 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 20:37 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 20:37 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 20:37 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 20:37 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 20:37 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 20:37 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 20:37 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 20:37 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 20:37 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 20:37 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 20:37 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 20:37 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 20:37 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 20:37 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 20:37 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 20:37 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 20:37 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 20:37 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 20:37 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 20:37 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 20:37 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 20:37 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 20:37 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 20:37 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 20:37 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 20:37 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 20:37 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 20:37 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 20:37 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 20:37 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 20:37 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 20:37 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 20:37 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 20:37 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 20:37 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 20:37 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 20:37 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 20:37 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 20:37 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 20:35 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 20:35 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 20:35 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 20:35 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 20:35 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 20:35 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 20:35 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 20:35 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 20:35 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 20:35 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 20:35 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 20:35 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 20:35 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 20:35 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 20:35 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 20:35 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 20:35 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 20:35 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 20:35 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 20:35 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 20:35 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 20:35 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 20:35 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-14 22:18 - 2015-04-14 22:18 - 00665200 _____ (vcatcher.com) C:\Users\KW\Downloads\vcatcher-setup.exe
2015-04-14 22:06 - 2015-04-14 22:06 - 06177656 _____ (http://freerecorders.com ) C:\Users\KW\Downloads\screenrecorder_setup [1].exe
2015-04-14 22:06 - 2015-04-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-14 22:06 - 2015-04-14 22:06 - 00000000 ____D () C:\Program Files (x86)\SwiftSearch_1.10.0.14
2015-04-14 22:05 - 2015-04-14 22:05 - 01610184 _____ (Safe Download-screenrecorder_setup ) C:\Users\KW\Downloads\screenrecorder_setup.exe
2015-04-14 21:57 - 2015-04-14 21:57 - 28609640 _____ () C:\Users\KW\Downloads\InstallScreencastOMatic-v1.4.exe
2015-04-14 21:35 - 2015-04-14 21:40 - 275497228 _____ () C:\Users\KW\Desktop\James Brown - The Charleston Beat & Jab'o Starks.mp4
2015-04-14 21:35 - 2015-04-14 21:37 - 359877606 _____ () C:\Users\KW\Desktop\Iconic Drum Intros  Metal.mp4
2015-04-14 21:35 - 2015-04-14 21:37 - 178004059 _____ () C:\Users\KW\Desktop\One-Handed Fills.mp4
2015-04-14 20:28 - 2015-04-14 20:28 - 00000000 ____D () C:\Users\KW\Desktop\RBB 4 13 15 practice
2015-04-13 22:40 - 2015-04-14 09:06 - 1061359861 _____ () C:\Users\KW\Desktop\Antonio Sanchez - Creative Soloing & Freedom (FULL DRUM LESSON).mp4
2015-04-12 22:19 - 2015-04-12 22:19 - 00000000 ____D () C:\Users\KW\Documents\FlashIntegro
2015-04-12 22:19 - 2015-04-12 22:19 - 00000000 ____D () C:\Users\KW\AppData\Roaming\ScreenRecorder
2015-04-12 22:18 - 2015-04-12 22:18 - 00001269 _____ () C:\Users\KW\Desktop\VSDC Free Screen Recorder.lnk
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro
2015-04-12 22:18 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\Lagarith.dll
2015-04-12 22:18 - 2005-08-01 19:43 - 00245760 _____ () C:\WINDOWS\SysWOW64\lame.ax
2015-04-12 22:18 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2015-04-12 22:18 - 2004-09-06 16:06 - 00053248 _____ () C:\WINDOWS\SysWOW64\xvid.ax
2015-04-12 22:18 - 2004-07-03 21:08 - 00139264 _____ () C:\WINDOWS\SysWOW64\xvidvfw.dll
2015-04-12 22:18 - 2004-07-03 20:59 - 00524288 _____ () C:\WINDOWS\SysWOW64\xvidcore.dll
2015-04-12 22:18 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\WINDOWS\SysWOW64\AC3ACM.acm
2015-04-12 22:18 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divx.dll
2015-04-12 22:18 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divxdec.ax
2015-04-12 22:18 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\WINDOWS\SysWOW64\mcdvd_32.dll
2015-04-12 22:18 - 2003-05-21 23:50 - 00156910 _____ () C:\WINDOWS\WMSysPr8.prx
2015-04-12 22:18 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\WINDOWS\SysWOW64\vct3216.acm
2015-04-12 22:18 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\WINDOWS\SysWOW64\alf2cd.acm
2015-04-12 22:18 - 2003-05-21 23:50 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-04-12 22:18 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\L3CODECX.AX
2015-04-12 22:18 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg4c32.dll
2015-04-12 22:18 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\WINDOWS\SysWOW64\Scg726.acm
2015-04-12 22:17 - 2015-04-12 22:17 - 15329928 _____ (Flash-Integro LLC ) C:\Users\KW\Downloads\screen_recorder_download.exe
2015-04-12 09:47 - 2015-04-12 09:48 - 00000000 ____D () C:\Users\KW\Desktop\lessons
2015-04-11 22:52 - 2015-04-11 22:52 - 24210616 _____ (Audacity Team ) C:\Users\KW\Downloads\Audacity_v2.1.0.exe
2015-04-11 22:52 - 2015-04-11 22:52 - 15049832 _____ () C:\Users\KW\Downloads\Glary_Utilities_v5.22.0.41.exe
2015-04-11 22:27 - 2015-04-11 22:32 - 329390244 _____ () C:\Users\KW\Downloads\drumeo-975-HD.mp4standard (1).mp4
2015-04-11 20:14 - 2015-04-11 20:14 - 00035696 _____ () C:\Users\KW\Documents\Edgar’s Practice Tips.html
2015-04-11 20:14 - 2015-04-11 20:14 - 00000000 ____D () C:\Users\KW\Documents\Edgar’s Practice Tips_files
2015-04-11 19:53 - 2015-04-11 20:00 - 340652904 _____ () C:\Users\KW\Downloads\antonio-sanchez-creative-soloing-and-freedomstandard.mp4
2015-04-10 15:00 - 2015-04-10 15:00 - 00058232 _____ (Swift Search) C:\WINDOWS\system32\Drivers\swsenfd_1_10_0_14.sys
2015-04-05 21:46 - 2015-04-05 21:46 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-05 21:46 - 2015-04-05 21:46 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-04 18:17 - 2015-04-04 18:18 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 18:17 - 2015-04-04 18:17 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-01 21:57 - 2015-04-02 15:58 - 00000000 ____D () C:\Users\KW\Documents\Any Video Recorder
2015-04-01 21:57 - 2015-04-01 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Recorder
2015-04-01 21:57 - 2015-04-01 21:57 - 00000000 ____D () C:\Program Files (x86)\Any Video Recorder
2015-04-01 21:57 - 2012-05-17 13:01 - 00033872 _____ (AnvSoft Inc.) C:\WINDOWS\system32\Drivers\anvsnddrv.sys
2015-04-01 21:56 - 2015-04-01 21:56 - 07600000 _____ (anvsoft, Inc. ) C:\Users\KW\Downloads\any-video-recorder.exe
2015-03-29 13:44 - 2015-04-04 21:56 - 00000000 ____D () C:\Users\KW\Desktop\New drums
2015-03-25 17:56 - 2015-04-19 15:06 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-25 17:56 - 2015-04-19 15:06 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-25 17:56 - 2015-03-25 17:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-03-25 17:56 - 2015-03-25 17:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-03-25 17:56 - 2015-03-25 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-21 07:45 - 2015-03-21 08:02 - 00000000 ____D () C:\Users\KW\Desktop\DCIM
2015-03-20 18:33 - 2015-03-21 20:11 - 00000000 ____D () C:\Users\KW\Desktop\Audacity
2015-03-20 18:32 - 2015-03-20 18:32 - 08941140 _____ () C:\Users\KW\Downloads\audacity-win-2.0.6.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 20:50 - 2014-10-25 21:37 - 00000332 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-04-19 20:49 - 2013-10-27 09:29 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 20:49 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-19 20:48 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-19 20:42 - 2013-12-31 18:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-19 20:42 - 2013-10-27 09:29 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 20:37 - 2013-03-30 16:04 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2873613688-3426634421-4114225331-1001
2015-04-19 20:35 - 2015-02-27 06:57 - 00000550 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001.job
2015-04-19 20:16 - 2013-03-30 15:57 - 00000000 ____D () C:\Users\KW\AppData\Local\VirtualStore
2015-04-19 20:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-19 18:42 - 2013-03-30 16:47 - 00000000 ____D () C:\Users\KW\Desktop\Computer Maintenance
2015-04-19 18:10 - 2014-02-11 21:54 - 00000000 ____D () C:\Users\KW\AppData\Roaming\ClassicShell
2015-04-19 15:37 - 2013-03-30 16:19 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-19 15:19 - 2014-09-07 17:55 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-19 14:52 - 2015-01-24 11:15 - 01820711 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-18 21:54 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-18 20:53 - 2014-09-07 13:03 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-18 18:52 - 2013-04-20 14:26 - 00000000 ____D () C:\Users\KW\AppData\Roaming\vlc
2015-04-18 12:52 - 2014-04-29 09:01 - 00000000 ____D () C:\Users\KW\Desktop\drum lessons
2015-04-18 10:30 - 2014-09-21 19:37 - 00000000 ____D () C:\Users\KW\Desktop\Audio Video
2015-04-18 10:23 - 2014-10-25 21:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-04-18 08:55 - 2014-10-25 21:37 - 00002954 _____ () C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-04-18 08:55 - 2014-10-25 21:37 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-04-18 08:55 - 2014-10-25 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-04-18 08:51 - 2014-02-21 21:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-17 21:46 - 2015-02-27 06:57 - 00003532 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\Users\KW\AppData\Roaming\NCH Software
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\ProgramData\NCH Software
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-04-17 21:02 - 2014-10-16 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2015-04-17 20:56 - 2014-10-16 22:02 - 00000000 ____D () C:\Users\KW\AppData\Roaming\Apowersoft
2015-04-15 23:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 22:36 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 22:10 - 2014-11-25 09:45 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 22:09 - 2013-10-23 23:37 - 00000000 ____D () C:\Users\KW
2015-04-15 20:47 - 2013-08-15 13:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 22:19 - 2013-04-03 22:04 - 00000000 ____D () C:\Program Files\WinPcap
2015-04-14 21:42 - 2013-12-31 18:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:31 - 2013-09-29 23:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-13 18:24 - 2014-12-12 23:06 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2014-12-12 23:06 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 22:53 - 2013-04-21 20:02 - 00001046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-04-11 22:53 - 2013-04-21 20:02 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-04-08 13:05 - 2014-06-03 12:40 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396658504
2015-04-08 13:05 - 2014-04-04 19:41 - 00001074 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-08 13:05 - 2014-04-04 19:41 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-05 21:46 - 2014-05-03 20:07 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-05 21:46 - 2013-12-31 18:07 - 00136752 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-05 21:07 - 2014-09-05 21:56 - 00000000 ____D () C:\Users\KW\Desktop\Bands
2015-04-01 22:07 - 2013-03-31 16:23 - 00000000 ____D () C:\Users\KW\AppData\Roaming\AnvSoft
2015-04-01 11:16 - 2013-04-03 22:01 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-29 20:43 - 2015-03-19 10:44 - 00009702 _____ () C:\Users\KW\Desktop\Handyman.odt
2015-03-29 14:33 - 2013-11-29 09:23 - 00000000 ____D () C:\Users\KW\Desktop\My photos
2015-03-28 14:49 - 2013-09-15 10:16 - 00000000 ____D () C:\Users\KW\AppData\Roaming\Audacity
2015-03-21 08:27 - 2015-02-23 22:47 - 00012125 _____ () C:\Users\KW\Desktop\RBB March 23.odt
 
==================== Files in the root of some directories =======
 
2013-06-21 23:09 - 2013-06-21 23:09 - 0000077 _____ () C:\Users\KW\AppData\Roaming\mbam.context.scan
2015-04-18 21:19 - 2015-04-18 21:24 - 0103662 _____ () C:\Users\KW\AppData\Local\ars.cache
2015-04-18 21:19 - 2015-04-18 21:24 - 0217315 _____ () C:\Users\KW\AppData\Local\census.cache
2015-04-18 21:11 - 2015-04-18 21:11 - 0000036 _____ () C:\Users\KW\AppData\Local\housecall.guid.cache
2015-04-18 21:17 - 2015-04-18 21:21 - 0000010 _____ () C:\Users\KW\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-19 15:47
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by KW at 2015-04-19 20:52:30
Running from C:\Users\KW\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\Amazon Kindle) (Version:  - Amazon)
Any Video Converter 5.5.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Any Video Recorder version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audials (HKLM-x32\...\{479BFCE4-D39C-4134-BD94-07E2872C60B2}) (Version: 12.0.63100.0 - Audials AG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
BurnAware Free 7.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 27.1.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
Cookienator (HKLM-x32\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.12 - NCH Software)
DeVeDe (HKLM-x32\...\{D1BCDFB2-D631-4AD5-9CA1-B86E01E1AC62}) (Version: 3.17.1 - MajorSilence)
DVD Author Plus 3 (HKLM-x32\...\DVD Author Plus_is1) (Version:  - Deskshare Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDStyler v2.8 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 4.76 - NCH Software)
Free Audio Converter 2014 6.2.6 (HKLM-x32\...\Free Audio Converter 2014_is1) (Version:  - FAEMedia Co., Ltd.)
Free Audio Converter version 5.0.57.219 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.57.219 - DVDVideoSoft Ltd.)
Free VCD to MPEG-4 AVC Converter (HKLM-x32\...\Free VCD to MPEG-4 AVC Converter_is1) (Version: 1.2.8 - convertvideofiles.net)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.0 - Ellora Assets Corporation)
FreeYouTubeDownloader (HKLM-x32\...\{599D7CA9-47F7-42CC-9ED3-F70FB78CE843}) (Version: 4.3.7.3 - TopPlayList.NET)
GeekBuddy (HKLM-x32\...\{A47642B2-4CB5-4325-8093-C88D4747953F}) (Version: 4.7.55 - Comodo Security Solutions Inc)
Glary Utilities 5.23 (HKLM-x32\...\Glary Utilities 5) (Version: 5.23.0.42 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.0.0 - Lightworks)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPlayer for Windows (HKLM-x32\...\{97D341C8-B0D1-4E4A-A49A-C30B52F168E9}) (Version: 2013-04-14 - The MPlayer Team)
OI App Manager (HKLM-x32\...\OI App Manager) (Version:  - Optimum Installer)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Swift Search 1.10.0.14 (HKLM-x32\...\SwiftSearch_1.10.0.14) (Version: 1.10.0.14 - Swift Search)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSDC Free Screen Recorder version 1.2.2.127 (HKLM-x32\...\VSDC Free Screen Recorder_is1) (Version: 1.2.2.127 - Flash-Integro LLC)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)
WildBit Viewer (HKLM-x32\...\WildBit Viewer_is1) (Version: 5.13 - WildBit Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Wondershare Player(Build 1.0.2) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.0.2.1 - Wondershare)
Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)
Wondershare Video Editor(Build 4.7.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Youtube Video/Music Downloader 7.2 (HKLM-x32\...\{00AA23A3-F4F7-4805-AA6B-4C2A74F3AB2B}_is1) (Version: 7.2 - YoutubeMusicDownloader.us Inc.)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\KW\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\KW\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
04-04-2015 18:16:41 Windows Update
05-04-2015 21:45:11 avast! antivirus system restore point
14-04-2015 20:55:01 Scheduled Checkpoint
17-04-2015 20:59:03 Revo Uninstaller's restore point - Streaming Audio Recorder V3.3.4
18-04-2015 21:35:14 Revo Uninstaller's restore point - PC Cleanup Utility
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-10-08 20:22 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F8BD78C-B381-4FA1-85C6-7B15EE04B7CE} - System32\Tasks\{9D5F2B9B-D100-4E78-9675-0EF3ECCEF1E1} => pcalua.exe -a C:\Users\KW\Downloads\WindowsMedia8-KB911565-x86-ENU.exe -d C:\Users\KW\Downloads
Task: {1183F35B-E659-4D31-9637-D2F0C1E49653} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1E438BA0-1A6C-42A4-9537-1700752331EE} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2873613688-3426634421-4114225331-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {21447BAD-1E09-4C73-A067-925AFBF88E88} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {232F7C92-BDB9-4026-A126-74D16B3E6398} - System32\Tasks\GU4SkipUAC => F:\Glary Utilities 4\Integrator.exe
Task: {23900926-08D0-4217-8408-3DCDF50113FE} - System32\Tasks\NCH Software\DebutSevenDays => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2015-04-13] (NCH Software)
Task: {3B520E98-B923-4B8C-B379-5348CB1E0C31} - System32\Tasks\Opera scheduled Autoupdate 1396658504 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {3F2EC84D-AC6E-4448-A3EC-E99B54437DFC} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-04-13] (Glarysoft Ltd)
Task: {42BD4443-1DD5-4CE2-BF76-E501811C6470} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-10-19] (COMODO)
Task: {43E6F7BD-F27B-474C-886E-78A95B2A8D1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {48C89CDB-08F0-4FD4-88F7-2F4D10FA9948} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {59711FEE-D1A5-460C-9547-D0B12144844E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001 => C:\Users\KW\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-17] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {67AE9533-2928-49AD-A9D1-F12EF99F736C} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-10-19] (COMODO)
Task: {6CF9EE46-0A9B-4105-9E16-E91820BC26D8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {7AC08C0D-D08E-4785-B5ED-6DC6C23156AB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {825F0BB0-0811-4E35-AB7C-BD5B40AD38F4} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {83D15697-0246-4A7F-9DDD-228B248469FD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {9D9CDE8A-6E84-40C8-BEE8-8A9B646C0207} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-04-13] (Glarysoft Ltd)
Task: {A2176C9E-DD88-4B5E-8353-90C8FAB233A1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {A2E79123-2F4C-4D62-A2CD-2EB2CF46374F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {B1D6046B-979B-4848-8EEE-13707F08C2C0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {B4B47684-D94E-47F0-A750-9E43FDB401EC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-05] (Avast Software s.r.o.)
Task: {BA68DEB1-31FB-4E81-89DD-F5F2FA26A417} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {BF6C3C41-06DD-4D15-905A-1DD7FCE43F9F} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {F4A113BC-5259-4DE5-825B-45B716589F25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {FF6B2EDF-492E-49E2-9E18-BE641A27DAB7} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001.job => C:\Users\KW\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-07-27 08:57 - 2013-04-27 10:01 - 00941992 _____ () C:\windows\SysWOW64\WPShellExt64.dll
2013-03-31 15:47 - 2010-07-29 18:19 - 00293888 _____ () C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll
2013-06-04 09:58 - 2013-06-04 09:58 - 02095752 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2013-03-26 14:09 - 2013-03-26 14:09 - 00567296 _____ () C:\Prey\platform\windows\bin\bash.exe
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-05 21:46 - 2015-04-05 21:46 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-05 21:46 - 2015-04-05 21:46 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-19 12:14 - 2015-04-19 12:14 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041901\algo.dll
2014-02-21 21:05 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-21 21:05 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-21 21:05 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-21 21:05 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-21 21:05 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-20 19:47 - 2015-03-20 19:47 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-25 21:00 - 2015-01-25 21:00 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8a4ebd0132a76f2a7ce438310a41e9d1\PSIClient.ni.dll
2012-10-19 10:01 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KW\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "gbrspcontrol"
HKLM\...\StartupApproved\Run32: => "MPlayerForWindows_AutoUpdateV2"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper"
HKLM\...\StartupApproved\Run32: => "PureLeads Tray"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\StartupApproved\Run: => "DownloadManager"
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\StartupApproved\Run: => "GUDelayStartup"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2873613688-3426634421-4114225331-500 - Administrator - Disabled)
Guest (S-1-5-21-2873613688-3426634421-4114225331-501 - Limited - Disabled)
KW (S-1-5-21-2873613688-3426634421-4114225331-1001 - Administrator - Enabled) => C:\Users\KW
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/18/2015 09:28:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (04/18/2015 08:40:32 PM) (Source: MsiInstaller) (EventID: 11719) (User: PC)
Description: Application: Kaspersky Anti-Virus -- Error 1719. Windows Installer service could not be accessed. Contact Technical Support to verify that it is properly registered and enabled.
 
Error: (04/17/2015 09:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Audials.exe, version: 12.0.63100.0, time stamp: 0x550856ec
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xc0020001
Fault offset: 0x00014598
Faulting process id: 0x12d4
Faulting application start time: 0xAudials.exe0
Faulting application path: Audials.exe1
Faulting module path: Audials.exe2
Report Id: Audials.exe3
Faulting package full name: Audials.exe4
Faulting package-relative application ID: Audials.exe5
 
Error: (04/15/2015 10:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cistray.exe, version: 6.3.35694.2953, time stamp: 0x52632e8e
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x545044f9
Exception code: 0xc0000005
Fault offset: 0x000000000003a042
Faulting process id: 0xf20
Faulting application start time: 0xcistray.exe0
Faulting application path: cistray.exe1
Faulting module path: cistray.exe2
Report Id: cistray.exe3
Faulting package full name: cistray.exe4
Faulting package-relative application ID: cistray.exe5
 
Error: (04/14/2015 09:46:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/14/2015 09:46:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/10/2015 06:05:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0xd20
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
Error: (04/03/2015 06:04:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0x1fb0
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
Error: (04/03/2015 06:02:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0x1fe0
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
Error: (04/03/2015 05:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0x1d28
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
 
System errors:
=============
Error: (04/19/2015 08:49:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/19/2015 08:30:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/19/2015 08:30:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (04/18/2015 09:28:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (04/18/2015 08:40:32 PM) (Source: MsiInstaller) (EventID: 11719) (User: PC)
Description: Application: Kaspersky Anti-Virus -- Error 1719. Windows Installer service could not be accessed. Contact Technical Support to verify that it is properly registered and enabled.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (04/17/2015 09:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Audials.exe12.0.63100.0550856ecKERNELBASE.dll6.3.9600.1741554504adec00200010001459812d401d0797e979cb65dC:\Program Files (x86)\Audials\Audials 12\Audials.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlle21f164e-e571-11e4-beee-008cfa21446f
 
Error: (04/15/2015 10:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cistray.exe6.3.35694.295352632e8ecombase.dll6.3.9600.17415545044f9c0000005000000000003a042f2001d077f35136acf3C:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\WINDOWS\SYSTEM32\combase.dll7263b6a4-e3e7-11e4-beee-008cfa21446f
 
Error: (04/14/2015 09:46:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\KW\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exeC:\Users\KW\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exe0
 
Error: (04/14/2015 09:46:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\KW\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exeC:\Users\KW\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exe0
 
Error: (04/10/2015 06:05:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b3d2001d07362782a471aC:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dll76a0c2b1-df71-11e4-beec-008cfa21446f
 
Error: (04/03/2015 06:04:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b31fb001d06dfda2ad7535C:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dll2f467227-d9f1-11e4-beea-008cfa21446f
 
Error: (04/03/2015 06:02:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b31fe001d06dfd27561bc5C:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dlldca13816-d9f0-11e4-beea-008cfa21446f
 
Error: (04/03/2015 05:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b31d2801d06dbcf8963394C:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dll60e669ac-d9f0-11e4-beea-008cfa21446f
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-23 22:46:43.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 22:30:51.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 22:28:49.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 22:00:18.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 21:51:12.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 21:40:27.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 20:45:22.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 18:06:54.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 09:08:44.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 09:07:52.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B980 @ 2.40GHz
Percentage of memory in use: 24%
Total physical RAM: 6026.22 MB
Available physical RAM: 4562.71 MB
Total Pagefile: 6986.22 MB
Available Pagefile: 5484.12 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (TI10653400C) (Fixed) (Total:585.72 GB) (Free:392.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi gringo1, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

     

    I have notices that you have more than one anti-virus installed in your system. Well, this is one of the situations where more is not merrier. They tend to create conflict with each other and their different pattern on your system protection can deteriorate your system performance.
    I have listed the anti-virus(es) you have in your system.
  • avast! Antivirus
  • Spybot - Search and Destroy (Not worthy these days)
  • COMODO Antivirus
    Please, keep only one. I recommend .
    [/list]
     

  • Step #1 Fix with AdwCleaner
  • Download AdwCleaner by Xplode to your Desktop from the following link.
  • Download Link #1
  • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Copy and Paste the contents of this log in your reply.[/list][/list]
     

  • Step #2 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.[/list]
     

    Provide me a fresh set of FRST scan logs afterwards.

     

  • Required Log(s):
  • AdwCleaner Log
  • Junkware Removal Tool Log
  • FRST.txt
    [/list]
    Regards,
    Valinorum

  • 0

#3
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows 8.1 x64
Ran by KW on Tue 04/21/2015 at 19:14:06.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2873613688-3426634421-4114225331-1001
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2873613688-3426634421-4114225331-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3982691128-1410291285-1779925749-500
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update SmarterPower
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util SmarterPower
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\KW\appdata\local\Google\Chrome\User Data\Default\Extensions\chgdeabpmphfhkoemjjglmilajldekbp
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/21/2015 at 19:19:40.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#4
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

# AdwCleaner v4.201 - Logfile created 21/04/2015 at 19:06:43
# Updated 08/04/2015 by Xplode
# Database : 2015-04-21.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : KW - PC
# Running from : C:\Users\KW\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v42.0.2311.90


-\\ Comodo Dragon v27.1.0.0


-\\ Opera v28.0.1750.51


*************************

AdwCleaner[R0].txt - [4397 bytes] - [19/04/2015 14:59:40]
AdwCleaner[R1].txt - [3592 bytes] - [21/04/2015 12:54:40]
AdwCleaner[R2].txt - [3706 bytes] - [21/04/2015 18:54:02]
AdwCleaner[R3].txt - [1052 bytes] - [21/04/2015 19:03:44]
AdwCleaner[S0].txt - [3778 bytes] - [21/04/2015 18:57:23]
AdwCleaner[S1].txt - [981 bytes] - [21/04/2015 19:06:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1039 bytes] ##########


  • 0

#5
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by KW at 2015-04-21 19:28:29
Running from C:\Users\KW\Desktop\Computer Maintenance
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\Amazon Kindle) (Version:  - Amazon)
Any Video Converter 5.5.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Any Video Recorder version 1.0.4 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.4 - anvsoft, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audials (HKLM-x32\...\{479BFCE4-D39C-4134-BD94-07E2872C60B2}) (Version: 12.0.63100.0 - Audials AG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
BurnAware Free 7.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 27.1.0.0 - COMODO)
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 6.0.2566.2708 - COMODO Security Solutions Inc.)
Cookienator (HKLM-x32\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.12 - NCH Software)
DeVeDe (HKLM-x32\...\{D1BCDFB2-D631-4AD5-9CA1-B86E01E1AC62}) (Version: 3.17.1 - MajorSilence)
DVD Author Plus 3 (HKLM-x32\...\DVD Author Plus_is1) (Version:  - Deskshare Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDStyler v2.8 (HKLM-x32\...\DVDStyler_is1) (Version:  - )
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 4.76 - NCH Software)
Free Audio Converter 2014 6.2.6 (HKLM-x32\...\Free Audio Converter 2014_is1) (Version:  - FAEMedia Co., Ltd.)
Free Audio Converter version 5.0.57.219 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.57.219 - DVDVideoSoft Ltd.)
Free VCD to MPEG-4 AVC Converter (HKLM-x32\...\Free VCD to MPEG-4 AVC Converter_is1) (Version: 1.2.8 - convertvideofiles.net)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.0 - Ellora Assets Corporation)
FreeYouTubeDownloader (HKLM-x32\...\{599D7CA9-47F7-42CC-9ED3-F70FB78CE843}) (Version: 4.3.7.3 - TopPlayList.NET)
GeekBuddy (HKLM-x32\...\{A47642B2-4CB5-4325-8093-C88D4747953F}) (Version: 4.7.55 - Comodo Security Solutions Inc)
Glary Utilities 5.23 (HKLM-x32\...\Glary Utilities 5) (Version: 5.23.0.42 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.0.0 - Lightworks)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPlayer for Windows (HKLM-x32\...\{97D341C8-B0D1-4E4A-A49A-C30B52F168E9}) (Version: 2013-04-14 - The MPlayer Team)
OI App Manager (HKLM-x32\...\OI App Manager) (Version:  - Optimum Installer)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 28.0.1750.51 (HKLM-x32\...\Opera 28.0.1750.51) (Version: 28.0.1750.51 - Opera Software ASA)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
Swift Search 1.10.0.14 (HKLM-x32\...\SwiftSearch_1.10.0.14) (Version: 1.10.0.14 - Swift Search)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Total Recorder 8.5 Standard Edition (HKLM-x32\...\TotalRecorder) (Version:  - )
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSDC Free Screen Recorder version 1.2.2.127 (HKLM-x32\...\VSDC Free Screen Recorder_is1) (Version: 1.2.2.127 - Flash-Integro LLC)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)
WildBit Viewer (HKLM-x32\...\WildBit Viewer_is1) (Version: 5.13 - WildBit Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
Wondershare Player(Build 1.0.2) (HKLM-x32\...\Wondershare Player_is1) (Version: 1.0.2.1 - Wondershare)
Wondershare Video Converter Free(Build 6.5.1.0) (HKLM-x32\...\Wondershare Video Converter Free_is1) (Version: 6.5.1.0 - Wondershare Software)
Wondershare Video Editor(Build 4.7.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Youtube Video/Music Downloader 7.2 (HKLM-x32\...\{00AA23A3-F4F7-4805-AA6B-4C2A74F3AB2B}_is1) (Version: 7.2 - YoutubeMusicDownloader.us Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\KW\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\KW\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
05-04-2015 21:45:11 avast! antivirus system restore point
14-04-2015 20:55:01 Scheduled Checkpoint
17-04-2015 20:59:03 Revo Uninstaller's restore point - Streaming Audio Recorder V3.3.4
18-04-2015 21:35:14 Revo Uninstaller's restore point - PC Cleanup Utility
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-10-08 20:22 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0F8BD78C-B381-4FA1-85C6-7B15EE04B7CE} - System32\Tasks\{9D5F2B9B-D100-4E78-9675-0EF3ECCEF1E1} => pcalua.exe -a C:\Users\KW\Downloads\WindowsMedia8-KB911565-x86-ENU.exe -d C:\Users\KW\Downloads
Task: {1183F35B-E659-4D31-9637-D2F0C1E49653} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1E438BA0-1A6C-42A4-9537-1700752331EE} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2873613688-3426634421-4114225331-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {21447BAD-1E09-4C73-A067-925AFBF88E88} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-09-24] (COMODO)
Task: {232F7C92-BDB9-4026-A126-74D16B3E6398} - System32\Tasks\GU4SkipUAC => F:\Glary Utilities 4\Integrator.exe
Task: {23900926-08D0-4217-8408-3DCDF50113FE} - System32\Tasks\NCH Software\DebutSevenDays => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2015-04-13] (NCH Software)
Task: {244B483E-BCA7-4A3E-9E02-2B12957368E1} - \Optimize Start Menu Cache Files-S-1-5-21-2873613688-3426634421-4114225331-1001 No Task File <==== ATTENTION
Task: {3B520E98-B923-4B8C-B379-5348CB1E0C31} - System32\Tasks\Opera scheduled Autoupdate 1396658504 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-07] (Opera Software)
Task: {3F2EC84D-AC6E-4448-A3EC-E99B54437DFC} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-04-13] (Glarysoft Ltd)
Task: {42BD4443-1DD5-4CE2-BF76-E501811C6470} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-10-19] (COMODO)
Task: {43E6F7BD-F27B-474C-886E-78A95B2A8D1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {48C89CDB-08F0-4FD4-88F7-2F4D10FA9948} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {59711FEE-D1A5-460C-9547-D0B12144844E} - System32\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001 => C:\Users\KW\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-17] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {67AE9533-2928-49AD-A9D1-F12EF99F736C} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-10-19] (COMODO)
Task: {6CF9EE46-0A9B-4105-9E16-E91820BC26D8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {7AC08C0D-D08E-4785-B5ED-6DC6C23156AB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {825F0BB0-0811-4E35-AB7C-BD5B40AD38F4} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {83D15697-0246-4A7F-9DDD-228B248469FD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-20] (Synaptics Incorporated)
Task: {9D9CDE8A-6E84-40C8-BEE8-8A9B646C0207} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-04-13] (Glarysoft Ltd)
Task: {A2176C9E-DD88-4B5E-8353-90C8FAB233A1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {A2E79123-2F4C-4D62-A2CD-2EB2CF46374F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {B1D6046B-979B-4848-8EEE-13707F08C2C0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {B4B47684-D94E-47F0-A750-9E43FDB401EC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-05] (Avast Software s.r.o.)
Task: {B5BF93BD-3FFD-430C-8B2C-1B13F0311F56} - \Optimize Start Menu Cache Files-S-1-5-21-2873613688-3426634421-4114225331-500 No Task File <==== ATTENTION
Task: {B8F787C7-FA8C-456C-B307-4FAD72031514} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {BF6C3C41-06DD-4D15-905A-1DD7FCE43F9F} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe
Task: {F4A113BC-5259-4DE5-825B-45B716589F25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-27] (Google Inc.)
Task: {FF6B2EDF-492E-49E2-9E18-BE641A27DAB7} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001.job => C:\Users\KW\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-07-27 08:57 - 2013-04-27 10:01 - 00941992 _____ () C:\windows\SysWOW64\WPShellExt64.dll
2013-03-31 15:47 - 2010-07-29 18:19 - 00293888 _____ () C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll
2015-04-08 13:05 - 2015-04-08 13:04 - 00484472 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\opera_crashreporter.exe
2015-04-05 21:46 - 2015-04-05 21:46 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-05 21:46 - 2015-04-05 21:46 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-21 12:52 - 2015-04-21 12:52 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042101\algo.dll
2015-03-20 19:47 - 2015-03-20 19:47 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-02-21 21:05 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-21 21:05 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-21 21:05 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-21 21:05 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-21 21:05 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-08 13:05 - 2015-04-08 13:04 - 00157304 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\message_center_win8.dll
2015-04-08 13:05 - 2015-04-08 13:04 - 01488504 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\libglesv2.dll
2015-04-08 13:05 - 2015-04-08 13:04 - 00079992 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\libegl.dll
2015-04-08 13:05 - 2015-04-08 13:04 - 09625720 _____ () C:\Program Files (x86)\Opera\28.0.1750.51\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KW\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 156.154.70.22 - 156.154.71.22
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "gbrspcontrol"
HKLM\...\StartupApproved\Run32: => "MPlayerForWindows_AutoUpdateV2"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "BrowserPlugInHelper"
HKLM\...\StartupApproved\Run32: => "PureLeads Tray"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\StartupApproved\Run: => "DownloadManager"
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2873613688-3426634421-4114225331-500 - Administrator - Disabled)
Guest (S-1-5-21-2873613688-3426634421-4114225331-501 - Limited - Disabled)
KW (S-1-5-21-2873613688-3426634421-4114225331-1001 - Administrator - Enabled) => C:\Users\KW
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/18/2015 09:28:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (04/18/2015 08:40:32 PM) (Source: MsiInstaller) (EventID: 11719) (User: PC)
Description: Application: Kaspersky Anti-Virus -- Error 1719. Windows Installer service could not be accessed. Contact Technical Support to verify that it is properly registered and enabled.
 
Error: (04/17/2015 09:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Audials.exe, version: 12.0.63100.0, time stamp: 0x550856ec
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xc0020001
Fault offset: 0x00014598
Faulting process id: 0x12d4
Faulting application start time: 0xAudials.exe0
Faulting application path: Audials.exe1
Faulting module path: Audials.exe2
Report Id: Audials.exe3
Faulting package full name: Audials.exe4
Faulting package-relative application ID: Audials.exe5
 
Error: (04/15/2015 10:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cistray.exe, version: 6.3.35694.2953, time stamp: 0x52632e8e
Faulting module name: combase.dll, version: 6.3.9600.17415, time stamp: 0x545044f9
Exception code: 0xc0000005
Fault offset: 0x000000000003a042
Faulting process id: 0xf20
Faulting application start time: 0xcistray.exe0
Faulting application path: cistray.exe1
Faulting module path: cistray.exe2
Report Id: cistray.exe3
Faulting package full name: cistray.exe4
Faulting package-relative application ID: cistray.exe5
 
Error: (04/14/2015 09:46:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/14/2015 09:46:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (04/10/2015 06:05:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0xd20
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
Error: (04/03/2015 06:04:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0x1fb0
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
Error: (04/03/2015 06:02:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0x1fe0
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
Error: (04/03/2015 05:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Any Video Recorder.exe, version: 1.0.4.1, time stamp: 0x537ea9ff
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c846bb
Exception code: 0xc0000005
Fault offset: 0x0001e1b3
Faulting process id: 0x1d28
Faulting application start time: 0xAny Video Recorder.exe0
Faulting application path: Any Video Recorder.exe1
Faulting module path: Any Video Recorder.exe2
Report Id: Any Video Recorder.exe3
Faulting package full name: Any Video Recorder.exe4
Faulting package-relative application ID: Any Video Recorder.exe5
 
 
System errors:
=============
Error: (04/21/2015 07:15:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/21/2015 07:15:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/21/2015 07:15:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/21/2015 07:15:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/21/2015 07:15:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/21/2015 07:15:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/21/2015 07:15:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA eco Utility Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/21/2015 07:15:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/21/2015 07:15:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA Optical Disc Drive Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/21/2015 07:15:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/18/2015 09:28:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (04/18/2015 08:40:32 PM) (Source: MsiInstaller) (EventID: 11719) (User: PC)
Description: Application: Kaspersky Anti-Virus -- Error 1719. Windows Installer service could not be accessed. Contact Technical Support to verify that it is properly registered and enabled.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (04/17/2015 09:23:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Audials.exe12.0.63100.0550856ecKERNELBASE.dll6.3.9600.1741554504adec00200010001459812d401d0797e979cb65dC:\Program Files (x86)\Audials\Audials 12\Audials.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlle21f164e-e571-11e4-beee-008cfa21446f
 
Error: (04/15/2015 10:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cistray.exe6.3.35694.295352632e8ecombase.dll6.3.9600.17415545044f9c0000005000000000003a042f2001d077f35136acf3C:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\WINDOWS\SYSTEM32\combase.dll7263b6a4-e3e7-11e4-beee-008cfa21446f
 
Error: (04/14/2015 09:46:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\KW\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exeC:\Users\KW\Downloads\HandBrake-0.9.9-1_x86_64-Win_GUI.exe0
 
Error: (04/14/2015 09:46:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\KW\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exeC:\Users\KW\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exe0
 
Error: (04/10/2015 06:05:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b3d2001d07362782a471aC:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dll76a0c2b1-df71-11e4-beec-008cfa21446f
 
Error: (04/03/2015 06:04:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b31fb001d06dfda2ad7535C:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dll2f467227-d9f1-11e4-beea-008cfa21446f
 
Error: (04/03/2015 06:02:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b31fe001d06dfd27561bc5C:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dlldca13816-d9f0-11e4-beea-008cfa21446f
 
Error: (04/03/2015 05:58:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Any Video Recorder.exe1.0.4.1537ea9ffntdll.dll6.3.9600.1766854c846bbc00000050001e1b31d2801d06dbcf8963394C:\Program Files (x86)\Any Video Recorder\Any Video Recorder.exeC:\WINDOWS\SYSTEM32\ntdll.dll60e669ac-d9f0-11e4-beea-008cfa21446f
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-23 22:46:43.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 22:30:51.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 22:28:49.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 22:00:18.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 21:51:12.411
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-23 21:40:27.532
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 20:45:22.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 18:06:54.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 09:08:44.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-10-21 09:07:52.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B980 @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 6026.22 MB
Available physical RAM: 4314.32 MB
Total Pagefile: 12170.22 MB
Available Pagefile: 10455.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (TI10653400C) (Fixed) (Total:585.72 GB) (Free:387.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
what did you decide regarding multiple anti-virus?


 
  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #4 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #5 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • FRST Fix Log
    • Malwarebytes' Anti-Malware Log
    • ESET Scan Log
Regards,
Valinorum
  • 0

#7
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

I normally run Malawarebytes every two months and Spybot.  

I added Superantispyware when I got this malware, hoping to defeat it...  And will delete it.


  • 0

#8
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015
Ran by KW (administrator) on PC on 22-04-2015 13:27:49
Running from C:\Users\KW\Desktop\Computer Maintenance\FRST-OlderVersion
Loaded Profiles: KW (Available profiles: KW)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
() C:\Program Files (x86)\Opera\28.0.1750.51\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.51\opera.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gbrspcontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-05] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-04-13] (Glarysoft Ltd)
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\RunOnce: [Adobe Speed Launcher] => 1429667426
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\MountPoints2: {ddc4f11d-fd9f-11e3-bec5-008cfa21446f} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\...\MountPoints2: {de25872b-dc2c-11e3-bebd-008cfa21446f} - "E:\LG_PC_Programs.exe" 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-05] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2873613688-3426634421-4114225331-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2873613688-3426634421-4114225331-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-05] (Avast Software s.r.o.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-05] (Avast Software s.r.o.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1777364C-A0B5-4DCA-8DC2-6A564A2BD387}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{2E828496-8A58-4E56-AA33-FDEB946D8406}: [NameServer] 156.154.70.22,156.154.71.22
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2873613688-3426634421-4114225331-1001: @citrixonline.com/appdetectorplugin -> C:\Users\KW\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-27] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2013-04-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2013-04-03]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.msn.com/?PC=AV01"
CHR DefaultSearchKeyword: Default -> bing1.com
CHR DefaultSuggestURL: Default -> http://api.bing.com/...=AVASDF&PC=AV01
CHR Profile: C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-27]
CHR Extension: (Google Drive) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-30]
CHR Extension: (YouTube) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-27]
CHR Extension: (Google Search) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-27]
CHR Extension: (Avast Online Security) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-27]
CHR Extension: (Google Wallet) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-27]
CHR Extension: (Gmail) - C:\Users\KW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.yahoo.com/mail"
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-05] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-19] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
S2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-03-26] (Fork Ltd.) [File not signed]
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095752 2013-06-04] ()
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 swsesvc_1.10.0.14; "C:\Program Files (x86)\SwiftSearch_1.10.0.14\Service\swsesvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-05] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-05] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-09-24] (COMODO)
R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-25] (Glarysoft Ltd)
S1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2014-04-17] (Riverbed Technology, Inc.)
R1 RrNetCapFilterDriver; C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [24744 2015-03-17] (Audials AG)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3301592 2014-02-21] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-20] (Synaptics Incorporated)
R1 swsenfd_1_10_0_14; C:\Windows\System32\drivers\swsenfd_1_10_0_14.sys [58232 2015-04-10] (Swift Search)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [125640 2014-04-30] (High Criteria inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 13:26 - 2015-04-22 13:26 - 00050935 _____ () C:\Users\KW\Desktop\fixlist.txt
2015-04-21 20:49 - 2015-04-21 20:50 - 175743239 _____ () C:\Users\KW\Desktop\Double-Stroke Application Challenge.mp4
2015-04-21 20:38 - 2015-04-21 20:38 - 00000000 ____D () C:\Users\KW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2015-04-21 19:22 - 2015-04-21 19:22 - 00001859 _____ () C:\Users\KW\Desktop\JRT 1.txt
2015-04-21 19:19 - 2015-04-21 19:19 - 00001859 _____ () C:\Users\KW\Desktop\JRT.txt
2015-04-21 19:14 - 2015-04-21 19:14 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-PC-Windows-8.1-(64-bit).dat
2015-04-21 19:14 - 2015-04-21 19:14 - 00000000 ____D () C:\RegBackup
2015-04-21 12:54 - 2015-04-21 12:54 - 02217984 _____ () C:\Users\KW\Downloads\adwcleaner_4.201 (1).exe
2015-04-19 21:52 - 2015-04-19 21:52 - 446943656 _____ () C:\WINDOWS\MEMORY.DMP
2015-04-19 21:52 - 2015-04-19 21:52 - 00279336 _____ () C:\WINDOWS\Minidump\041915-19484-01.dmp
2015-04-19 21:42 - 2015-04-19 21:42 - 00000000 ____D () C:\Users\KW\Desktop\Pat Petrillo
2015-04-19 20:52 - 2015-04-19 20:53 - 00041291 _____ () C:\Users\KW\Desktop\Addition.txt
2015-04-19 20:50 - 2015-04-19 20:53 - 00052832 _____ () C:\Users\KW\Desktop\FRST.txt
2015-04-19 20:46 - 2015-04-19 19:57 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-19 20:34 - 2015-04-19 20:34 - 01305600 _____ () C:\Users\KW\Downloads\zoek (2).exe
2015-04-19 20:33 - 2015-04-19 20:33 - 00000000 ____D () C:\Users\KW\Downloads\backups
2015-04-19 20:16 - 2015-04-19 20:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\KW\Downloads\HijackThis.exe
2015-04-19 20:16 - 2015-04-19 20:16 - 00013271 _____ () C:\Users\KW\Downloads\hijackthis.log
2015-04-19 20:00 - 2015-04-19 20:50 - 00079591 _____ () C:\zoek-results.log
2015-04-19 19:57 - 2015-04-19 20:41 - 00000000 ____D () C:\zoek_backup
2015-04-19 19:57 - 2015-04-19 19:57 - 05618696 _____ (Swearware) C:\Users\KW\Downloads\ComboFix.exe
2015-04-19 19:57 - 2015-04-19 19:57 - 01305600 _____ () C:\Users\KW\Downloads\zoek.exe
2015-04-19 19:57 - 2015-04-19 19:57 - 01305600 _____ () C:\Users\KW\Downloads\zoek (1).exe
2015-04-19 18:37 - 2015-04-19 18:38 - 00000000 ____D () C:\KVRT_Data
2015-04-19 18:36 - 2015-04-19 18:37 - 115764568 _____ (Kaspersky Lab ZAO) C:\Users\KW\Downloads\KVRT.exe
2015-04-19 18:33 - 2015-04-19 18:33 - 04176437 _____ () C:\Users\KW\Downloads\tdsskiller.zip
2015-04-19 15:11 - 2015-04-19 15:12 - 00041104 _____ () C:\Users\KW\Downloads\Addition.txt
2015-04-19 15:10 - 2015-04-22 13:27 - 00000000 ____D () C:\FRST
2015-04-19 15:10 - 2015-04-19 15:12 - 00055048 _____ () C:\Users\KW\Downloads\FRST.txt
2015-04-19 15:06 - 2015-04-19 15:06 - 00688992 _____ (Swearware) C:\Users\KW\Downloads\dds.com
2015-04-19 15:01 - 2015-04-19 15:01 - 00852616 _____ () C:\Users\KW\Downloads\SecurityCheck.exe
2015-04-19 14:59 - 2015-04-21 21:45 - 00000000 ____D () C:\AdwCleaner
2015-04-19 14:03 - 2015-04-21 19:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-19 14:03 - 2015-04-19 14:03 - 00000000 ____D () C:\Users\KW\AppData\Roaming\SUPERAntiSpyware.com
2015-04-19 14:03 - 2015-04-19 14:03 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-19 14:03 - 2015-04-19 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-19 14:02 - 2015-04-19 14:02 - 21697256 _____ (SUPERAntiSpyware) C:\Users\KW\Downloads\SUPERAntiSpyware.exe
2015-04-19 13:48 - 2015-04-19 13:48 - 00001097 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-19 08:11 - 2015-04-19 08:11 - 45142720 _____ (Microsoft Corporation) C:\Users\KW\Downloads\Windows-KB890830-x64-V5.23 (1).exe
2015-04-19 08:08 - 2015-04-19 08:08 - 44167360 _____ (Microsoft Corporation) C:\Users\KW\Downloads\Windows-KB890830-V5.23.exe
2015-04-19 08:08 - 2015-04-01 11:22 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRT.exe
2015-04-18 22:16 - 2015-04-18 22:16 - 45142720 _____ (Microsoft Corporation) C:\Users\KW\Downloads\Windows-KB890830-x64-V5.23.exe
2015-04-18 22:09 - 2015-04-18 22:09 - 00572456 _____ (F-Secure Corporation) C:\Users\KW\Downloads\F-SecureOnlineScanner.exe
2015-04-18 21:54 - 2015-01-05 22:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-18 21:54 - 2015-01-05 21:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-18 21:54 - 2015-01-05 20:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-18 21:54 - 2015-01-05 20:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-18 21:28 - 2015-04-19 20:48 - 00002270 _____ () C:\WINDOWS\PFRO.log
2015-04-18 21:23 - 2015-04-18 21:33 - 00012308 _____ () C:\Users\KW\Desktop\RBB May 2015 concerts.odt
2015-04-18 21:19 - 2015-04-18 21:24 - 00217315 _____ () C:\Users\KW\AppData\Local\census.cache
2015-04-18 21:19 - 2015-04-18 21:24 - 00103662 _____ () C:\Users\KW\AppData\Local\ars.cache
2015-04-18 21:17 - 2015-04-18 21:21 - 00000010 _____ () C:\Users\KW\AppData\Local\sponge.last.runtime.cache
2015-04-18 21:11 - 2015-04-18 21:11 - 02073512 _____ (Trend Micro Inc.) C:\Users\KW\Downloads\HousecallLauncher.exe
2015-04-18 21:11 - 2015-04-18 21:11 - 00000036 _____ () C:\Users\KW\AppData\Local\housecall.guid.cache
2015-04-18 20:56 - 2015-04-18 20:56 - 00588816 _____ () C:\Users\KW\Downloads\Autoruns.zip
2015-04-18 20:56 - 2015-04-18 20:56 - 00000000 ____D () C:\Users\KW\Downloads\Autoruns
2015-04-18 20:52 - 2015-04-18 20:53 - 159485920 _____ (Emsisoft Ltd. ) C:\Users\KW\Downloads\EmsisoftAntiMalwareSetup.exe
2015-04-18 20:45 - 2015-04-18 20:45 - 00640104 _____ ( ) C:\Users\KW\Downloads\RKill.exe
2015-04-18 20:36 - 2015-04-18 20:36 - 00000000 ____D () C:\Users\KW\AppData\Local\PC_Cleanup_Utility_Inc
2015-04-18 20:36 - 2015-04-18 20:36 - 00000000 ____D () C:\Users\KW\AppData\Local\PC Cleanup Utility Inc
2015-04-18 20:36 - 2015-04-18 20:36 - 00000000 ____D () C:\ProgramData\PC Cleanup Utility Inc
2015-04-18 20:23 - 2015-04-18 20:23 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-04-18 20:22 - 2015-04-18 20:22 - 01549632 _____ (Kaspersky Lab) C:\Users\KW\Downloads\kav15.0.0.463en_7000.exe
2015-04-18 11:55 - 2015-04-18 11:55 - 00000000 ____D () C:\WINDOWS\pss
2015-04-18 10:36 - 2015-04-21 19:07 - 00000924 _____ () C:\WINDOWS\setupact.log
2015-04-18 10:36 - 2015-04-18 10:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-18 08:53 - 2015-04-18 08:53 - 15058624 _____ () C:\Users\KW\Downloads\Glary_Utilities_v5.23.0.42.exe
2015-04-17 21:31 - 2015-04-17 21:31 - 00001267 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2015-04-17 21:31 - 2015-04-17 21:31 - 00001153 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2015-04-17 21:31 - 2015-04-17 21:31 - 00001141 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2015-04-17 21:22 - 2015-04-17 21:23 - 01621568 _____ (NCH Software) C:\Users\KW\Downloads\debutsetup.exe
2015-04-17 21:22 - 2015-04-17 21:22 - 00000970 _____ () C:\Users\Public\Desktop\Audials 12.lnk
2015-04-17 21:20 - 2015-04-17 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 12
2015-04-17 21:20 - 2015-04-17 21:21 - 00000000 ____D () C:\ProgramData\RapidSolution
2015-04-17 21:20 - 2015-04-17 21:20 - 00000000 ____D () C:\Program Files (x86)\Audials
2015-04-17 21:18 - 2015-04-17 21:18 - 00000000 ____D () C:\Users\KW\AppData\Local\RapidSolution
2015-04-17 21:12 - 2015-04-17 21:16 - 66612384 _____ () C:\Users\KW\Downloads\Audials_Moviebox-Setup__741.exe
2015-04-17 20:56 - 2015-04-17 20:56 - 00000000 ____D () C:\Users\KW\Documents\Streaming Video Recorder
2015-04-17 20:52 - 2015-04-17 20:54 - 27868272 _____ (APOWERSOFT LIMITED ) C:\Users\KW\Downloads\streaming-video-recorder-cnet.exe
2015-04-17 20:48 - 2015-04-17 20:48 - 06543896 _____ (Bolide Software ) C:\Users\KW\Downloads\wsr_setup.exe
2015-04-15 22:10 - 2015-04-15 22:10 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 22:09 - 2015-04-15 22:09 - 00000000 ____D () C:\Users\KW\AppData\Roaming\TotalRecorder
2015-04-15 22:08 - 2015-04-15 22:08 - 05041864 _____ () C:\Users\KW\Downloads\tr85se.exe
2015-04-15 22:08 - 2015-04-15 22:08 - 00001259 _____ () C:\Users\Public\Desktop\Total Recorder.LNK
2015-04-15 22:08 - 2015-04-15 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Recorder
2015-04-15 22:08 - 2015-04-15 22:08 - 00000000 ____D () C:\Program Files (x86)\HighCriteria
2015-04-15 22:08 - 2014-04-30 15:37 - 00125640 _____ (High Criteria inc.) C:\WINDOWS\system32\Drivers\TotRec8.sys
2015-04-15 21:20 - 2015-04-15 21:20 - 00001217 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2015-04-15 21:20 - 2015-04-15 21:20 - 00000049 _____ () C:\WINDOWS\SysWOW64\ScrRecX.log
2015-04-15 21:20 - 2015-04-15 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2015-04-15 21:20 - 2015-04-15 21:20 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2015-04-15 21:20 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2015-04-15 21:19 - 2015-04-15 21:19 - 16490312 _____ (DsNET Corp ) C:\Users\KW\Downloads\aTube_Catcher_SOMOTO_8004.exe
2015-04-15 20:38 - 2015-03-14 03:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 20:38 - 2015-03-14 03:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 20:37 - 2015-03-23 16:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 20:37 - 2015-03-23 16:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 20:37 - 2015-03-23 16:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 20:37 - 2015-03-23 16:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 20:37 - 2015-03-23 16:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 20:37 - 2015-03-19 23:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 20:37 - 2015-03-19 23:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 20:37 - 2015-03-19 23:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 20:37 - 2015-03-19 22:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 20:37 - 2015-03-19 21:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 20:37 - 2015-03-19 21:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 20:37 - 2015-03-19 21:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 20:37 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 20:37 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 20:37 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 20:37 - 2015-03-12 22:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 20:37 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 20:37 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 20:37 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 20:37 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 20:37 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 20:37 - 2015-03-12 22:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 20:37 - 2015-03-12 22:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 20:37 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 20:37 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 20:37 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 20:37 - 2015-03-12 21:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 20:37 - 2015-03-12 21:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 20:37 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 20:37 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 20:37 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 20:37 - 2015-03-12 21:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 20:37 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 20:37 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 20:37 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 20:37 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 20:37 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 20:37 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 20:37 - 2015-02-24 03:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 20:37 - 2015-02-20 18:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 20:35 - 2015-03-22 17:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 20:35 - 2015-03-22 17:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 20:35 - 2015-03-14 03:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 20:35 - 2015-03-13 20:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 20:35 - 2015-03-13 20:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 20:35 - 2015-03-13 20:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 20:35 - 2015-03-13 20:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 20:35 - 2015-03-13 20:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 20:35 - 2015-03-13 19:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 20:35 - 2015-03-13 19:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 20:35 - 2015-03-13 19:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 20:35 - 2015-03-13 19:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 20:35 - 2015-03-13 19:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 20:35 - 2015-03-13 19:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 20:35 - 2015-03-13 19:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 20:35 - 2015-03-13 19:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 20:35 - 2015-03-13 19:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 20:35 - 2015-03-13 19:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 20:35 - 2015-03-13 18:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 20:35 - 2015-03-13 18:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 20:35 - 2015-03-04 05:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 20:35 - 2015-03-03 22:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 20:35 - 2015-03-03 21:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 20:35 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-14 22:18 - 2015-04-14 22:18 - 00665200 _____ (vcatcher.com) C:\Users\KW\Downloads\vcatcher-setup.exe
2015-04-14 22:06 - 2015-04-14 22:06 - 06177656 _____ (http://freerecorders.com ) C:\Users\KW\Downloads\screenrecorder_setup [1].exe
2015-04-14 22:06 - 2015-04-14 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-14 22:05 - 2015-04-14 22:05 - 01610184 _____ (Safe Download-screenrecorder_setup ) C:\Users\KW\Downloads\screenrecorder_setup.exe
2015-04-14 21:57 - 2015-04-14 21:57 - 28609640 _____ () C:\Users\KW\Downloads\InstallScreencastOMatic-v1.4.exe
2015-04-12 22:19 - 2015-04-12 22:19 - 00000000 ____D () C:\Users\KW\Documents\FlashIntegro
2015-04-12 22:19 - 2015-04-12 22:19 - 00000000 ____D () C:\Users\KW\AppData\Roaming\ScreenRecorder
2015-04-12 22:18 - 2015-04-12 22:18 - 00001269 _____ () C:\Users\KW\Desktop\VSDC Free Screen Recorder.lnk
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro
2015-04-12 22:18 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\Lagarith.dll
2015-04-12 22:18 - 2005-08-01 19:43 - 00245760 _____ () C:\WINDOWS\SysWOW64\lame.ax
2015-04-12 22:18 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2015-04-12 22:18 - 2004-09-06 16:06 - 00053248 _____ () C:\WINDOWS\SysWOW64\xvid.ax
2015-04-12 22:18 - 2004-07-03 21:08 - 00139264 _____ () C:\WINDOWS\SysWOW64\xvidvfw.dll
2015-04-12 22:18 - 2004-07-03 20:59 - 00524288 _____ () C:\WINDOWS\SysWOW64\xvidcore.dll
2015-04-12 22:18 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\WINDOWS\SysWOW64\AC3ACM.acm
2015-04-12 22:18 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divx.dll
2015-04-12 22:18 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divxdec.ax
2015-04-12 22:18 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\WINDOWS\SysWOW64\mcdvd_32.dll
2015-04-12 22:18 - 2003-05-21 23:50 - 00156910 _____ () C:\WINDOWS\WMSysPr8.prx
2015-04-12 22:18 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\WINDOWS\SysWOW64\vct3216.acm
2015-04-12 22:18 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\WINDOWS\SysWOW64\alf2cd.acm
2015-04-12 22:18 - 2003-05-21 23:50 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-04-12 22:18 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\L3CODECX.AX
2015-04-12 22:18 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg4c32.dll
2015-04-12 22:18 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\WINDOWS\SysWOW64\Scg726.acm
2015-04-12 22:17 - 2015-04-12 22:17 - 15329928 _____ (Flash-Integro LLC ) C:\Users\KW\Downloads\screen_recorder_download.exe
2015-04-12 09:47 - 2015-04-12 09:48 - 00000000 ____D () C:\Users\KW\Desktop\lessons
2015-04-11 22:52 - 2015-04-11 22:52 - 24210616 _____ (Audacity Team ) C:\Users\KW\Downloads\Audacity_v2.1.0.exe
2015-04-11 22:52 - 2015-04-11 22:52 - 15049832 _____ () C:\Users\KW\Downloads\Glary_Utilities_v5.22.0.41.exe
2015-04-11 22:27 - 2015-04-11 22:32 - 329390244 _____ () C:\Users\KW\Downloads\drumeo-975-HD.mp4standard (1).mp4
2015-04-11 20:14 - 2015-04-11 20:14 - 00035696 _____ () C:\Users\KW\Documents\Edgar’s Practice Tips.html
2015-04-11 20:14 - 2015-04-11 20:14 - 00000000 ____D () C:\Users\KW\Documents\Edgar’s Practice Tips_files
2015-04-11 19:53 - 2015-04-11 20:00 - 340652904 _____ () C:\Users\KW\Downloads\antonio-sanchez-creative-soloing-and-freedomstandard.mp4
2015-04-10 15:00 - 2015-04-10 15:00 - 00058232 _____ (Swift Search) C:\WINDOWS\system32\Drivers\swsenfd_1_10_0_14.sys
2015-04-05 21:46 - 2015-04-05 21:46 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-05 21:46 - 2015-04-05 21:46 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-04 18:17 - 2015-04-04 18:18 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 18:17 - 2015-04-04 18:17 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-01 21:57 - 2015-04-02 15:58 - 00000000 ____D () C:\Users\KW\Documents\Any Video Recorder
2015-04-01 21:57 - 2015-04-01 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Recorder
2015-04-01 21:57 - 2015-04-01 21:57 - 00000000 ____D () C:\Program Files (x86)\Any Video Recorder
2015-04-01 21:57 - 2012-05-17 13:01 - 00033872 _____ (AnvSoft Inc.) C:\WINDOWS\system32\Drivers\anvsnddrv.sys
2015-04-01 21:56 - 2015-04-01 21:56 - 07600000 _____ (anvsoft, Inc. ) C:\Users\KW\Downloads\any-video-recorder.exe
2015-03-29 13:44 - 2015-04-19 21:48 - 00000000 ____D () C:\Users\KW\Desktop\New drums
2015-03-25 17:56 - 2015-04-19 15:06 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-03-25 17:56 - 2015-04-19 15:06 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-25 17:56 - 2015-03-25 17:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-03-25 17:56 - 2015-03-25 17:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-03-25 17:56 - 2015-03-25 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-22 13:24 - 2014-02-11 21:54 - 00000000 ____D () C:\Users\KW\AppData\Roaming\ClassicShell
2015-04-22 13:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-21 21:43 - 2015-01-24 11:15 - 02012115 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-21 21:42 - 2013-12-31 18:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-21 21:42 - 2013-10-27 09:29 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 21:35 - 2015-02-27 06:57 - 00000550 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001.job
2015-04-21 20:38 - 2013-03-30 16:47 - 00000000 ____D () C:\Users\KW\Desktop\Computer Maintenance
2015-04-21 19:07 - 2014-10-25 21:37 - 00000332 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-04-21 19:07 - 2013-10-27 09:29 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-21 19:07 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-21 19:07 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-20 21:46 - 2013-03-30 16:19 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-20 21:45 - 2014-04-04 19:41 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-19 21:52 - 2013-10-27 21:24 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-19 21:48 - 2014-04-29 09:01 - 00000000 ____D () C:\Users\KW\Desktop\drum lessons
2015-04-19 21:45 - 2013-04-20 14:26 - 00000000 ____D () C:\Users\KW\AppData\Roaming\vlc
2015-04-19 21:24 - 2014-09-07 13:03 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 20:16 - 2013-03-30 15:57 - 00000000 ____D () C:\Users\KW\AppData\Local\VirtualStore
2015-04-19 15:19 - 2014-09-07 17:55 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-18 21:54 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-18 10:30 - 2014-09-21 19:37 - 00000000 ____D () C:\Users\KW\Desktop\Audio Video
2015-04-18 10:23 - 2014-10-25 21:36 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-04-18 08:55 - 2014-10-25 21:37 - 00002954 _____ () C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-04-18 08:55 - 2014-10-25 21:37 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-04-18 08:55 - 2014-10-25 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-04-18 08:51 - 2014-02-21 21:05 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-17 21:46 - 2015-02-27 06:57 - 00003532 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2873613688-3426634421-4114225331-1001
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\Users\KW\AppData\Roaming\NCH Software
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\ProgramData\NCH Software
2015-04-17 21:31 - 2014-11-25 00:01 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-04-17 21:02 - 2014-10-16 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2015-04-17 20:56 - 2014-10-16 22:02 - 00000000 ____D () C:\Users\KW\AppData\Roaming\Apowersoft
2015-04-15 23:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-15 22:36 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 22:10 - 2014-11-25 09:45 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 22:09 - 2013-10-23 23:37 - 00000000 ____D () C:\Users\KW
2015-04-15 20:47 - 2013-08-15 13:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 22:19 - 2013-04-03 22:04 - 00000000 ____D () C:\Program Files\WinPcap
2015-04-14 21:42 - 2013-12-31 18:05 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:31 - 2013-09-29 23:04 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-13 18:24 - 2014-12-12 23:06 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 18:24 - 2014-12-12 23:06 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-11 22:53 - 2013-04-21 20:02 - 00001046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-04-11 22:53 - 2013-04-21 20:02 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-04-08 13:05 - 2014-06-03 12:40 - 00003818 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396658504
2015-04-08 13:05 - 2014-04-04 19:41 - 00001074 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-05 21:46 - 2014-05-03 20:07 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-05 21:46 - 2013-12-31 18:07 - 00136752 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00271200 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00088408 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-05 21:46 - 2013-10-27 09:28 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-05 21:07 - 2014-09-05 21:56 - 00000000 ____D () C:\Users\KW\Desktop\Bands
2015-04-01 22:07 - 2013-03-31 16:23 - 00000000 ____D () C:\Users\KW\AppData\Roaming\AnvSoft
2015-04-01 11:16 - 2013-04-03 22:01 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-29 20:43 - 2015-03-19 10:44 - 00009702 _____ () C:\Users\KW\Desktop\Handyman.odt
2015-03-29 14:33 - 2013-11-29 09:23 - 00000000 ____D () C:\Users\KW\Desktop\My photos
2015-03-28 14:49 - 2013-09-15 10:16 - 00000000 ____D () C:\Users\KW\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2013-06-21 23:09 - 2013-06-21 23:09 - 0000077 _____ () C:\Users\KW\AppData\Roaming\mbam.context.scan
2015-04-18 21:19 - 2015-04-18 21:24 - 0103662 _____ () C:\Users\KW\AppData\Local\ars.cache
2015-04-18 21:19 - 2015-04-18 21:24 - 0217315 _____ () C:\Users\KW\AppData\Local\census.cache
2015-04-18 21:11 - 2015-04-18 21:11 - 0000036 _____ () C:\Users\KW\AppData\Local\housecall.guid.cache
2015-04-18 21:17 - 2015-04-18 21:21 - 0000010 _____ () C:\Users\KW\AppData\Local\sponge.last.runtime.cache
 
Some content of TEMP:
====================
C:\Users\KW\AppData\Local\Temp\Quarantine.exe
C:\Users\KW\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-21 21:46
 
==================== End Of Log ============================

  • 0

#9
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/22/2015
Scan Time: 7:56:07 PM
Logfile: Malawarebytes text log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.22.07
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: KW

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337857
Time Elapsed: 24 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.SwiftSearch.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swsenfd_1_10_0_14, Quarantined, [4956135c83071a1c484212450500ed13],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [613ef976503a4fe7ffbaea5ff60f36ca],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [4956d19ec3c794a2f3c5f15858ad0000],
PUP.Optional.SwiftSearch.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\swsesvc_1.10.0.14, Quarantined, [9a05abc4e6a4c472d9b4df788e7746ba],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 7
PUP.Optional.InstallCore, C:\Users\KW\Downloads\FileExtractorSetup.exe, Quarantined, [0996d09fa4e6092db19d667307fe02fe],
PUP.Optional.InstallCore, C:\Users\KW\Downloads\FileOpenerSetup (1).exe, Quarantined, [920d38376d1d013551fd4495f4117789],
PUP.Optional.InstallCore, C:\Users\KW\Downloads\FileOpenerSetup (2).exe, Quarantined, [e6b9d6996921ae88e9d52abe85801fe1],
PUP.Optional.InstallCore, C:\Users\KW\Downloads\FileOpenerSetup.exe, Quarantined, [4e51f6791c6ea98d06483c9d768f42be],
PUP.Optional.Somoto, C:\Users\KW\Downloads\DVDshrink32setup_downloader-Qa3lwNcdG.exe, Quarantined, [c5da9ad57a10af87a30e120a6a9842be],
PUP.Optional.Winsock.Hijack, C:\Windows\System32\plsapp64.dll, Quarantined, [e3bc9ed194f6cd69f06865ee22e3ae52],
PUP.Optional.SwiftSearch.A, C:\Windows\System32\drivers\swsenfd_1_10_0_14.sys, Quarantined, [4956135c83071a1c484212450500ed13],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
I await the ESET scan result.
  • 0

Advertisements


#11
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

ESET scan log:

 

 

C:\Users\All Users\COMODO\Cis\Quarantine\data\{8C26BCE5-3492-4B9D-BF65-BBEEBD08CD6A}    a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SwiftSearch_1.10.0.14\Service\swsesvc.exe.vir    a variant of Win32/Adware.Vitruvian.F application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\WINDOWS\apppatch\apppatch64\vcldr64.dll.vir    a variant of Win32/ClientConnect.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\Free Audio Converter 2014\goup.exe    a variant of Win32/Tsingsoft.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Debut\debut.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Debut\debutsetup_v2.12.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.76.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prism.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Prism\prismsetup_v2.25.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\switch.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\Switch\switchsetup_v4.65.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v6.02.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\ProgramData\COMODO\Cis\Quarantine\data\{8C26BCE5-3492-4B9D-BF65-BBEEBD08CD6A}    a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application    deleted - quarantined
C:\Users\KW\Downloads\aTube_Catcher_SOMOTO_8004.exe    Win32/Somoto.Q potentially unwanted application    deleted - quarantined
C:\Users\KW\Downloads\debutsetup.exe    a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\DVDStyler-2.8-win32.exe    Win32/Somoto.E potentially unwanted application    deleted - quarantined
C:\Users\KW\Downloads\FreeAudioConverter (1).exe    Win32/Spigot.A potentially unwanted application    deleted - quarantined
C:\Users\KW\Downloads\FreeAudioConverter.exe    a variant of Win32/OpenCandy.C potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\FreemakeAudioConverterSetup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\FreemakeVideoDownloaderSetup (1).exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\FreemakeVideoDownloaderSetup (2).exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\FreemakeVideoDownloaderSetup(1).exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\FreemakeVideoDownloaderSetup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\FreemakeYoutubeMp3ConverterSetup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Users\KW\Downloads\RKill.exe    a variant of Win32/TrojanDropper.Addrop.F trojan    cleaned by deleting - quarantined
C:\zoek_backup\C_Users_KW_Downloads_FreeAudioConverter_CNET.exe.vir    a variant of Win32/Tsingsoft.A potentially unwanted application    deleted - quarantined
C:\zoek_backup\C_Users_KW_Downloads_Youtube_Music_Downloader_Setup.exe.vir    Win32/Spigot.A potentially unwanted application    deleted - quarantined
C:\zoek_backup\C_WINDOWS_SysWOW64_LavasoftTcpService.dll.vir    a variant of Win32/Komodia.A potentially unsafe application    deleted - quarantined


  • 0

#12
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
How is your PC performing?
  • 0

#13
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Great.


  • 0

#14
gringo1

gringo1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Am I clean?


  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

Regards,
Valinorum
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP