Jump to content

crss.exe poss trojan


Bpool12
 Share

Recommended Posts

Good Day

 

My laptop has been running slow and always seems to have something running in the background, even when i have nothing running. I opened task manager and went through the processes the crss.exe i noticed had no signature or properties/file location, i have run malware scan and it found nothing, i wondered is there was anything else I could do to remove this virus

 

thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by jason (administrator) on ACER (23-12-2015 12:56:05)
Running from C:\Users\jason\Desktop
Loaded Profiles: jason (Available Profiles: jason & iliass)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIJE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files (x86)\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\...\MountPoints2: {85146a21-97bd-11e5-bfd3-eeb380799564} - F:\SETUP.EXE
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{36350A88-FBFB-44DE-B379-8B84F1B496B2}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-160836397-1182576916-2634638105-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-160836397-1182576916-2634638105-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-05-05] (DVDVideoSoft Ltd.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-05-05] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
DPF: HKLM {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.11.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-29] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin HKU\S-1-5-21-160836397-1182576916-2634638105-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\jason\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-160836397-1182576916-2634638105-1000: opencandy.com/Ignite -> C:\Users\jason\AppData\Local\Ignite\npOCDM.1.1.4.0.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-09-29] (Microsoft Corporation)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
 
Chrome: 
=======
CHR Profile: C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R3 iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [643880 2015-04-06] (Apple Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2015-12-01] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2015-12-01] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-23 12:56 - 2015-12-23 12:56 - 00018833 _____ C:\Users\jason\Desktop\FRST.txt
2015-12-23 12:56 - 2015-12-23 12:56 - 00000000 ____D C:\FRST
2015-12-23 12:53 - 2015-12-23 12:53 - 02370560 _____ (Farbar) C:\Users\jason\Desktop\FRST64.exe
2015-12-22 17:18 - 2015-12-22 17:18 - 00034002 _____ C:\Users\jason\Downloads\Information-on-the-Council-s-Knowledge-Test.pdf
2015-12-22 12:33 - 2015-12-22 12:43 - 00000000 ____D C:\Users\jason\Desktop\weds
2015-12-22 10:35 - 2015-12-22 10:35 - 00070155 _____ C:\Users\jason\Downloads\Convict Conditioning - Big 6 Progression.pdf
2015-12-22 10:33 - 2015-12-22 10:33 - 00032536 _____ C:\Users\jason\Downloads\CC Log (1).pdf
2015-12-21 15:16 - 2015-12-21 15:16 - 00032536 _____ C:\Users\jason\Desktop\CC Log (1).pdf
2015-12-21 15:15 - 2015-12-21 15:15 - 00032536 _____ C:\Users\jason\Downloads\CC Log.pdf
2015-12-20 13:57 - 2015-12-20 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-18 13:55 - 2015-12-18 13:55 - 00297187 _____ C:\Users\jason\Downloads\extraction vegas.zip
2015-12-18 13:55 - 2015-12-18 13:55 - 00000000 ____D C:\Users\jason\Desktop\extraction vegas
2015-12-16 20:01 - 2015-12-16 20:01 - 02870984 _____ (ESET) C:\Users\jason\Downloads\esetsmartinstaller_enu.exe
2015-12-16 20:01 - 2015-12-16 20:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-16 19:47 - 2015-11-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-16 19:47 - 2015-11-05 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-16 19:47 - 2015-11-03 19:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-16 19:47 - 2015-11-03 18:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-16 19:46 - 2015-11-20 18:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-16 19:46 - 2015-11-20 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-16 19:46 - 2015-11-20 18:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-16 19:46 - 2015-11-20 18:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-16 19:46 - 2015-11-20 18:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-16 19:46 - 2015-11-20 18:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-16 19:46 - 2015-11-20 18:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-16 19:46 - 2015-11-20 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-16 19:44 - 2015-11-11 18:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-16 19:44 - 2015-11-11 18:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-16 19:44 - 2015-11-11 18:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-16 19:44 - 2015-11-11 18:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-16 19:44 - 2015-11-10 18:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-16 19:44 - 2015-11-10 18:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-16 19:44 - 2015-11-10 18:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-16 19:44 - 2015-11-10 18:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-16 19:44 - 2015-11-10 18:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-16 19:44 - 2015-11-10 17:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-16 19:44 - 2015-11-05 19:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-16 19:44 - 2015-11-05 19:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-16 19:44 - 2015-11-05 09:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-16 19:40 - 2015-11-11 21:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-16 19:40 - 2015-11-11 20:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-16 19:40 - 2015-11-11 16:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-16 19:40 - 2015-11-11 16:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-16 19:40 - 2015-11-11 15:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-16 19:40 - 2015-11-11 15:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-16 19:40 - 2015-11-11 15:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-16 19:40 - 2015-11-11 15:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-16 19:40 - 2015-11-11 14:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-16 19:40 - 2015-11-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-16 19:40 - 2015-11-10 00:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-16 19:40 - 2015-11-10 00:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-16 19:40 - 2015-11-10 00:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-16 19:40 - 2015-11-10 00:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-16 19:40 - 2015-11-10 00:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-16 19:40 - 2015-11-10 00:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-16 19:40 - 2015-11-10 00:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-16 19:40 - 2015-11-10 00:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-16 19:40 - 2015-11-10 00:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-16 19:40 - 2015-11-10 00:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-16 19:40 - 2015-11-10 00:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-16 19:40 - 2015-11-10 00:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-16 19:40 - 2015-11-09 23:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-16 19:40 - 2015-11-09 23:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-16 19:40 - 2015-11-09 23:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-16 19:40 - 2015-11-09 23:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-16 19:40 - 2015-11-09 23:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-16 19:40 - 2015-11-09 23:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-16 19:40 - 2015-11-09 23:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-16 19:40 - 2015-11-09 23:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-16 19:40 - 2015-11-09 23:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-16 19:40 - 2015-11-09 23:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-16 19:40 - 2015-11-09 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-16 19:40 - 2015-11-08 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-16 19:40 - 2015-11-08 22:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-16 19:40 - 2015-11-08 22:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-16 19:40 - 2015-11-08 22:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-16 19:40 - 2015-11-08 22:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-16 19:40 - 2015-11-08 22:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-16 19:40 - 2015-11-08 22:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-16 19:40 - 2015-11-08 22:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-16 19:40 - 2015-11-08 22:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-16 19:40 - 2015-11-08 22:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-16 19:40 - 2015-11-08 22:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-16 19:40 - 2015-11-08 22:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-16 19:40 - 2015-11-08 22:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-16 19:40 - 2015-11-08 22:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-16 19:40 - 2015-11-08 22:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-16 19:40 - 2015-11-08 22:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-16 19:40 - 2015-11-08 21:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-16 19:40 - 2015-11-08 21:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-16 19:40 - 2015-11-08 21:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-16 19:40 - 2015-11-08 21:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-16 19:40 - 2015-11-08 21:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-16 19:40 - 2015-11-08 21:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-16 19:40 - 2015-11-08 21:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-16 19:40 - 2015-11-08 21:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-16 19:40 - 2015-11-08 21:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-16 19:40 - 2015-11-08 21:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-16 19:40 - 2015-11-08 21:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-16 19:40 - 2015-11-08 21:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-16 19:40 - 2015-11-08 20:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-16 19:40 - 2015-11-08 20:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-16 19:40 - 2015-11-08 20:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-16 19:35 - 2015-11-03 19:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-16 19:35 - 2015-11-03 18:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-16 18:36 - 2015-12-16 18:36 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 18:36 - 2015-12-16 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-16 18:35 - 2015-12-23 12:40 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-16 18:35 - 2015-12-23 11:38 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-16 18:35 - 2015-12-16 18:35 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-16 18:35 - 2015-12-16 18:35 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-16 13:48 - 2015-12-16 14:29 - 109304669 _____ C:\Users\iliass\Downloads\vmd9.rar
2015-12-16 13:18 - 2015-12-16 13:19 - 111232794 _____ C:\Users\iliass\Downloads\the.vampire.diaries.708.hdtv-MyEgY.to by Merna.mkv
2015-12-16 12:14 - 2015-12-16 12:14 - 111423479 _____ C:\Users\iliass\Downloads\OG9 (1).rar
2015-12-16 12:13 - 2015-12-16 12:14 - 111423479 _____ C:\Users\iliass\Downloads\OG9.rar
2015-12-16 12:12 - 2015-12-16 12:12 - 00000000 ____D C:\Users\iliass\AppData\Roaming\WinRAR
2015-12-16 08:58 - 2015-12-16 09:00 - 05254560 _____ C:\Users\iliass\Downloads\FT.S2.87.MQ.myEGY.to (2).mp4.crdownload
2015-12-16 08:54 - 2015-12-16 08:55 - 73987871 _____ C:\Users\iliass\Downloads\Unconfirmed 502472.crdownload
2015-12-16 08:54 - 2015-12-16 08:55 - 73987871 _____ C:\Users\iliass\Downloads\Unconfirmed 103561.crdownload
2015-12-15 20:34 - 2015-12-15 20:34 - 00745030 _____ C:\Users\jason\Desktop\Camping_Checklist.pdf
2015-12-12 19:04 - 2015-12-12 19:29 - 70227409 _____ C:\Users\jason\Downloads\NS.MQ.441.myEGY.to.mp4
2015-12-11 12:57 - 2015-12-11 12:57 - 00000000 ____D C:\Users\jason\AppData\Local\ElevatedDiagnostics
2015-12-09 18:50 - 2015-12-09 18:51 - 00000000 ____D C:\Users\jason\Desktop\hotel project
2015-12-09 18:50 - 2015-12-09 18:50 - 00975742 _____ C:\Users\jason\Downloads\C41D.tmp
2015-12-09 18:50 - 2015-12-09 18:50 - 00975742 _____ C:\Users\jason\Downloads\B5E9.tmp
2015-12-09 18:50 - 2015-12-09 18:50 - 00000000 ____D C:\Users\jason\Desktop\New folder
2015-12-08 23:09 - 2015-12-08 23:09 - 00000000 ____D C:\Users\jason\AppData\Local\Software
2015-12-07 18:50 - 2015-12-07 18:59 - 110724323 _____ C:\Users\jason\Downloads\og.6.rar
2015-12-07 18:48 - 2015-12-07 18:50 - 175543126 _____ C:\Users\jason\Downloads\orr8.rar
2015-12-07 17:54 - 2015-12-07 18:09 - 192311621 _____ C:\Users\jason\Downloads\ori7.rar
2015-12-07 16:49 - 2015-12-07 16:51 - 04041060 _____ C:\Users\jason\Downloads\The.Vampire.Diaries.S07E01.HDTV.x264.EGFire.CoM.mkv.crdownload
2015-12-07 15:35 - 2015-12-07 15:37 - 72591417 _____ C:\Users\jason\Downloads\OP.721.MQ.myEGY.to.mp4
2015-12-07 15:15 - 2015-12-04 22:06 - 00000000 ____D C:\Users\jason\Desktop\U40K5
2015-12-07 14:09 - 2015-12-07 15:06 - 357255538 _____ C:\Users\jason\Downloads\U40K5.rar
2015-12-06 18:54 - 2015-12-06 18:54 - 00315005 _____ C:\Users\jason\Downloads\GSW-US-MA-%281yr%29 07-15.pdf
2015-12-05 22:58 - 2015-12-05 23:04 - 73987871 _____ C:\Users\jason\Downloads\FT.S2.87.MQ.myEGY.to.mp4
2015-12-03 22:25 - 2015-12-03 22:29 - 65205070 _____ C:\Users\iliass\Downloads\NS.MQ.440.myEGY.to.mp4
2015-12-02 17:45 - 2015-12-02 17:48 - 72496792 _____ C:\Users\jason\Downloads\OP.720.MQ.myEGY.to.mp4
2015-12-02 16:02 - 2015-12-08 18:19 - 00000000 ____D C:\Users\jason\Desktop\invit
2015-12-01 23:12 - 2015-11-30 18:47 - 593762582 _____ C:\Users\jason\Desktop\Vic.Frank.2015.mkv
2015-12-01 23:00 - 2015-12-01 23:11 - 593762664 _____ C:\Users\jason\Downloads\Vic.Frank.2015.rar
2015-12-01 17:36 - 2015-12-01 17:36 - 00000000 ____D C:\Users\jason\Documents\Custom Office Templates
2015-12-01 17:20 - 2015-12-16 18:03 - 00000000 ____D C:\Users\jason\Desktop\Black And White Gay Wedding Save The Dates 13 Cm X 18 Cm Invitation Card _ Zazzle_files
2015-12-01 17:18 - 2015-12-16 18:03 - 00000000 ____D C:\Users\jason\Desktop\1111_files
2015-12-01 16:54 - 2015-12-01 16:54 - 00000000 ____D C:\Users\jason\AppData\Local\Disc_Soft_Ltd
2015-12-01 16:18 - 2015-12-17 16:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-01 16:17 - 2015-12-01 16:21 - 00000000 ____D C:\Windows\SHELLNEW
2015-12-01 16:10 - 2015-12-16 18:02 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-12-01 16:03 - 2015-12-01 16:03 - 00047160 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrausbbus.sys
2015-12-01 16:00 - 2015-12-01 16:00 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtultrascsibus.sys
2015-12-01 01:16 - 2015-12-01 01:19 - 74042409 _____ C:\Users\iliass\Downloads\FT.S2.86.MQ.myEGY.to.mp4
2015-12-01 01:08 - 2015-12-01 01:12 - 70291744 _____ C:\Users\iliass\Downloads\NS.MQ.439.myEGY.to.mp4
2015-11-29 20:24 - 2015-11-29 20:26 - 78241561 _____ C:\Users\jason\Downloads\2015_11_28.zip
2015-11-29 16:58 - 2015-11-29 16:58 - 00281655 _____ C:\Users\jason\Downloads\GSW-US-MA-07-15.pdf
2015-11-29 16:58 - 2015-11-29 16:58 - 00281655 _____ C:\Users\jason\Downloads\GSW-US-MA-07-15 (2).pdf
2015-11-29 16:58 - 2015-11-29 16:58 - 00281655 _____ C:\Users\jason\Downloads\GSW-US-MA-07-15 (1).pdf
2015-11-26 16:40 - 2015-11-26 17:58 - 1073741824 _____ C:\Users\jason\Downloads\2.2.64.By.MR._.HERO.part1.rar
2015-11-24 22:24 - 2015-11-24 22:45 - 397516402 _____ C:\Users\iliass\Downloads\Noragami_-_01__HD_10_Bit_.mkv
2015-11-24 17:48 - 2015-11-24 18:08 - 320787177 _____ C:\Users\iliass\Downloads\P.M.18.2015.HDRip.myEGY.to.mkv
2015-11-24 13:33 - 2015-11-24 13:33 - 00040686 _____ C:\Users\jason\Downloads\2274_001.pdf
2015-11-24 13:33 - 2015-11-24 13:33 - 00040686 _____ C:\Users\jason\Desktop\2274_001 (1).pdf
2015-11-23 21:46 - 2015-11-23 21:47 - 20251874 _____ C:\Users\iliass\Downloads\Unconfirmed 184545.crdownload
2015-11-23 20:10 - 2015-11-23 20:26 - 74020472 _____ C:\Users\iliass\Downloads\FT.S2.85.MQ.myEGY.to.mp4
2015-11-23 18:37 - 2015-11-23 18:42 - 72585437 _____ C:\Users\iliass\Downloads\OP.719.MQ.myEGY.to.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-23 12:56 - 2007-07-12 01:48 - 00000000 ____D C:\Windows
2015-12-23 12:54 - 2012-11-06 21:32 - 00000000 ____D C:\Users\jason\AppData\Roaming\Skype
2015-12-23 12:02 - 2013-01-17 13:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 11:56 - 2012-11-21 20:51 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160836397-1182576916-2634638105-1000UA.job
2015-12-23 11:52 - 2015-11-12 21:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 11:47 - 2009-07-14 04:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-23 11:47 - 2009-07-14 04:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-23 11:43 - 2009-07-14 05:13 - 00805740 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-23 11:43 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-23 11:42 - 2012-10-21 12:04 - 00000000 ____D C:\ProgramData\clear.fi
2015-12-23 11:38 - 2012-12-17 18:09 - 00000000 ____D C:\Users\jason\Tracing
2015-12-23 11:38 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 00:35 - 2012-11-21 20:51 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160836397-1182576916-2634638105-1000Core.job
2015-12-22 16:25 - 2015-09-14 20:17 - 00000000 ____D C:\Users\jason\Desktop\av
2015-12-20 13:57 - 2014-03-07 19:09 - 00000000 ____D C:\Users\jason\AppData\Local\Skype
2015-12-20 13:57 - 2013-01-25 19:59 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-20 13:57 - 2012-11-22 19:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-20 13:57 - 2011-10-14 13:18 - 00000000 ____D C:\ProgramData\Skype
2015-12-19 08:06 - 2015-04-05 09:49 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-19 08:06 - 2015-04-05 09:49 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-17 22:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-12-17 16:13 - 2009-07-14 04:45 - 05108736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-17 16:10 - 2013-05-01 08:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-17 16:10 - 2013-05-01 08:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-17 16:06 - 2012-11-06 09:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-17 16:04 - 2013-05-01 08:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-17 15:54 - 2013-08-16 08:15 - 00000000 ____D C:\Windows\system32\MRT
2015-12-17 15:45 - 2012-11-12 21:25 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-17 15:29 - 2009-07-14 02:34 - 00000510 _____ C:\Windows\win.ini
2015-12-16 21:02 - 2013-01-17 13:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-16 21:02 - 2013-01-17 13:19 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-16 21:02 - 2011-10-14 13:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 18:36 - 2012-10-21 13:09 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-16 18:35 - 2014-09-12 08:17 - 00000000 ____D C:\Users\jason\AppData\Local\Deployment
2015-12-16 18:31 - 2015-10-26 20:41 - 00000000 ____D C:\Users\iliass
2015-12-16 18:05 - 2012-10-21 11:43 - 00000000 ____D C:\Users\jason
2015-12-16 18:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-16 18:02 - 2013-01-26 16:24 - 00000000 ____D C:\Users\jason\AppData\Roaming\vlc
2015-12-16 18:02 - 2013-01-09 20:45 - 00000000 ____D C:\Windows\system32\Macromed
2015-12-16 18:02 - 2011-10-14 13:40 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-12-16 18:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing
2015-12-16 18:01 - 2015-11-20 16:58 - 00000000 ____D C:\Users\iliass\AppData\Roaming\vlc
2015-12-16 18:01 - 2015-10-26 20:42 - 00000000 ____D C:\Users\iliass\AppData\Local\PowerCinema
2015-12-16 18:01 - 2013-07-14 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-16 18:01 - 2012-10-21 11:43 - 00000000 ____D C:\Users\jason\AppData\Local\PowerCinema
2015-12-16 18:01 - 2012-10-21 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-16 18:01 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-16 18:00 - 2015-11-20 00:21 - 00000000 ____D C:\Users\iliass\AppData\Roaming\Skype
2015-12-16 17:59 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2015-12-16 17:56 - 2015-10-26 20:42 - 00000000 ____D C:\Users\iliass\AppData\Local\Google
2015-12-16 17:52 - 2012-11-06 09:10 - 00000000 __RHD C:\MSOCache
2015-12-15 18:02 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-12-02 18:58 - 2015-10-26 20:42 - 00116824 _____ C:\Users\iliass\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-02 13:18 - 2010-11-21 03:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-01 16:49 - 2012-10-21 11:44 - 00116824 _____ C:\Users\jason\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-01 16:17 - 2015-11-19 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-12-01 16:15 - 2012-11-06 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-01 16:15 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-01 16:04 - 2015-11-19 16:32 - 00000000 ____D C:\Users\jason\AppData\Roaming\DAEMON Tools Ultra
 
==================== Files in the root of some directories =======
 
2015-04-17 22:37 - 2015-04-17 22:37 - 0060543 _____ () C:\Users\jason\AppData\Local\59ED2468_stp.CIS
2015-04-17 22:37 - 2015-04-17 22:37 - 0000289 _____ () C:\Users\jason\AppData\Local\59ED2468_stp.CIS.part
2015-04-17 22:36 - 2015-04-17 22:36 - 0385602 _____ () C:\Users\jason\AppData\Local\5D515C96_stp.CIS
2015-04-17 22:36 - 2015-04-17 22:36 - 0000220 _____ () C:\Users\jason\AppData\Local\5D515C96_stp.CIS.part
2013-01-02 12:46 - 2013-01-02 12:46 - 0000236 _____ () C:\Users\jason\AppData\Local\LaunchHomeCenter.log
2013-05-01 10:38 - 2013-05-01 10:38 - 0007605 _____ () C:\Users\jason\AppData\Local\Resmon.ResmonCfg
2012-10-21 10:59 - 2012-10-21 11:01 - 0015222 _____ () C:\ProgramData\ArcadeDeluxe5.log
 
Some files in TEMP:
====================
C:\Users\jason\AppData\Local\Temp\bitool.dll
C:\Users\jason\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\jason\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpchock6.dll
C:\Users\jason\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\jason\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\jason\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\jason\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\jason\AppData\Local\Temp\InstHelper.exe
C:\Users\jason\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\jason\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\jason\AppData\Local\Temp\ose00000.exe
C:\Users\jason\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\jason\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\jason\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jason\AppData\Local\Temp\tmd_34011315.exe
C:\Users\jason\AppData\Local\Temp\tmd_34012096.exe
C:\Users\jason\AppData\Local\Temp\tmd_34014888.exe
C:\Users\jason\AppData\Local\Temp\tmd_34016607.exe
C:\Users\jason\AppData\Local\Temp\tmd_34019328.exe
C:\Users\jason\AppData\Local\Temp\tmd_34019332.exe
C:\Users\jason\AppData\Local\Temp\tmd_34019905.exe
C:\Users\jason\AppData\Local\Temp\venguxla.dll
C:\Users\jason\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\jason\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\jason\AppData\Local\Temp\vlc-2.1.3-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-21 11:36
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by jason (2015-12-23 12:56:53)
Running from C:\Users\jason\Desktop
Windows 7 Home Basic Service Pack 1 (X64) (2012-10-21 11:43:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-160836397-1182576916-2634638105-500 - Administrator - Disabled)
Guest (S-1-5-21-160836397-1182576916-2634638105-501 - Limited - Disabled)
iliass (S-1-5-21-160836397-1182576916-2634638105-1001 - Limited - Enabled) => C:\Users\iliass
jason (S-1-5-21-160836397-1182576916-2634638105-1000 - Administrator - Enabled) => C:\Users\jason
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Basic Operation Guide EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Bog) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
Epson Network Guide EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Netg) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-402 403 405 406 Series Printer Uninstall (HKLM\...\EPSON XP-402 403 405 406 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Free Studio version 6.5.1.415 (HKLM-x32\...\Free Studio_is1) (Version: 6.5.1.415 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.59.505 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.505 - DVDVideoSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotogràfica (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iPod for Windows 2006-01-10 (HKLM-x32\...\InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-01-10 (x32 Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Player Utilities 4.36 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.36 -  )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Login Now (HKLM-x32\...\{8326FDE1-F871-468A-8FC8-6A47C24B40DD}_is1) (Version:  - PC Login Now)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION) <==== ATTENTION
System Requirements Lab for Intel (64-bit) (HKLM\...\{6AEC3114-709D-4CFF-9296-ECE23ED19F97}) (Version: 4.5.11.0 - Husdawg, LLC)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3085581) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E93D8472-11CA-4A0C-B31F-C82C9E9AA1CC}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
User's Guide EPSON XP-402 403 405 406 Series (HKLM-x32\...\EPSON XP-402 403 405 406 Series Useg) (Version:  - )
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 16.4.3505.0912 - Корпорация Майкрософт) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-160836397-1182576916-2634638105-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jason\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
 
==================== Restore Points =========================
 
16-12-2015 08:29:01 Windows Update
16-12-2015 17:48:09 Restore Operation
16-12-2015 19:35:55 Windows Update
17-12-2015 15:18:48 Windows Update
17-12-2015 15:41:56 Windows Update
18-12-2015 08:34:49 Windows Update
18-12-2015 09:17:49 Windows Update
19-12-2015 08:04:50 Windows Update
21-12-2015 14:35:55 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {016F30C8-F93F-47EC-9D4F-33FEAA3F59DE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {058853EA-A943-4C3D-B1CC-E8C7CA0BAEFD} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {064D8060-305C-418E-BD27-E03E8F983E16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {14B8B53C-0998-4DBD-9958-4830F110B90C} - System32\Tasks\{510DA591-C730-4EE4-8CE7-EDC1B5C6059B} => pcalua.exe -a C:\Users\jason\Downloads\win64_15288.exe -d C:\Users\jason\Desktop
Task: {41FD4731-01BE-4987-82BF-1D3257FECEE5} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {4616597D-25F1-4135-8DB6-7D7237D118F8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4C3EE566-D674-429F-9918-B475B2A0CF16} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {6129F392-79A8-45B3-958D-878D5B6E14EB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {62ADF31C-50F6-4D9A-A3D5-55E9D683D851} - System32\Tasks\{7A99B99E-5D2F-4E9E-9420-7095592F9D96} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.59.103/en/abandoninstall?page=tsProgressBar
Task: {6446D3CB-128D-4E01-B551-71BDEA9FA9C2} - System32\Tasks\{3AF29389-423D-439A-A371-35D2E3CAFF82} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.59.103/en/abandoninstall?page=tsProgressBar
Task: {7BB167DB-166D-46B5-A28B-D620BEFAACD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {81C7D350-5F54-473B-89BC-8FFCFFD38800} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {863FBD16-E203-423B-98A9-4EDF25F34679} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-16] (Google Inc.)
Task: {8B52387E-B8A7-4040-AAB6-1F0D6BDC6855} - System32\Tasks\{AACE0BEC-2564-4E78-8DAC-C2200D2D1D51} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {A208A4CD-1DE2-4DB3-BECD-772F2E378FD1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {A3C74040-FEA8-4B15-A643-5077083A78EC} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {B5806226-1F24-4046-AA16-526FA35C724B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {CA446B20-5DF8-4637-B496-5A147CFBAB74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-16] (Adobe Systems Incorporated)
Task: {CCEAA00E-2C97-4761-ACC1-EB4B609F6952} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-160836397-1182576916-2634638105-1000UA => C:\Users\jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-21] (Facebook Inc.)
Task: {CF1832AA-AF7D-4302-9CBD-D0AC5DFE44BD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D1F54C7D-64C4-4DE3-88D0-3BB004BCCBF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {E25FD2C6-8635-4D12-B3D7-1576C8015A95} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EC888962-B0DF-4951-9106-8758F7BD38A4} - System32\Tasks\{42FDE62F-221B-4D06-BE51-55EDFA84EEEB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Task: {F7051245-7C38-48E1-8629-B75C33F21F5F} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {F80F067A-1B0F-4A85-9E1A-0D08597EC00C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-160836397-1182576916-2634638105-1000Core => C:\Users\jason\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-21] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160836397-1182576916-2634638105-1000Core.job => C:\Users\jason\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-160836397-1182576916-2634638105-1000UA.job => C:\Users\jason\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-01-10 18:12 - 2012-01-10 18:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 04696432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-04-24 01:29 - 2011-04-24 01:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 01:29 - 2011-04-24 01:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-19 10:49 - 2013-12-19 10:49 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2011-08-24 15:03 - 2011-08-24 15:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-10-19 08:36 - 2014-10-19 08:36 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2011-10-14 12:31 - 2010-04-13 16:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-12-16 18:36 - 2015-12-11 03:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 18:36 - 2015-12-11 03:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-160836397-1182576916-2634638105-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jason\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E6977048-9800-434D-A2C6-41EDB955EE15}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4700DB90-46A7-48A3-83D9-96B578A9AB77}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{58CE98EE-EE65-40AA-807D-FCA6D1E9B286}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F6935DA1-E27E-4B3F-A602-F2E940D35348}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{B0AE6DD5-33BA-4A5C-99A6-95F8D1447EE7}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{737FE0A5-D9D2-427C-906E-B8715EAE2095}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{47A22984-02AC-47E7-A4A6-88D169085C8C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{3B5E40CC-C5B7-4BB5-A6B3-332BB8F1121C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{53C73BB6-C233-4218-B373-89CF855D9BE9}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{F52A6C55-4F77-4356-B28B-DFE0C56EF8FD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{014C28BC-9F59-428B-84F7-4F679A925B3D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{BA20A10D-DE12-4AE8-A9E3-910A0AA72D0F}C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe] => (Allow) C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe
FirewallRules: [uDP Query User{C8B338BF-A717-4C86-BF08-7041D1C73D58}C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe] => (Allow) C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe
FirewallRules: [TCP Query User{984D9F97-233D-455B-B2F0-5DED6D413E41}C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe] => (Block) C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe
FirewallRules: [uDP Query User{22FBE067-5231-47BC-A048-C341969DB30E}C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe] => (Block) C:\program files (x86)\kudoschatsearchagent\kudoschatsearchagent.exe
FirewallRules: [{DF959608-19C6-47D9-99FF-13C860AAFEB6}] => (Allow) C:\Users\jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{A21505A3-0A65-4FE8-8FA1-C18A601C05EF}] => (Allow) C:\Users\jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{804908D8-B032-4F83-B957-7D7676C0F7F0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CB5D2274-AD5E-486D-BF55-97C510A66A75}] => (Allow) LPort=2869
FirewallRules: [{9636B841-D9EB-42F3-84E7-AAD3151B014C}] => (Allow) LPort=1900
FirewallRules: [{0C259101-B2ED-4AE7-8000-6CDCB7E8ABCC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{36CB4C2B-E122-4BB0-A675-E67DD6618DBB}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{DE9B7D12-7E28-44BE-B3A4-F89591993817}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{15C7A113-0537-4C17-A715-AE3FAB587BB7}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{487BD8BD-C7FA-427E-999F-529983495B80}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{443FBE83-1B85-42E0-8934-A0BB9D1F54B2}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{AD29060E-7199-415A-A370-E5FAD0FFEE57}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{71DE1F80-02C2-4C15-A7EA-66F74C7C9514}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [uDP Query User{DFE703CD-E0C0-4236-B10F-16887B8340D1}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{BD454C47-AE9C-42AE-BB09-F5AE73B946DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E34415F6-7510-42ED-9545-ECB0A9DD970A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3A63892-0A11-4A5F-9077-6858A4728C09}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41C70176-03BF-4CC1-B5C4-5EF93561F4F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4CDAAF5E-AFA7-4662-BE30-9153D627020F}C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{7E12ADEA-3478-4292-A2F8-789568A8C17D}C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jason\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AD089596-6880-47B6-BE15-1A5A85642CC3}] => (Allow) C:\Users\jason\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{0F2F1B79-0162-4A57-B32F-F9EB168C7CA3}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{1562CB1F-9363-42BE-B5D9-4C9D4F207C7B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{6E3FB877-6BF6-4601-BC29-3BCEADB6221A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{36102961-5296-46E3-9745-D4F9A5217434}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{B3EDF776-9B6F-4C71-8FAF-C85E9626C06C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{930E8999-CC49-4F41-B8C1-B5A5B05B012E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5BD7CD49-12A4-4AC3-B569-7E8E761DD51C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB429ED1-1048-46BD-8E3F-D400A6CF21E8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/23/2015 12:54:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (12/23/2015 11:38:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/23/2015 10:55:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24968381
 
Error: (12/23/2015 10:55:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 24968381
 
Error: (12/23/2015 10:55:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/23/2015 03:59:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9297
 
Error: (12/23/2015 03:59:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9297
 
Error: (12/23/2015 03:59:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/23/2015 03:59:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8268
 
Error: (12/23/2015 03:59:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8268
 
 
System errors:
=============
Error: (12/23/2015 12:32:49 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ACER)
Description: 0x8000002a118\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-160836397-1182576916-2634638105-1001-0-UsrClass.dat
 
Error: (12/23/2015 12:32:42 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ACER)
Description: 0x8000002a64\??\C:\Users\iliass\AppData\Local\Microsoft\Windows\UsrClass.dat
 
Error: (12/23/2015 11:52:20 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ACER)
Description: 0x8000002a118\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-160836397-1182576916-2634638105-1001-0-UsrClass.dat
 
Error: (12/23/2015 11:52:10 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: ACER)
Description: 0x8000002a118\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-160836397-1182576916-2634638105-1001-0-UsrClass.dat
 
Error: (12/23/2015 11:38:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:30:47 AM on ‎12/‎23/‎2015 was unexpected.
 
Error: (12/22/2015 05:02:48 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/22/2015 05:02:48 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (12/22/2015 12:33:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a64\??\c:\users\iliass\AppData\Local\Microsoft\Windows\usrclass.dat
 
Error: (12/22/2015 10:56:01 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a64\??\c:\users\iliass\AppData\Local\Microsoft\Windows\usrclass.dat
 
Error: (12/21/2015 09:58:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
 
 
CodeIntegrity:
===================================
  Date: 2013-11-09 17:42:13.497
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-09 17:42:13.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-11-17 17:47:47.799
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-17 17:47:47.774
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-17 15:18:09.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-17 15:18:09.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-17 14:32:24.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-17 14:32:24.898
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-17 13:49:33.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-17 13:49:33.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 63%
Total physical RAM: 3766.7 MB
Available physical RAM: 1373.14 MB
Total Virtual: 7531.61 MB
Available Virtual: 4961.58 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:127.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DC9D2A7A)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.