Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected [Closed]


  • This topic is locked This topic is locked

#1
sunetvos

sunetvos

    New Member

  • Member
  • Pip
  • 2 posts

stuff keep popping up spyware and add ware please help 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by Sunet (administrator) on SUNET-PC on 27-06-2015 13:55:25
Running from C:\Users\Sunet\Downloads
Loaded Profiles: Sunet & UpdatusUser (Available Profiles: Sunet & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\econser.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\econceal.exe
(MicroWorld Technologies Inc.) C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\traysser.exe
(MicroWorld Technologies Inc.) C:\Program Files\Common Files\MicroWorld\Agent\mwaser.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\BACKUP.76737156.consctl.exe
(MicroWorld Technologies Inc.) C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files\Jelbrus Secure Web\privoxy.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\0ca45c95134d\cf3e08d747e4.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\trayicos.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(YTDownloader) C:\Program Files\YTDownloader\YTDownloader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\Vista\escanmon.exe
(Akamai Technologies, Inc.) C:\Users\Sunet\AppData\Local\Akamai\NETSES~1.EXE
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Sunet\AppData\Local\Akamai\NETSES~1.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(PU-App) C:\Users\Sunet\AppData\Local\zlazvtatzek0bmn\znazbzbwzf80dwn.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\maildisp.exe
(MicroWorld Technologies Inc.) C:\Program Files\eScan\SPOOLER.EXE
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988456 2015-01-13] (YTDownloader)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-06-13] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sunet\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1988456 2015-01-13] (YTDownloader)
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Run: [Dropbox Update] => C:\Users\Sunet\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-07] (Dropbox, Inc.)
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_190_Plugin.exe [927920 2015-06-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-346615330-1898244074-3437654769-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-06] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\Users\Sunet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk [2015-06-14]
ShortcutTarget: bm.lnk -> C:\Users\Sunet\AppData\Local\zlazvtatzek0bmn\znazbzbwzf80dwn.exe (PU-App)
Startup: C:\Users\Sunet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk [2014-05-03]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Sunet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-11-16]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://howzit.msn.com/?ocid=iehp
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-346615330-1898244074-3437654769-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-346615330-1898244074-3437654769-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> DefaultScope {66A9804F-E402-4879-9CA6-37F8E602C3AC} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1000 -> {66A9804F-E402-4879-9CA6-37F8E602C3AC} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-346615330-1898244074-3437654769-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-01-13] (Goobzo Ltd.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Windows\system32\mwnsp.dll [173232 2014-11-05] (MicroWorld Technologies Inc.)
Winsock: Catalog9 01 C:\Windows\system32\mwtsp.dll [1378480 2014-11-05] (MicroWorld Technologies Inc.)
Winsock: Catalog9 02 C:\Windows\system32\mwtsp.dll [1378480 2014-11-05] (MicroWorld Technologies Inc.)
Winsock: Catalog9 03 C:\Windows\system32\mwtsp.dll [1378480 2014-11-05] (MicroWorld Technologies Inc.)
Winsock: Catalog9 04 C:\Windows\system32\mwtsp.dll [1378480 2014-11-05] (MicroWorld Technologies Inc.)
Winsock: Catalog9 25 C:\Windows\system32\mwtsp.dll [1378480 2014-11-05] (MicroWorld Technologies Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga...4XZXXXX5VM8T4XZ
 
FireFox:
========
FF ProfilePath: C:\Users\Sunet\AppData\Roaming\Mozilla\Firefox\Profiles\daz0z68f.default-1434382726143
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-26] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.8\\npsitesafety.dll No File
FF Plugin: @FromDocToPDF_65.com/Plugin -> C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll No File
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-13] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\Sunet\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml [2014-10-07]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystarttb.xml [2014-11-03]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml [2015-01-10]
FF Extension: TrafficLight - C:\Users\Sunet\AppData\Roaming\Mozilla\Firefox\Profiles\daz0z68f.default-1434382726143\Extensions\[email protected] [2015-06-27]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Sunet\AppData\Roaming\Mozilla\Firefox\Profiles\solb18ez.default\extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Sunet\AppData\Roaming\Mozilla\Firefox\Profiles\solb18ez.default\extensions\[email protected]
 
Chrome: 
=======
CHR Profile: C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-27]
CHR Extension: (YouTube) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-27]
CHR Extension: (TrafficLight) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-06-27]
CHR Extension: (Google Search) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-27]
CHR Extension: (winnie the pooh) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\golfgdoojafiippacodpnlfkmclpdgmo [2015-06-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Google Wallet) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-27]
CHR Extension: (Gmail) - C:\Users\Sunet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR HKLM\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files\mystarttb\chrome-newtab-search.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R2 EconService; c:\Program Files\eScan\econser.exe [527024 2015-02-25] (MicroWorld Technologies Inc.)
R2 eScan Monitor Service; C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe [2293024 2015-06-15] (MicroWorld Technologies Inc.)
R2 eScan-trayicos; C:\Program Files\eScan\traysser.exe [165608 2015-06-04] (MicroWorld Technologies Inc.)
R2 HPSLPSVC; C:\Users\Sunet\AppData\Local\Temp\7zS1AE0\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2014-04-27] () [File not signed]
R2 MWAgent; C:\Program Files\Common Files\MicroWorld\Agent\mwaser.exe [414384 2015-02-25] (MicroWorld Technologies Inc.)
S2 Orbiter; C:\Program Files\ORBTR\orbiter.dll [558544 2015-02-15] (Client Connect LTD)
R2 PrivoxyService; C:\Program Files\Jelbrus Secure Web\privoxy.exe [371200 2015-02-17] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 UniversalUpdater; C:\Program Files\0ca45c95134d\cf3e08d747e4.exe [646144 2014-10-30] () [File not signed] <==== ATTENTION
R2 vToolbarUpdater18.1.8; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe [1813528 2014-07-15] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2011-03-24] (BitDefender)
R1 econceal; C:\Windows\System32\DRIVERS\econceal.sys [25608 2011-08-01] (MicroWorld Technologies Inc.)
S3 mtkmbim; C:\Windows\System32\DRIVERS\mtkmbim7.sys [172544 2012-12-13] (MediaTek Inc.)
S3 mwfsmfltr; C:\Windows\System32\DRIVERS\mwfsmflt.sys [26536 2012-10-12] (MicroWorld Technologies Inc.)
R3 ProcObsrv; c:\Program Files\eScan\ProcObsrv.sys [16096 2013-09-13] (MicroWorld Technologies Inc.)
R3 ProcObsrves; C:\Program Files\eScan\ProcObsrves.sys [46056 2015-06-26] (MicroWorld Technologies Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [68096 2013-12-02] (BlackBerry Limited)
R3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2014-11-05] (BitDefender S.R.L.)
S3 wdf_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [68480 2013-11-19] (MediaTek Inc.)
R1 zmizmzb2zhm0bgn; C:\Windows\System32\drivers\zmizmzb2zhm0bgn.sys [42840 2015-06-25] (Windows ® Win 7 DDK provider)
U0 SR; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 13:55 - 2015-06-27 13:55 - 00024213 _____ C:\Users\Sunet\Downloads\FRST.txt
2015-06-27 13:54 - 2015-06-27 13:55 - 00000000 ____D C:\FRST
2015-06-27 13:54 - 2015-06-27 13:54 - 01636352 _____ (Farbar) C:\Users\Sunet\Downloads\FRST.exe
2015-06-27 13:02 - 2015-06-27 13:05 - 31571808 _____ C:\Users\Sunet\Downloads\60Second_x86.exe
2015-06-27 13:02 - 2015-06-27 13:02 - 00160160 _____ C:\Users\Sunet\Downloads\60Second_en_us.exe
2015-06-27 12:52 - 2015-06-27 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-27 12:48 - 2015-06-27 13:53 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 12:48 - 2015-06-27 12:53 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-27 12:21 - 2015-06-27 13:08 - 00000000 ____D C:\ProgramData\TEMP
2015-06-27 12:21 - 2015-06-27 12:21 - 00000000 ____D C:\ProgramData\Licenses
2015-06-27 12:05 - 2015-06-27 12:05 - 02077392 _____ (Microsoft Corporation) C:\Users\Sunet\Downloads\IE11-Windows6.1.exe
2015-06-27 02:20 - 2015-06-27 02:20 - 00000000 ____D C:\Windows\rundll16.exe
2015-06-27 02:20 - 2015-06-27 02:20 - 00000000 ____D C:\Windows\logo1_.exe
2015-06-25 18:49 - 2015-06-25 18:49 - 00015700 _____ C:\Windows\WSSPORD.DAT
2015-06-25 16:20 - 2015-06-25 16:20 - 00000000 ____D C:\Program Files\Hades
2015-06-25 16:19 - 2015-06-25 16:19 - 00000000 ____D C:\Program Files\Szmyznta1zdi0zgn
2015-06-25 06:09 - 2015-06-25 06:09 - 00042840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\zmizmzb2zhm0bgn.sys
2015-06-25 04:46 - 2015-06-25 04:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link Connection Manager
2015-06-25 04:46 - 2015-06-25 04:46 - 00000000 ____D C:\Program Files\D-Link Connection Manager
2015-06-24 16:35 - 2015-06-26 16:03 - 00000000 ____D C:\Users\Sunet\Desktop\jurgens vodaphone
2015-06-23 18:58 - 2015-06-23 18:58 - 00001147 _____ C:\Users\Sunet\Desktop\Cookbook.lnk
2015-06-21 18:46 - 2015-06-21 18:46 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-21 18:46 - 2015-06-21 18:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-20 16:46 - 2015-06-20 17:18 - 00000000 ____D C:\Users\Sunet\Desktop\scrollsaw
