Arabyonline.com pop-up/malware removal from google chrome

Status
Not open for further replies.

iHateArabyOnline

New Member
Thread author
Mar 28, 2015
7
FRST scan log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Admin (administrator) on ADMIN-PC on 29-03-2015 03:03:14
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin & fbwuser)
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-12-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Kepard] => "C:\Program Files (x86)\Kepard\Kepard.exe" tray
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-12] (Google Inc.)
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [1022352 2012-07-02] (BitTorrent, Inc.)
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [NI4TH6NZFE] => C:\Users\Admin\AppData\Roaming\yTGD4RNoF\yiFguCpBt.exe [1680896 2013-02-09] (Windows)
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-09] (WordWeb Software)
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\MountPoints2: {5a5b0e25-8639-11e1-9741-fc9d06134537} - G:\LaunchU3.exe -a
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-27] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-27] (Kaspersky Lab ZAO)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-27] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-27] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-19] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-27] (Kaspersky Lab ZAO)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-01] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-27] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 193.188.97.211 193.188.97.197

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-12-03] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-12-03] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2891971351-2350418588-1802881347-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2891971351-2350418588-1802881347-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-08-09]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-09]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-08-09]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-08-09]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-08-09]
FF HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WCaptureX - C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-04-11]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://google.com/", "hxxp://www.sweet-page.com/?type=hp&ts=1424818265&from=cor&uid=TOSHIBAXMK5075GSX_Y176P69BTXXY176P69BT"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-03-27]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-08-09]
CHR Extension: (Highlight to Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2015-03-24]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-27]
CHR Extension: (Safe Money) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2015-03-27]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2015-03-27]
CHR Extension: (RealDownloader) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-27]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Anti-Banner) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2015-03-27]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-02-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-02-27]
StartMenuInternet: Google Chrome - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-02-27] (Kaspersky Lab ZAO)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [189952 2010-06-23] (Hauppauge, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-02-27] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-08-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-08-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-02-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-02-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-02-27] (Kaspersky Lab ZAO)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 03:03 - 2015-03-29 03:06 - 00025086 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-03-29 03:02 - 2015-03-29 03:02 - 00000000 ____D () C:\Windows\system32\SPReview
2015-03-29 03:01 - 2015-03-29 03:02 - 02095616 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-03-28 19:58 - 2015-03-28 19:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\{8CF2662E-D616-4D44-9ED3-D3C1FB993720}
2015-03-28 19:47 - 2015-03-28 19:47 - 00015367 _____ () C:\Users\Admin\Downloads\[kickass.to]muck.2015.1080p.brrip.x264.yify.torrent
2015-03-28 18:37 - 2015-03-28 18:37 - 00019413 _____ () C:\Users\Admin\Downloads\[kickass.to]blended.2014.1080p.brrip.x264.yify.torrent
2015-03-28 18:36 - 2015-03-28 18:36 - 00020697 _____ () C:\Users\Admin\Downloads\[kickass.to]12.years.a.slave.2013.1080p.brrip.x264.yify.torrent
2015-03-28 15:49 - 2015-03-28 15:49 - 00019744 _____ () C:\Users\Admin\Downloads\[kickass.to]wild.2014.1080p.brrip.x264.yify.torrent
2015-03-28 15:47 - 2015-03-28 15:47 - 00015267 _____ () C:\Users\Admin\Downloads\[kickass.to]dracula.untold.2014.1080p.brrip.x264.yify.torrent
2015-03-28 15:46 - 2015-03-28 15:46 - 00008782 _____ () C:\Users\Admin\Downloads\[kickass.to]horrible.bosses.2.2014.720p.brrip.x264.yify.torrent
2015-03-28 15:45 - 2015-03-28 15:45 - 00017457 _____ () C:\Users\Admin\Downloads\[kickass.to]teenage.mutant.ninja.turtles.2014.1080p.brrip.x264.yify.torrent
2015-03-28 15:44 - 2015-03-28 15:44 - 00008153 _____ () C:\Users\Admin\Downloads\[kickass.to]penguins.of.madagascar.2014.720p.brrip.x264.yify.torrent
2015-03-28 15:43 - 2015-03-28 15:43 - 00008688 _____ () C:\Users\Admin\Downloads\[kickass.to]big.hero.6.2014.720p.brrip.x264.yify.torrent
2015-03-27 21:15 - 2015-03-27 21:15 - 04441416 _____ (Google) C:\Users\Admin\Downloads\software_removal_tool.exe
2015-03-27 21:15 - 2015-03-27 21:15 - 00004197 _____ () C:\Users\Admin\Downloads\software_removal_tool.log
2015-03-27 19:34 - 2015-03-27 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-27 19:00 - 2015-03-27 19:32 - 00000000 ____D () C:\AdwCleaner
2015-03-27 18:12 - 2015-03-27 18:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\{66A2BAA9-A0A8-4BD8-B228-D7F4A97FCB6B}
2015-03-27 17:05 - 2015-03-27 17:05 - 00000000 ____D () C:\Users\Admin\AppData\Local\{72DB383C-64FE-42D7-969A-2704207951AB}
2015-03-27 03:59 - 2015-03-27 03:59 - 00000000 _____ () C:\autoexec.bat
2015-03-27 03:29 - 2015-03-29 03:03 - 00000000 ____D () C:\FRST
2015-03-27 03:22 - 2015-03-27 03:22 - 00000000 ____D () C:\zoek_backup
2015-03-26 19:29 - 2015-03-28 21:08 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000
2015-03-26 19:29 - 2015-03-28 21:08 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000
2015-03-25 17:49 - 2015-03-11 05:39 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 17:49 - 2015-03-11 05:39 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 17:49 - 2015-03-11 05:39 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 17:49 - 2015-03-11 05:39 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 17:49 - 2015-03-11 05:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 17:49 - 2015-03-11 05:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 17:49 - 2015-03-11 05:34 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 22:57 - 2015-03-24 22:57 - 00173698 _____ () C:\Users\Admin\Downloads\[kickass.to]the.equalizer.2014.480p.hc.brrip.xvid.ac3.acab.torrent
2015-03-24 22:34 - 2015-03-28 20:40 - 00004546 __RSH () C:\ProgramData\ntuser.pol
2015-03-24 22:34 - 2015-03-27 18:16 - 00000000 ____D () C:\ProgramData\AdsFree
2015-03-24 22:34 - 2015-03-24 22:34 - 00003750 _____ () C:\Windows\System32\Tasks\Newsfeed
2015-03-24 22:34 - 2015-03-24 22:34 - 00003256 _____ () C:\Windows\System32\Tasks\AdUp Update
2015-03-24 22:34 - 2015-03-24 22:34 - 00000066 _____ () C:\Windows\SysWOW64\sn.txt
2015-03-24 22:34 - 2015-03-24 22:34 - 00000058 _____ () C:\Windows\SysWOW64\out.txt
2015-03-24 22:34 - 2015-03-24 22:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Ndoye
2015-03-24 22:34 - 2015-03-24 22:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\homerj
2015-03-24 22:34 - 2015-03-24 22:34 - 00000000 ____D () C:\ProgramData\Mistl
2015-03-21 13:58 - 2015-03-21 13:58 - 00000000 ____D () C:\Users\Admin\AppData\Local\{4589FD46-A439-4D63-B6F4-67CA56AC6847}
2015-03-20 22:12 - 2015-03-24 22:34 - 00003720 _____ () C:\Windows\System32\Tasks\Mistl
2015-03-20 22:12 - 2015-03-24 22:34 - 00003224 _____ () C:\Windows\System32\Tasks\9A5A8340-6B15
2015-03-20 22:12 - 2015-03-21 14:03 - 00000000 ____D () C:\ProgramData\Drv
2015-03-20 22:12 - 2015-03-21 03:36 - 00000000 ____D () C:\ProgramData\Kirin
2015-03-20 22:12 - 2015-03-20 22:12 - 00003240 _____ () C:\Windows\System32\Tasks\Drv Update
2015-03-20 22:12 - 2015-03-20 22:12 - 00000027 _____ () C:\Users\Admin\AppData\Local\f123.txt
2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\htcon
2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Fixs
2015-03-20 22:12 - 2015-03-20 22:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Crown
2015-03-20 19:35 - 2015-03-21 13:53 - 00262144 _____ () C:\Windows\system32\config\elam
2015-03-16 08:56 - 2015-03-16 08:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\{0C5448C2-A9AA-4E0F-ACCB-8401E9BEE81E}
2015-03-11 00:59 - 2015-03-11 01:00 - 00000000 ____D () C:\Users\Admin\Desktop\pSX_1_13
2015-03-11 00:50 - 2015-03-11 00:51 - 00661688 _____ () C:\Users\Admin\Downloads\pSX_1_13.rar
2015-03-10 14:35 - 2015-03-10 14:35 - 00010728 _____ () C:\Users\Admin\Downloads\[kickass.to]exodus.gods.and.kings.2014.720p.brrip.x264.yify.torrent
2015-03-10 14:21 - 2015-03-20 22:30 - 00000000 ____D () C:\Users\Admin\Desktop\Games
2015-03-08 05:17 - 2015-03-08 05:17 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-03-08 05:16 - 2015-03-08 05:17 - 00000000 ____D () C:\Users\Admin\AppData\Local\{C3484A5B-EB74-463F-BF0E-484CCB39D19C}
2015-03-07 22:47 - 2015-03-11 01:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-03-07 22:46 - 2015-03-07 22:46 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-07 22:46 - 2015-03-07 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-07 22:46 - 2015-03-07 22:46 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-07 22:42 - 2015-03-07 22:43 - 28509232 _____ () C:\Users\Admin\Downloads\vlc-2.2.0-win32.exe
2015-02-28 05:31 - 2015-02-28 08:13 - 00000000 ____D () C:\Users\Admin\Desktop\PCSX2 1.2.1
2015-02-28 05:30 - 2015-02-28 05:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-02-28 05:30 - 2015-02-28 05:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2015-02-28 05:19 - 2015-02-28 05:19 - 00000923 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-02-28 05:19 - 2015-02-28 05:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\MotioninJoy
2015-02-28 05:19 - 2015-02-28 05:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-02-28 05:19 - 2015-02-28 05:19 - 00000000 ____D () C:\Program Files\MotioninJoy
2015-02-28 05:19 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2015-02-28 05:19 - 2011-12-07 19:42 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-28 05:19 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-02-28 05:19 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2015-02-28 05:18 - 2012-05-12 07:33 - 04199240 _____ (www.motioninjoy.com ) C:\Users\Admin\Desktop\MotioninJoy_071001_signed.exe
2015-02-28 05:17 - 2015-02-28 05:18 - 04117346 _____ () C:\Users\Admin\Downloads\MotioninJoy_071001_signed.zip
2015-02-28 05:03 - 2015-02-28 05:03 - 00000000 ____D () C:\Users\Admin\Documents\PCSX2
2015-02-28 04:59 - 2015-03-08 05:13 - 00001894 _____ () C:\Windows\system32\ASOROSet.bin
2015-02-28 04:58 - 2015-02-28 04:59 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2015-02-28 04:52 - 2015-02-28 04:52 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IsolatedStorage
2015-02-28 04:52 - 2015-02-28 04:52 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-28 04:47 - 2015-02-28 18:01 - 00000000 ____D () C:\Program Files (x86)\WinThruster
2015-02-28 04:45 - 2015-02-28 04:46 - 02981504 _____ () C:\Users\Admin\Downloads\Setup_FileViewPro_[2015] (1).exe
2015-02-28 04:42 - 2015-02-28 04:42 - 00000000 ____D () C:\Spacekace
2015-02-28 04:40 - 2015-02-28 04:41 - 02981504 _____ () C:\Users\Admin\Downloads\Setup_FileViewPro_[2015].exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 03:07 - 2012-06-19 17:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-03-29 03:06 - 2009-07-14 07:45 - 00021632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 03:06 - 2009-07-14 07:45 - 00021632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 03:04 - 2012-04-12 20:33 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA.job
2015-03-29 03:02 - 2014-09-17 04:52 - 01565983 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 02:38 - 2012-10-24 05:47 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-29 02:28 - 2012-04-12 20:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-29 02:28 - 2012-04-12 20:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 01:34 - 2014-08-09 20:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-29 00:43 - 2015-02-17 23:46 - 00000000 ____D () C:\Users\Admin\Desktop\AOU
2015-03-28 22:38 - 2012-10-24 05:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 21:08 - 2012-04-11 11:42 - 00000000 ____D () C:\Users\Admin\Tracing
2015-03-28 21:07 - 2014-09-05 04:44 - 00021566 _____ () C:\Windows\setupact.log
2015-03-28 21:07 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 20:02 - 2013-07-03 10:43 - 00000000 ____D () C:\Users\Admin\Desktop\Movies
2015-03-28 15:44 - 2012-04-12 20:33 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core.job
2015-03-28 15:33 - 2009-07-14 08:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 21:34 - 2009-07-14 08:08 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 20:58 - 2014-10-19 13:00 - 00029966 _____ () C:\Windows\PFRO.log
2015-03-27 02:07 - 2012-04-11 01:17 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-03-26 19:30 - 2014-12-11 03:24 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 19:30 - 2014-10-19 12:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 01:45 - 2014-06-20 03:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-03-25 01:45 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-24 22:34 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-11 04:35 - 2012-04-10 23:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 04:34 - 2009-07-14 05:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-11 03:19 - 2013-08-07 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:03 - 2012-04-14 04:50 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 05:15 - 2012-04-10 23:26 - 00000000 ____D () C:\Users\Admin
2015-03-08 05:14 - 2009-07-14 05:34 - 70516736 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-03-08 05:14 - 2009-07-14 05:34 - 20185088 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-03-08 05:14 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-03-08 05:09 - 2009-07-14 05:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

==================== Files in the root of some directories =======

2015-03-25 01:36 - 2015-03-25 01:36 - 0033134 _____ () C:\Users\Admin\AppData\Roaming\UserTile.png
2015-03-20 22:12 - 2015-03-20 22:12 - 0000027 _____ () C:\Users\Admin\AppData\Local\f123.txt

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\AVGTBInstall.exe
C:\Users\Admin\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup15.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup164.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup172.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup2139.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup270.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup272.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup3250.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup4391.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup4653.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup4976.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup6124.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup6434.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup649.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup7255.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup8059.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup8217.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup8327.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup8515.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup863.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup866.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup8776.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup9682.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup9725.exe
C:\Users\Admin\AppData\Local\Temp\CloudBackup9966.exe
C:\Users\Admin\AppData\Local\Temp\oi_{D5E5119A-0303-4496-8D02-6CA31BBCDE9C}.exe
C:\Users\Admin\AppData\Local\Temp\Runner.exe
C:\Users\Admin\AppData\Local\Temp\vcredist_2013_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 02:33

==================== End Of Log ============================

Addition scan log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Admin at 2015-03-29 03:09:45
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Burn4Free DB Toolbar Toolbar (HKLM-x32\...\Burn4Free DB Toolbar Toolbar) (Version: - )
Burn4Free DVD Burning 5.9.0.0 (HKLM-x32\...\Burn4Free DVD Burning_is1) (Version: - Ikysasoft s.r.l. uninominale)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc‎.‎)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree)
Hotspot Shield Toolbar (HKLM-x32\...\Hotspot_Shield Toolbar) (Version: 6.8.9.0 - Hotspot Shield) <==== ATTENTION
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Graphics Driver 268.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.57 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.85.5 - TOSHIBA CORPORATION)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.1.5 - TOSHIBA Corporation)
uTorrentControl2 Toolbar (HKLM-x32\...\uTorrentControl2 Toolbar) (Version: 6.8.11.4 - uTorrentControl2) <==== ATTENTION
Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2891971351-2350418588-1802881347-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

29-03-2015 03:00:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E6BF14-3781-4262-8A59-C6956C29014D} - System32\Tasks\AdUp Update => C:\ProgramData\AdsFree\AdsFree.exe [2015-02-05] ()
Task: {063B8842-A097-4DD3-96E9-31CF42A40B0D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0EB704F5-3057-4E23-BE61-AEE6BE2D1E99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12] (Adobe Systems Incorporated)
Task: {3971E0C7-8F44-435D-978B-C2CAD808567C} - System32\Tasks\{DE629398-970E-4F45-9610-04A70A571D02} => pcalua.exe -a E:\WebCam\Setup\Setup.exe -d E:\
Task: {39FE3127-5335-4B33-B73A-86618512033D} - System32\Tasks\Mistl => C:\ProgramData\Mistl\Mistl.exe
Task: {4BB1B550-689C-4D71-8D20-48F2190D78F0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: {56BC178D-3AA8-45B4-9EC1-9130A72735DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.)
Task: {6F9FEEF0-9791-44D8-A4E6-F51CBFAD9088} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8200703A-25D2-436F-BAB9-77CC9F41DEA8} - System32\Tasks\Newsfeed => C:\Users\Admin\AppData\Roaming\homerj\c32s.exe [2015-03-19] ()
Task: {B4724B72-A23A-4A99-9084-5DD6AD96E7C4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B655482D-9882-4ACB-9C53-AA8DCA73F466} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {BD284272-9247-4B99-A2AF-35C36738015E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-24] (Google Inc.)
Task: {C2693C65-CDB1-46A4-9C9C-9D8BA6F32DDA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-12] (Google Inc.)
Task: {C2A47750-A53C-4780-B2B1-E769F2553FEA} - System32\Tasks\Drv Update => C:\ProgramData\Drv\Drv.exe [2015-03-05] ()
Task: {D7C0D450-FEC4-4C76-9AFF-CDD2B25F424B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E3E16045-6760-4895-AD6B-1694ED2B7964} - System32\Tasks\{8E41A7EC-7D30-4940-8C6D-CBD0C5A6F266} => Chrome.exe http://www.skype.com/go/downloading?source=installer&amp;ver=6.1.0.129.272&amp;LastError=-9
Task: {EE738FA4-4007-41BF-BFBD-DB0D80AC9BA8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2891971351-2350418588-1802881347-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F512C7D6-9089-400A-AFBE-AA6DB8FC2186} - System32\Tasks\9A5A8340-6B15 => C:\Users\Admin\AppData\Roaming\Ndoye\Updater.exe [2015-02-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891971351-2350418588-1802881347-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-05-17 01:34 - 2014-05-17 01:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-05-17 03:11 - 2014-05-17 03:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-11 01:17 - 2011-07-13 21:06 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll
2015-03-22 00:07 - 2015-03-14 13:12 - 01174856 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-22 00:07 - 2015-03-14 13:12 - 00080200 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-22 00:07 - 2015-03-14 13:12 - 09278792 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-22 00:07 - 2015-03-14 13:12 - 14974280 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Admin\Downloads\Appointment Required.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2891971351-2350418588-1802881347-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.188.97.211 - 193.188.97.197

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Admin (S-1-5-21-2891971351-2350418588-1802881347-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2891971351-2350418588-1802881347-500 - Administrator - Disabled)
fbwuser (S-1-5-21-2891971351-2350418588-1802881347-1003 - Limited - Disabled) => C:\Users\fbwuser
Guest (S-1-5-21-2891971351-2350418588-1802881347-501 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth RFCOMM
Description: Bluetooth RFCOMM
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: TOSHIBA
Service: tosrfcom
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/27/2015 08:43:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc00000fd
Fault offset: 0x0002f29d
Faulting process id: 0xaa4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (03/27/2015 08:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc00000fd
Fault offset: 0x0002ea7e
Faulting process id: 0xe50
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (03/27/2015 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc00000fd
Fault offset: 0x0002fcdb
Faulting process id: 0x12c8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (03/27/2015 07:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.922, time stamp: 0x55010546
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc00000fd
Fault offset: 0x0002fcdb
Faulting process id: 0xd34
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0 for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x00000000025e9e70
Faulting process id: 0x994
Faulting application start time: 0xsvchost.exe_WinDefend0
Faulting application path: svchost.exe_WinDefend1
Faulting module path: svchost.exe_WinDefend2
Report Id: svchost.exe_WinDefend3

Error: (03/27/2015 02:34:22 AM) (Source: MsiInstaller) (EventID: 11730) (User: Admin-PC)
Description: Product: Vizzed Retro Game Room -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.

Error: (03/26/2015 07:29:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).


System errors:
=============
Error: (03/29/2015 02:55:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 02:55:19 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 01:38:09 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 01:38:09 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 01:38:09 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 01:20:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 01:20:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 00:27:24 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 00:27:24 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (03/29/2015 00:27:24 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/28/2015 08:49:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/27/2015 08:43:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002f29daa401d068b3aa4c3540C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dllc68d5514-d4a8-11e4-8195-dc0ea13ab9d6

Error: (03/27/2015 08:27:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002ea7ee5001d068b162a4c29fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll90423fbc-d4a6-11e4-8195-dc0ea13ab9d6

Error: (03/27/2015 08:13:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002fcdb12c801d068af6730d136C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll9386cb06-d4a4-11e4-8195-dc0ea13ab9d6

Error: (03/27/2015 07:56:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.92255010546ntdll.dll6.1.7600.169154ec49d10c00000fd0002fcdbd3401d068ac0bc821f4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Windows\SysWOW64\ntdll.dll26bfca93-d4a2-11e4-8195-dc0ea13ab9d6

Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-3C7FB80A587D6D7637447D95EB636128F9A83A30.bin.VE0Host Process for Windows ServicesC00001853

Error: (03/27/2015 05:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WinDefend6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000600000000025e9e7099401d06896dc4e8577C:\Windows\System32\svchost.exeunknowne511b7b5-d48a-11e4-8ef7-dc0ea13ab9d6

Error: (03/27/2015 02:34:22 AM) (Source: MsiInstaller) (EventID: 11730) (User: Admin-PC)
Description: Product: Vizzed Retro Game Room -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/26/2015 07:29:02 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101


CodeIntegrity Errors:
===================================
Date: 2015-03-27 02:14:44.353
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-27 02:14:42.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 04:01:22.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-09 04:01:22.731
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 19:38:07.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 19:38:07.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 19:30:38.461
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 19:30:38.451
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 04:29:40.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-12-12 04:29:40.418
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 68%
Total physical RAM: 4073.76 MB
Available physical RAM: 1264.75 MB
Total Pagefile: 4071.9 MB
Available Pagefile: 1053.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:111.83 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:270.35 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.48 GB) (Free:727.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10D36F71)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: C231E5FD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top