2015-06-18 21:21 - 2015-06-18 21:44 - 00000000 ____D C:\Users\Sunet\Desktop\jj 1
2015-06-18 10:22 - 2015-06-18 16:30 - 00000000 ____D C:\Users\Sunet\Desktop\sunet kombuis
2015-06-15 17:33 - 2015-06-15 17:33 - 00243408 _____ C:\Users\Sunet\Downloads\4D03.tmp
2015-06-15 14:21 - 2015-06-15 14:21 - 00000000 ____D C:\Users\Sunet\Desktop\repuppies
2015-06-15 13:48 - 2015-06-15 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matilda's Fantastic Cookbook Software
2015-06-15 13:48 - 2015-06-15 13:48 - 00000000 ____D C:\Program Files\Matilda
2015-06-15 13:48 - 2015-06-15 13:48 - 00000000 ____D C:\Program Files\Common Files\Sagekey Software
2015-06-15 09:22 - 2015-06-15 09:22 - 00000000 ____D C:\Users\Sunet\Documents\Recipes
2015-06-15 09:22 - 2015-06-15 09:22 - 00000000 ____D C:\ProgramData\Savin Rock Software LLC
2015-06-15 09:20 - 2015-06-15 09:20 - 00294825 ____H C:\Users\Sunet\Desktop\.COOK.basic.blurb.backup
2015-06-15 09:20 - 2015-06-15 09:20 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SRSRecipeOrganizer
2015-06-15 09:20 - 2015-06-15 09:20 - 00000000 ____D C:\Program Files\Savin Rock Software
2015-06-15 09:18 - 2015-06-15 09:18 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\Flo & Seb Engineering
2015-06-15 09:16 - 2015-06-15 09:21 - 00000000 ____D C:\Users\Sunet\AppData\Local\Blurb
2015-06-15 09:16 - 2015-06-15 09:16 - 00000000 ____D C:\Users\Sunet\Documents\Blurb
2015-06-15 09:11 - 2015-06-15 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookWright
2015-06-15 09:11 - 2015-06-15 09:11 - 00000000 ____D C:\Program Files\BookWright
2015-06-15 08:41 - 2015-06-15 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cookbook
2015-06-15 08:41 - 2015-06-15 08:41 - 00000000 ____D C:\Program Files\Flo & Seb Engineering
2015-06-15 00:24 - 2015-06-23 17:52 - 00000000 ____D C:\Users\Sunet\Desktop\kinder kits
2015-06-14 15:33 - 2015-06-21 00:32 - 00000000 ____D C:\Users\Sunet\AppData\Local\zlazvtatzek0bmn
2015-06-11 19:55 - 2015-06-25 16:14 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-11 06:11 - 2015-06-11 06:11 - 01001704 _____ (Igor Pavlov) C:\Windows\system32\7z.dll
2015-06-11 06:03 - 2015-06-11 06:03 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-10 15:24 - 2015-06-10 15:24 - 00001351 _____ C:\Windows\system32\Melt the 2 cups of coconut oil in a pot and a cup of date paste and 6 heaped up tbls of cocoa then put it in a square bowl put the nuts and berries in then put in the fridge then every 20 min sti.docx.lnk
2015-06-07 19:58 - 2015-06-07 19:58 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\VideoCapture
2015-06-07 19:54 - 2015-06-07 19:58 - 00000000 ____D C:\Users\Sunet\Documents\FlashIntegro
2015-06-07 19:54 - 2015-06-07 19:54 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\VideoEditor
2015-06-07 19:54 - 2015-06-07 19:54 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\FlashIntegro
2015-06-07 19:53 - 2015-06-15 21:13 - 00000000 ____D C:\Program Files\Common Files\FlashIntegro
2015-06-07 19:53 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\system32\mslvddsfilter2.ax
2015-06-07 19:53 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\system32\Lagarith.dll
2015-06-07 19:53 - 2005-08-01 19:43 - 00245760 _____ () C:\Windows\system32\lame.ax
2015-06-07 19:53 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\system32\vp6vfw.dll
2015-06-07 19:53 - 2004-09-06 16:06 - 00053248 _____ C:\Windows\system32\xvid.ax
2015-06-07 19:53 - 2004-07-03 21:08 - 00139264 _____ C:\Windows\system32\xvidvfw.dll
2015-06-07 19:53 - 2004-07-03 20:59 - 00524288 _____ C:\Windows\system32\xvidcore.dll
2015-06-07 19:53 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\system32\AC3ACM.acm
2015-06-07 19:53 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\system32\divx.dll
2015-06-07 19:53 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\system32\divxdec.ax
2015-06-07 19:53 - 2003-05-21 23:50 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-06-07 19:53 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\system32\mcdvd_32.dll
2015-06-07 19:53 - 2003-05-21 23:50 - 00156910 _____ C:\Windows\WMSysPr8.prx
2015-06-07 19:53 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\system32\vct3216.acm
2015-06-07 19:53 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\system32\alf2cd.acm
2015-06-07 19:53 - 2003-05-21 23:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2015-06-07 19:53 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\L3CODECX.AX
2015-06-07 19:53 - 2003-03-18 23:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2015-06-07 19:53 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\system32\mpg4c32.dll
2015-06-07 19:53 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\system32\Scg726.acm
2015-06-07 09:40 - 2015-06-27 13:45 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-346615330-1898244074-3437654769-1000UA.job
2015-06-07 09:40 - 2015-06-27 09:45 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-346615330-1898244074-3437654769-1000Core.job
2015-06-07 09:39 - 2015-06-07 09:39 - 00000000 ____D C:\Users\Sunet\AppData\Local\Dropbox
2015-06-07 09:39 - 2015-06-07 09:39 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-04 15:27 - 2015-06-04 15:27 - 00000000 _____ C:\8029.tmp
2015-06-03 20:12 - 2015-06-03 18:50 - 00613255 _____ (CMI Limited) C:\Users\Sunet\AppData\Local\nskDCEF.tmp
2015-06-03 18:52 - 2015-06-03 18:52 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\AnyProtectEx
2015-06-03 18:35 - 2015-06-06 09:41 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\00000000-1433349325-0000-0000-6C626D27E5DB
2015-05-28 12:40 - 2015-05-28 12:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-05-28 12:05 - 2015-05-28 12:05 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014 (32 Bit).lnk
2015-05-28 11:01 - 2015-05-28 11:01 - 00000000 ___RD C:\Users\Sunet\Creative Cloud Files
2015-05-28 10:58 - 2015-06-15 08:36 - 00001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-05-28 10:17 - 2015-05-28 10:17 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 13:49 - 2014-10-10 08:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-27 13:47 - 2014-11-05 10:02 - 00000000 ____D C:\Program Files\eScan
2015-06-27 13:47 - 2014-05-03 16:23 - 00000324 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-06-27 13:42 - 2009-07-14 06:34 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-27 13:42 - 2009-07-14 06:34 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-27 13:08 - 2015-04-29 08:52 - 00000000 ____D C:\Users\Sunet\Desktop\programme
2015-06-27 13:08 - 2014-12-17 12:11 - 00000000 ____D C:\Users\Sunet\Desktop\dieet
2015-06-27 12:52 - 2014-04-27 11:08 - 00000000 ____D C:\Program Files\Google
2015-06-27 12:52 - 2014-04-27 10:58 - 00000000 ____D C:\Users\Sunet\AppData\Local\Google
2015-06-27 12:36 - 2014-11-05 10:07 - 00000000 ____D C:\FBackup
2015-06-27 11:59 - 2014-11-02 19:49 - 03302952 _____ C:\Windows\ESCAN.LOG
2015-06-27 11:46 - 2009-07-14 04:04 - 00004213 ____N C:\Windows\win.ini
2015-06-27 09:06 - 2015-04-10 09:03 - 00000000 ____D C:\Users\Sunet\Desktop\10.04
2015-06-27 02:15 - 2014-09-13 12:32 - 00403953 _____ C:\Windows\general.log
2015-06-27 02:00 - 2014-08-23 14:04 - 00000000 ____D C:\Users\Sunet\AppData\Local\Adobe
2015-06-26 21:34 - 2014-11-02 22:36 - 00143734 _____ C:\Windows\UPDLL.LOG
2015-06-26 19:23 - 2014-04-23 04:45 - 01396565 _____ C:\Windows\WindowsUpdate.log
2015-06-26 11:51 - 2014-09-19 12:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-26 11:51 - 2014-09-19 12:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-26 09:25 - 2014-08-09 15:16 - 00048128 ____H C:\Users\Sunet\Desktop\photothumb.db
2015-06-25 18:42 - 2014-11-21 18:04 - 00391471 _____ C:\console.log
2015-06-25 16:11 - 2015-01-02 10:22 - 00033431 _____ C:\Windows\setupact.log
2015-06-25 16:11 - 2014-12-29 14:26 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-06-25 16:11 - 2014-11-02 19:50 - 00013412 _____ C:\Windows\frights.log
2015-06-25 16:11 - 2014-04-23 21:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-25 16:11 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-25 13:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2015-06-25 06:18 - 2015-03-25 12:14 - 00000000 ____D C:\Program Files\Silver Sands Casino
2015-06-25 04:48 - 2014-04-22 20:27 - 00799162 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 01:49 - 2014-10-03 09:38 - 00000000 ____D C:\Program Files\Maxiget
2015-06-21 18:46 - 2015-02-12 08:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-21 13:29 - 2014-08-29 11:29 - 00015360 ___SH C:\Users\Sunet\Thumbs.db
2015-06-20 22:55 - 2014-05-06 07:52 - 00000000 ___RD C:\Users\Sunet\Dropbox
2015-06-20 17:19 - 2014-05-06 07:46 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\Dropbox
2015-06-19 19:30 - 2014-11-12 10:28 - 00000000 ____D C:\Users\Sunet\Desktop\Originals
2015-06-17 12:25 - 2014-04-23 18:09 - 01483384 _____ C:\Windows\PFRO.log
2015-06-16 20:47 - 2014-06-04 17:48 - 00000000 ____D C:\Users\Sunet\Desktop\pvt
2015-06-15 16:00 - 2014-11-03 20:56 - 00002220 _____ C:\Windows\system32\AVAction.log
2015-06-15 16:00 - 2014-11-02 19:50 - 00000152 _____ C:\Windows\ERS.BAT
2015-06-15 16:00 - 2014-11-02 19:47 - 02110184 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\test2.exe
2015-06-15 13:49 - 2014-04-23 12:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-15 13:48 - 2014-04-23 12:13 - 00000000 ____D C:\Program Files\Microsoft Office
2015-06-15 13:48 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-15 12:53 - 2014-04-23 17:18 - 00000000 ____D C:\Program Files\Adobe
2015-06-15 08:36 - 2014-04-23 17:18 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-05-29 08:41 - 2014-10-15 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
2015-05-28 16:01 - 2014-04-22 20:21 - 00000000 ____D C:\Users\Sunet
2015-05-28 13:05 - 2014-04-22 23:13 - 00000000 ____D C:\Users\Sunet\AppData\Roaming\Adobe
2015-05-28 12:01 - 2014-04-23 17:17 - 00000000 ____D C:\ProgramData\Adobe
2015-05-28 10:59 - 2014-08-02 17:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-28 09:15 - 2014-08-12 15:03 - 00000000 ____D C:\Users\Sunet\Documents\Lizaan
 
==================== Files in the root of some directories =======
 
2015-02-01 12:37 - 2015-02-01 12:37 - 0000004 _____ () C:\Users\Sunet\AppData\Roaming\.lockfile
2015-02-15 16:12 - 2015-02-15 16:12 - 0000000 _____ () C:\Users\Sunet\AppData\Roaming\bitlord_log.txt
2014-04-27 13:17 - 2014-04-27 13:17 - 0000093 _____ () C:\Users\Sunet\AppData\Local\fusioncache.dat
2014-10-03 11:39 - 2014-10-03 11:38 - 0627592 _____ (ClickMeIn Limited) C:\Users\Sunet\AppData\Local\nsi9E90.tmp
2015-06-03 20:12 - 2015-06-03 18:50 - 0613255 _____ (CMI Limited) C:\Users\Sunet\AppData\Local\nskDCEF.tmp
2014-11-02 12:39 - 2014-11-02 20:42 - 0000003 _____ () C:\Users\Sunet\AppData\Local\proxy.log
2015-02-15 16:12 - 2015-02-15 16:12 - 0000218 _____ () C:\Users\Sunet\AppData\Local\recently-used.xbel
2014-04-23 08:44 - 2015-02-03 17:11 - 0007623 _____ () C:\Users\Sunet\AppData\Local\resmon.resmoncfg
2014-08-02 23:23 - 2014-08-02 23:23 - 0045313 _____ () C:\ProgramData\1407014573.bdinstall.bin
2014-08-02 23:24 - 2014-08-02 23:25 - 0043867 _____ () C:\ProgramData\1407014685.4624.bin
2014-08-02 23:24 - 2014-08-02 23:25 - 0002052 _____ () C:\ProgramData\1407014685.4776.bin
2014-08-02 23:25 - 2014-08-02 23:25 - 0000419 _____ () C:\ProgramData\1407014685.916.bin
2014-08-02 23:35 - 2014-08-02 23:35 - 0170771 _____ () C:\ProgramData\1407014840.bdinstall.bin
2014-08-02 23:39 - 2014-08-02 23:39 - 0182676 _____ () C:\ProgramData\1407015388.bdinstall.bin
2014-10-22 08:09 - 2014-10-22 08:09 - 0037629 _____ () C:\ProgramData\1413958163.bdinstall.bin
2014-10-22 08:11 - 2014-10-22 08:11 - 0098766 _____ () C:\ProgramData\1413958165.bdinstall.bin
2014-05-03 15:56 - 2014-05-03 15:56 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Sunet\AppData\Local\Temp\BitLordSetup.exe
C:\Users\Sunet\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppnjidv.dll
C:\Users\Sunet\AppData\Local\Temp\msvl64.dll
C:\Users\Sunet\AppData\Local\Temp\mwavscan.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\System32\regsvr.exe
C:\Windows\System32\runouce.exe
C:\Windows\System32\wmicuclt.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2014-05-06 11:58] - [2010-11-19 22:21] - 0811520 ____A (Microsoft Corporation) BE8C64439F1E2AF088063218C16EB9FE
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 00:44
 
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by Sunet at 2015-06-27 13:56:11
Running from C:\Users\Sunet\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-346615330-1898244074-3437654769-500 - Administrator - Disabled)
ASPNET (S-1-5-21-346615330-1898244074-3437654769-1003 - Limited - Enabled)
Guest (S-1-5-21-346615330-1898244074-3437654769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-346615330-1898244074-3437654769-1007 - Limited - Enabled)
Sunet (S-1-5-21-346615330-1898244074-3437654769-1000 - Administrator - Enabled) => C:\Users\Sunet
UpdatusUser (S-1-5-21-346615330-1898244074-3437654769-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: eScan Internet Security for Windows (Enabled - Up to date) {A19135CA-CAAB-25A4-3CA3-FEFFBFBEEFCE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: eScan Internet Security for Windows (Enabled - Up to date) {1AF0D42E-EC91-2A2A-0613-C58DC439A573}
FW: eScan Internet Security for Windows (Enabled) {99AAB4EF-80C4-24FC-17FC-57CA416DA8B5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 3.1.1.110 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitLord 2.4 (HKLM\...\BitLord) (Version: 2.4.0-276 - House of Life)
BookWright version 1.0.81 (HKLM\...\{C17978EB-5A2C-40E3-B351-F03A27245BF9}_is1) (Version: 1.0.81 - Blurb, Inc.)
Cookbook 1.7.1 (HKLM\...\Kochbuch_is1) (Version: 1.7.1 - Flo & Seb Engineering)
D-Link Connection Manager v2.0.0TK (HKLM\...\Broad Mobi HSPA Modem Normal Version_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
eScan Internet Security for Windows (HKLM\...\eScan Internet Security for Windows_is1) (Version: 11.0.1400.1771 - MicroWorld Technologies Inc.)
eWriterPro (HKLM\...\eWriterPro) (Version:  - )
eWriterPro (Version: 2.0 - White Dove Books) Hidden
Free PDF to Word Converter 5.1.0.383 (HKLM\...\Free PDF to Word Converter_is1) (Version: 5.1.0.383 - Smart Soft)
Free Video to JPG Converter version 5.0.23.320 (HKLM\...\Free Video to JPG Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube Downloader 4.0.305 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
FUJIFILM MyFinePix Studio 4.1 (HKLM\...\MyFinePix Studio_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Hades (HKLM\...\Hades) (Version: 2.06.25.0 - Hades)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{90BBACD9-526F-4AD5-8B92-80BB5F5E1A6D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{B97BD710-382C-453D-B23C-C0663C6EDFA2}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Matilda (HKLM\...\{62FC1DDE-7CEE-49F8-971A-6E5A1BDE2771}) (Version: 4.1.3 - The Cookbook People)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
NVIDIA 3D Vision Controller Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC41}) (Version: 4.0.5 - dotPDN LLC)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.3.14044.14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Silver Sands Casino (HKLM\...\{3d09ae41-f289-4cd5-9f0e-c8d4cb084359}) (Version: 15.03.0-RTG - RealTimeGaming Software)
SRS Recipe Organizer (HKLM\...\{C7582D58-12FC-4347-B312-2EE574C5F316}) (Version: 1.0.0 - Savin Rock Software)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Visual Vision EbooksWriterLITE_e (HKLM\...\EbooksWriterLITE_e.exe) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{06036B4A-1E4B-4396-8618-9D32EC929895}\localserver32 -> c:\program files\silver sands casino\casino.exe (Realtime Gaming, Inc)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Sunet\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Sunet\AppData\Local\Dropbox\Update\1.3.27.25\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Sunet\AppData\Local\Dropbox\Update\1.3.27.25\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{AAC51D70-0B45-4F2A-A63E-414337181BD9}\InprocServer32 -> C:\Users\Sunet\AppData\Local\Dropbox\Update\1.3.27.25\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Sunet\AppData\Local\Dropbox\Update\1.3.27.25\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Sunet\AppData\Local\Dropbox\Update\1.3.27.25\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\Sunet\Desktop\Wat rym met liefde.exe No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sunet\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Sunet\AppData\Local\Dropbox\Update\1.3.27.25\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{06036B4A-1E4B-4396-8618-9D32EC929895}\localserver32 -> c:\program files\silver sands casino\casino.exe (Realtime Gaming, Inc)
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}\InprocServer32 -> C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-346615330-1898244074-3437654769-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
 
==================== Restore Points =========================
 
15-06-2015 09:19:58 Installed SRS Recipe Organizer
15-06-2015 12:57:06 Removed Adobe Download Assistant
15-06-2015 13:47:40 Installed Matilda
15-06-2015 13:48:16 Installed Microsoft Office Access Runtime (English) 2007
15-06-2015 21:13:02 Removed SRS Recipe Organizer
15-06-2015 21:14:00 Removed Visual Studio 2012 x86 Redistributables
23-06-2015 00:00:02 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2014-12-14 12:06 - 00000736 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {064691C7-4446-4B45-807D-012A903E0F77} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-05-03] ()
Task: {097A65EE-3FE8-4BEE-B191-14F81D672D6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-27] (Google Inc.)
Task: {2D0F0662-85AF-49A9-A66D-979CD2072957} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {37FEAA54-FB26-44CB-986B-CAA974C4A5B1} - System32\Tasks\eScan Updater => C:\Program Files\eScan\trayicos.exe [2015-02-25] (MicroWorld Technologies Inc.)
Task: {423C9DC2-06DA-4876-B455-31639E8DD7CC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {590FF22F-23E5-482A-9421-43149614C8BB} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {7708131E-CC04-4B0B-AB35-7C744BB13B82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-26] (Adobe Systems Incorporated)
Task: {8306014E-4C1F-4F43-8C89-90289C55B442} - System32\Tasks\YTDownloader => C:\Program Files\YTDownloader\YTDownloader.exe [2015-01-13] (YTDownloader) <==== ATTENTION
Task: {87CF8C9B-3B7A-45A7-8A3F-C0A2069CDBBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-27] (Google Inc.)
Task: {92085CA3-3E0A-4D16-B80E-1B7B87F15F06} - System32\Tasks\AdobeAAMUpdater-1.0-Sunet-PC-Sunet => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {B96B080B-3D0C-4E51-8959-3053A6248170} - System32\Tasks\{FE3645FC-1D93-44E6-ACB4-0F2010D66433} => pcalua.exe -a C:\Users\Sunet\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=irs <==== ATTENTION
Task: {C1AF96CE-2B04-480E-AD94-FF5D3DD539D7} - System32\Tasks\{5D26D465-1A16-4AB4-B8C5-DD331DA06810} => pcalua.exe -a C:\Users\Sunet\Downloads\weightlosstrackerstd.exe -d C:\Users\Sunet\Downloads
Task: {D5A88B25-26AD-46BB-AED3-540493CD1A8F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-346615330-1898244074-3437654769-1000UA => C:\Users\Sunet\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-07] (Dropbox, Inc.)
Task: {E5705D84-298B-44B7-AE26-57C8234CA35B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F9D8F0B0-7FF6-40A8-8C73-74E62CC2B3C8} - System32\Tasks\MailScan Dispatcher => C:\Program Files\eScan\launch.exe [2015-06-04] (MicroWorld Technologies Inc.)
Task: {FF9CA019-4747-42B4-9B4C-7F3FAA474C70} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-346615330-1898244074-3437654769-1000Core => C:\Users\Sunet\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-07] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-346615330-1898244074-3437654769-1000Core.job => C:\Users\Sunet\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-346615330-1898244074-3437654769-1000UA.job => C:\Users\Sunet\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2015-02-17 12:36 - 2015-02-17 12:36 - 00086528 _____ () C:\Program Files\Jelbrus Secure Web\mgwz.dll
2014-10-30 14:48 - 2014-10-30 14:48 - 00646144 _____ () C:\Program Files\0ca45c95134d\cf3e08d747e4.exe
2014-04-23 21:12 - 2015-02-05 20:27 - 00108864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-13 14:16 - 2015-06-13 14:16 - 31404192 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-06-15 08:33 - 2015-06-10 00:08 - 00155824 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
2015-06-15 08:34 - 2015-05-28 21:26 - 00124416 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-06-15 08:34 - 2015-05-28 21:26 - 00121856 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
2015-06-15 08:34 - 2015-05-28 21:26 - 00122880 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
2015-06-15 08:34 - 2015-05-28 21:26 - 00188416 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-06-15 08:34 - 2015-05-28 21:26 - 00085504 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-06-15 08:34 - 2015-05-28 21:26 - 00086016 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-06-15 08:34 - 2015-05-28 21:26 - 00081408 ____N () C:\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-06-25 16:20 - 2015-06-25 16:20 - 00011264 _____ () C:\Users\Sunet\AppData\Local\Temp\nsd86CD.tmp\System.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 00091136 _____ () C:\Users\Sunet\AppData\Local\Temp\nsd86CD.tmp\base64.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 00004096 _____ () C:\Users\Sunet\AppData\Local\Temp\nsd86CD.tmp\ThreadTimer.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 00020992 _____ () C:\Users\Sunet\AppData\Local\Temp\nsd86CD.tmp\inetc.dll
2015-06-27 12:52 - 2015-06-20 07:46 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-27 12:52 - 2015-06-20 07:46 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-346615330-1898244074-3437654769-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 5317 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-346615330-1898244074-3437654769-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sunet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{395FB78F-A008-4270-A21A-FC7BB5E7D5AF}C:\users\sunet\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\sunet\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{DE7ABCEF-0929-4D3E-9066-A0454CF8C80F}C:\users\sunet\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\sunet\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{823B4325-3FED-44F5-98F6-70DFC56E491E}C:\users\sunet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sunet\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{56DBDFFD-C0DF-4053-82A6-B83EA39EBD80}C:\users\sunet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sunet\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{0F1B190E-439B-4EE5-879E-18BBA2921D02}C:\users\sunet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sunet\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5820D9C3-1A16-4F56-B71A-306FC84C093D}C:\users\sunet\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\sunet\appdata\local\akamai\netsession_win.exe
FirewallRules: [{47FA49E3-F790-4853-9579-6DA1F0386DC5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{98A20A47-D0A6-4B95-A91E-AE6E1B641D15}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0EB4304A-6EF5-404D-8A28-B4E96E1E2CDB}] => (Allow) LPort=1647
FirewallRules: [{D151DAB1-32EF-4A0C-94BB-A79F5EEF2ADC}] => (Allow) LPort=5000
FirewallRules: [{5F14EDDF-5D59-4459-83E9-64538F7216D4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: BitDefender AVC HV
Description: BitDefender AVC HV
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: avchv
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/27/2015 11:19:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3184
 
Start Time: 01d0b0b318e87c14
 
Termination Time: 6
 
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
 
Report Id: 929e7c56-1cad-11e5-ac82-6c626d27e5db
 
Error: (06/27/2015 00:59:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/26/2015 00:08:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/25/2015 04:12:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (06/25/2015 01:28:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (06/25/2015 06:44:10 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (06/24/2015 11:40:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/24/2015 09:30:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/24/2015 08:22:00 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (06/23/2015 00:14:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (06/27/2015 00:52:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/27/2015 00:37:07 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/27/2015 11:32:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/27/2015 09:36:59 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/27/2015 08:06:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/27/2015 07:50:34 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/27/2015 05:40:57 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/26/2015 09:33:29 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/26/2015 08:16:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
Error: (06/26/2015 08:16:47 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort3.
 
 
Microsoft Office:
=========================
Error: (06/27/2015 11:19:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.130318401d0b0b318e87c146C:\Program Files\Google\Chrome\Application\chrome.exe929e7c56-1cad-11e5-ac82-6c626d27e5db
 
Error: (06/27/2015 00:59:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2050 J510 series\DriverStore\Pipeline\amd64\hpinkins8711.exe
 
Error: (06/26/2015 00:08:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2050 J510 series\DriverStore\Pipeline\amd64\hpinkins8711.exe
 
Error: (06/25/2015 04:12:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001
 
Error: (06/25/2015 01:28:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001
 
Error: (06/25/2015 06:44:10 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001
 
Error: (06/24/2015 11:40:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2050 J510 series\DriverStore\Pipeline\amd64\hpinkins8711.exe
 
Error: (06/24/2015 09:30:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2050 J510 series\DriverStore\Pipeline\amd64\hpinkins8711.exe
 
Error: (06/24/2015 08:22:00 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x000000000x00000001
 
Error: (06/23/2015 00:14:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 2050 J510 series\DriverStore\Pipeline\amd64\hpinkins8711.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-14 23:59:28.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 23:59:28.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 23:59:28.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 23:59:28.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 23:59:28.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 23:59:27.992
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 00:00:35.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 00:00:35.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 00:00:35.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-14 00:00:35.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3583.18 MB
Available physical RAM: 1713.4 MB
Total Pagefile: 7164.66 MB
Available Pagefile: 4988.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:343.15 GB) NTFS
Drive f: () (Fixed) (Total:232.88 GB) (Free:79.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 626C4883)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 62974D5F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Let's get started. I do see malware/adware that needs cleaned up. Please do the following. Also could you let me know...did you used to use Bitdefender for your Antivirus?

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): BitLord 2.4

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   5.08KB   75 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Items for your next post

1. Did you used to use Bitdefender for your AV?

2. Fixlog

3. AdwCleaner log


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP