1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PUPS found mostly related to Softonic (parasite?)

Discussion in 'Virus & Other Malware Removal' started by 00J1817900, Apr 2, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    I am not currently on the PC pertaining to this inquiry. Therefore, no SysInfo log given yet.
    I was just curious as to the latest news and/ or concerns with Softonic. I've often read about their parasitic ways but have yet to find any chatter about how to completely remove it once it's discovered.

    Basic Info :
    Softonic discovered and quarantined by recent run of Malwarebytes Free

    Dell Desktop Pc
    WIN 7 Home Premium (64)
    2 users/ mostly Firefox (defaulted)
    IE and Chrome installed as well

    How concerned should I be about this ? No major issues other than PC being sluggish occasionally.

    I will be back soon with SysInfo and MWB logs

    Thank you in advance ! God Bless
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    In addition to delivering bundled adware with free downloads, Softonic sometimes delivers "toolbars" and "updaters" which can result in repeat adware infections.
    You need to run scans to see if any of those are present.
    Removing traces of Softonic does not remove any adware you already have, even if they were the original delivery vehicle.
    .
     
  3. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    Thank you for the reply askey127...
    I was out on vacation for a few days. I will get on this first thing tomorrow.
     
  4. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    If you would like any guidance about which tools to use, let me know.
     
  5. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    I was about to begin the normal suggested Sysinfo check and perhaps find a recent log from Malwarebytes and post both of them here. If you'd like me to begin differently just let me know.
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    The MBAM results may be helpful.
    I would run this as well.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.
     
  7. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    Okay... I think I have what ya need to get us started, minus the MBAM logs. Gonna work on those while you look at what's here. Again, this is a barely used PC that isn't very old. There are some random users that visit so who knows what you'll find. I'll be back here later today to check our progress. Thanks again for your help !

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 4
    RAM: 4008 Mb
    Graphics Card: Intel(R) HD Graphics, 1812 Mb
    Hard Drives: C: Total - 935859 MB, Free - 614997 MB;
    Motherboard: Dell Inc., 0GDG8Y
    Antivirus: avast! Antivirus, Disabled

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Jorge at 2015-04-08 05:58:04
    Running from C:\Users\Jorge\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\...\uTorrent) (Version: 3.3.2.30260 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2214 - AVAST Software)
    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
    Cursor Commander (HKLM-x32\...\Cursor Commander) (Version: 1.0 - Winaero.com)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
    Dell System Detect (HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
    Dokan Library 0.5.3 (HKLM-x32\...\DokanLibrary) (Version: - )
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.9.56.313 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
    Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 4.70 - Philipp Winterberg)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B03 - )
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 11.0 - PlotSoft LLC)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
    QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Softonic Assistant (HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\...\SoftonicAssistant) (Version: 0.1.6 - Softonic International S.A.) <==== ATTENTION
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    27-01-2015 12:50:57 Windows Update
    27-01-2015 15:37:38 Removed iTunes
    30-01-2015 14:07:31 Windows Update
    31-01-2015 05:10:43 Removed QuickTime 7
    31-01-2015 05:11:57 Removed Apple Software Update
    31-01-2015 05:12:46 Removed Apple Mobile Device Support
    31-01-2015 05:14:35 Removed Bonjour
    31-01-2015 05:15:33 Removed Apple Application Support
    01-02-2015 16:24:44 avast! antivirus system restore point
    03-02-2015 14:42:10 Windows Update
    10-02-2015 07:12:58 Windows Update
    11-02-2015 04:00:19 Windows Update
    12-02-2015 04:00:11 Windows Update
    20-02-2015 17:40:32 Scheduled Checkpoint
    20-02-2015 17:56:39 Windows Update
    20-02-2015 19:40:03 Windows Update
    23-02-2015 15:59:15 Installed iTunes
    24-02-2015 09:41:03 Windows Update
    26-02-2015 04:00:10 Windows Update
    03-03-2015 15:54:15 Windows Update
    05-03-2015 22:03:49 Revo Uninstaller's restore point - WinSCP 5.5.6
    07-03-2015 09:33:55 Windows Update
    11-03-2015 16:34:05 Windows Update
    17-03-2015 14:23:13 Windows Update
    20-03-2015 00:37:52 avast! antivirus system restore point
    21-03-2015 08:16:34 Windows Update
    24-03-2015 22:07:29 Windows Update
    25-03-2015 03:00:25 Windows Update
    25-03-2015 15:34:45 Installed PDFill FREE PDF Tools
    31-03-2015 13:46:53 Windows Update
    05-04-2015 03:01:00 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-04-02 00:37 - 00450028 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0C34DB83-6B6B-40B7-9A16-EB489B0FDDEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-17] (Adobe Systems Incorporated)
    Task: {11C5321B-FF56-491E-8894-DE6D9D056428} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
    Task: {11D6C1B5-A85B-40F3-80D5-AA34CADE6C88} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {1DD94939-603D-4AA3-992C-40896ED18BA9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {3216CC3A-739C-4BDD-A922-1B1E52ACE307} - System32\Tasks\AdobeAAMUpdater-1.0-Kathy-PC-Jorge => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
    Task: {3B38DF61-F21E-48CC-921C-AF4ED3B672B6} - System32\Tasks\AdobeAAMUpdater-1.0-Kathy-PC-Kathy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
    Task: {3EBC1185-FBE5-4195-B5C1-3F56B7464164} - System32\Tasks\{9063FA5D-E45F-409D-BB40-CEFEE20A4792} => pcalua.exe -a D:\Autoplay.exe -d D:\ -c -auto
    Task: {4D61579B-7812-4F88-9CBD-B1B3225EE6E9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {507DD2DB-0BEB-45F7-8130-288A4EC01653} - System32\Tasks\{E44F73D5-9FDE-46E6-85AC-4D0E8B678385} => pcalua.exe -a C:\Users\Jorge\Downloads\WindowsPhone.exe -d C:\Users\Jorge\Downloads
    Task: {5B2B0BCF-0F1F-4F4F-ABB7-D5D9D29EB104} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-20] (Avast Software s.r.o.)
    Task: {5C30E010-0872-4880-AB83-49AA421E99BA} - System32\Tasks\avastBCLRestartS-1-5-21-4294075401-3671837289-1785583548-1003 => Firefox.exe
    Task: {5C32A34D-7BA4-415E-90E5-AB2E3F842DD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18] (Google Inc.)
    Task: {6BEC23A5-530F-47F7-99C4-FCD24DA02275} - System32\Tasks\{E7BFE68A-9AEA-47EE-A95F-5890075E1460} => C:\Users\Jorge\Desktop\redsn0w.exe
    Task: {81116DD8-58AF-4228-A874-3512766FAFB2} - System32\Tasks\{A307CF2B-CE51-4016-8A1B-9833D32ED1AD} => C:\Users\Jorge\Desktop\redsn0w.exe
    Task: {86FFD902-BEBD-422F-A313-6A6AB6DC4D6E} - System32\Tasks\{6A912673-E0DB-45A1-86D3-33C2E410828F} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
    Task: {8F43F726-836F-4396-BA3D-947717702966} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {93DF42E0-531F-4B40-87BA-C8B818F360D8} - System32\Tasks\{B210AF36-1116-4407-99F3-774B523202CB} => C:\Program Files (x86)\iTunes\iTunes.exe [2015-02-13] (Apple Inc.)
    Task: {99BCB982-A882-45B0-B9F8-CC838A0B77AD} - System32\Tasks\{3F3A0010-A797-46ED-98B3-A021365B1C3E} => C:\Program Files (x86)\iTunes\iTunes.exe [2015-02-13] (Apple Inc.)
    Task: {9CB1861E-61BF-481E-9848-7CCB66ABD083} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {AE4E277B-573B-4F12-AC50-B214178E83FD} - System32\Tasks\{3763C1D0-34EB-4231-99F9-B9C2F07CA9E2} => C:\Program Files (x86)\iTunes\iTunes.exe [2015-02-13] (Apple Inc.)
    Task: {BF968E11-237A-4E70-860E-B405E2B27738} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {C162AF39-FCE8-43D2-8FB1-20124BBA9688} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {C23090EE-1FEC-4E19-95AD-4B2110F7D0F9} - System32\Tasks\{13E4B8A8-1784-4156-B2DA-74E6BB5CFC5B} => C:\Users\Jorge\Desktop\redsn0w.exe
    Task: {CA8F5CA8-BD7A-40BA-95B6-3075ABC6A10A} - System32\Tasks\{C9CB9867-44B4-4153-9504-7E992E06B9DA} => C:\Users\Jorge\Desktop\redsn0w.exe
    Task: {D0A7564A-5010-45EE-9A5E-E741F19241CC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {D8C12B72-BB79-4E43-87F1-984D0A6647B8} - \GreatArcadeHits No Task File <==== ATTENTION
    Task: {E1B3A70D-20D2-4934-B9A4-DAB4C660C64F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {E715FB0B-3F00-4027-9C60-0AB6FD3B7A07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-18] (Google Inc.)
    Task: {F72D6B02-2680-465A-86E3-602FB9F163CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-07-05 07:37 - 2010-07-05 07:37 - 00011776 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
    2012-06-26 16:40 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2015-03-20 00:38 - 2015-03-20 00:38 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-03-20 00:38 - 2015-03-20 00:38 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-04-08 05:40 - 2015-04-08 05:40 - 02925056 _____ () C:\Program Files\AVAST Software\Avast\defs\15040801\algo.dll
    2014-08-01 20:49 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-08-01 20:49 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-08-01 20:49 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-03-20 00:38 - 2015-03-20 00:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-03-20 00:38 - 2015-03-20 00:38 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
    2015-03-20 00:38 - 2015-03-20 00:38 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.2.208.1 - 8.8.8.8

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: YahooAUService => 2
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: SoftonicAssistant => "C:\Users\Kathy\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-4294075401-3671837289-1785583548-500 - Administrator - Disabled)
    Guest (S-1-5-21-4294075401-3671837289-1785583548-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4294075401-3671837289-1785583548-1014 - Limited - Enabled)
    Jorge (S-1-5-21-4294075401-3671837289-1785583548-1003 - Administrator - Enabled) => C:\Users\Jorge
    Kathy (S-1-5-21-4294075401-3671837289-1785583548-1000 - Administrator - Enabled) => C:\Users\Kathy

    ==================== Faulty Device Manager Devices =============

    Name: Dell Wireless 1502 802.11b/g/n
    Description: Dell Wireless 1502 802.11b/g/n
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Atheros Communications Inc.
    Service: athr
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/08/2015 05:49:48 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (04/08/2015 05:40:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/03/2015 08:17:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/02/2015 02:05:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/01/2015 04:17:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/01/2015 03:55:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program CCleaner64.exe version 4.18.0.4844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 454

    Start Time: 01d06c83c26acc13

    Termination Time: 0

    Application Path: C:\Program Files\CCleaner\CCleaner64.exe

    Report Id: 4be09377-d8b1-11e4-ac14-d4bed9cad583

    Error: (04/01/2015 09:27:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x519dbd47
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
    Exception code: 0xe0434352
    Fault offset: 0x0000c42d
    Faulting process id: 0x6c8
    Faulting application start time: 0xFreemakeUtilsService.exe0
    Faulting application path: FreemakeUtilsService.exe1
    Faulting module path: FreemakeUtilsService.exe2
    Report Id: FreemakeUtilsService.exe3

    Error: (04/01/2015 09:27:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: FreemakeUtilsService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentException
    Stack:
    at System.Security.Principal.SecurityIdentifier..ctor(System.String)
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
    at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
    at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
    at System.Threading.ThreadPoolWorkQueue.Dispatch()
    at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

    Error: (03/26/2015 09:10:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/25/2015 03:18:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (04/08/2015 05:45:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (04/08/2015 05:42:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/05/2015 03:01:40 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 80.

    Error: (04/05/2015 03:01:38 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 80.

    Error: (04/03/2015 08:19:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/02/2015 02:08:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/02/2015 02:05:29 AM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP040215-23602-01

    Error: (04/01/2015 04:19:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/01/2015 09:28:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

    Error: (03/26/2015 09:12:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (04/08/2015 05:49:48 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jorge\Downloads\SoftonicDownloader_for_imazing.exe

    Error: (04/08/2015 05:40:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/03/2015 08:17:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/02/2015 02:05:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/01/2015 04:17:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/01/2015 03:55:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: CCleaner64.exe4.18.0.484445401d06c83c26acc130C:\Program Files\CCleaner\CCleaner64.exe4be09377-d8b1-11e4-ac14-d4bed9cad583

    Error: (04/01/2015 09:27:19 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: FreemakeUtilsService.exe1.0.0.0519dbd47KERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d6c801d067ce8937724aC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Windows\syswow64\KERNELBASE.dll33668285-d87b-11e4-ac14-d4bed9cad583

    Error: (04/01/2015 09:27:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: FreemakeUtilsService.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: System.ArgumentException
    Stack:
    at System.Security.Principal.SecurityIdentifier..ctor(System.String)
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetSidToUsernameDictionary()
    at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
    at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
    at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
    at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
    at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
    at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
    at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
    at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
    at System.Threading.ThreadPoolWorkQueue.Dispatch()
    at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

    Error: (03/26/2015 09:10:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/25/2015 03:18:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-18 05:55:12.316
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSC666F.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-18 05:55:12.316
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSC666F.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-18 05:55:12.316
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSC666F.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-18 05:55:12.316
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSC666F.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-27 13:49:25.355
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSCCA89.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-27 13:49:25.355
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSCCA89.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-27 13:49:25.355
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSCCA89.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-07-27 13:49:25.355
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSCCA89.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-05-29 03:12:18.769
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSC3BF3.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-05-29 03:12:18.769
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore_3_8\VSC3BF3.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
    Percentage of memory in use: 35%
    Total physical RAM: 4008.63 MB
    Available physical RAM: 2603.1 MB
    Total Pagefile: 8015.45 MB
    Available Pagefile: 6508.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:913.93 GB) (Free:600.42 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 09C65DC3)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=17.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=913.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Jorge (administrator) on KATHY-PC on 08-04-2015 05:57:28
    Running from C:\Users\Jorge\Desktop
    Loaded Profiles: Jorge (Available profiles: Kathy & Jorge)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-20] (Avast Software s.r.o.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe [960688 2015-02-05] (Adobe Systems Incorporated)
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyServer: [S-1-5-21-4294075401-3671837289-1785583548-1003] => localhost:21320
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope {D592FF5E-4E8E-49A9-A2E1-1096D0B85A19} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {D592FF5E-4E8E-49A9-A2E1-1096D0B85A19} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {D592FF5E-4E8E-49A9-A2E1-1096D0B85A19} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4294075401-3671837289-1785583548-1003 -> {C0660786-3FDA-4E8A-9D8B-E783B54A7BA8} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-20] (Avast Software s.r.o.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-20] (Avast Software s.r.o.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 8.2.208.1 8.8.8.8 8.8.4.4

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\0tmza5zd.default-1419607843836
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF DefaultSearchEngine.US: Yahoo! (Avast)
    FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
    FF SearchEngineOrder.1: Yahoo! (Avast)
    FF Homepage: hxxp://www.fbclivingston.org/
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-08-21] (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
    FF SearchPlugin: C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\0tmza5zd.default-1419607843836\searchplugins\yahoo-avast.xml [2015-02-03]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-11]
    FF Extension: LavaFox V2-Blue - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\0tmza5zd.default-1419607843836\Extensions\[email protected] [2015-01-11]
    FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\0tmza5zd.default-1419607843836\Extensions\[email protected] [2015-01-05]
    FF Extension: Adblock Plus - C:\Users\Jorge\AppData\Roaming\Mozilla\Firefox\Profiles\0tmza5zd.default-1419607843836\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-05]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-18]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://www.google.com/"
    CHR Profile: C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
    CHR Extension: (Google Drive) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-18]
    CHR Extension: (YouTube) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
    CHR Extension: (Google Search) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
    CHR Extension: (Google+) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-12-18]
    CHR Extension: (Pandora) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-12-18]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-12-18]
    CHR Extension: (Google Wallet) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18]
    CHR Extension: (Gmail) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]
    CHR Extension: (Space Planet) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-12-18]
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-20]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-07] (SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-20] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-20] (Avast Software)
    S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
    R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] () [File not signed]
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-03-13] (Foxit Software Inc.)
    R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-22] (Freemake) [File not signed]
    S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-20] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-20] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-20] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-20] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-20] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-20] (Avast Software s.r.o.)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-20] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-20] ()
    R2 Dokan; C:\Windows\system32\drivers\dokan.sys [106888 2010-07-05] (Windows (R) Win 7 DDK provider)
    S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
    S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-20] (Avast Software)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-08 05:57 - 2015-04-08 05:57 - 00017296 _____ () C:\Users\Jorge\Desktop\FRST.txt
    2015-04-08 05:57 - 2015-04-08 05:57 - 00000417 _____ () C:\Users\Jorge\Desktop\tech.txt
    2015-04-08 05:57 - 2015-04-08 05:57 - 00000000 ____D () C:\FRST
    2015-04-08 05:49 - 2015-04-08 05:50 - 02095616 _____ (Farbar) C:\Users\Jorge\Desktop\FRST64.exe
    2015-04-08 05:48 - 2015-04-08 05:48 - 00509440 _____ (Tech Support Guy System) C:\Users\Jorge\Desktop\SysInfo.exe
    2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-04 16:57 - 2015-04-04 16:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-04-01 16:11 - 2015-04-01 16:11 - 00007168 ____H () C:\Users\Jorge\Downloads\photothumb.db
    2015-03-25 16:39 - 2015-03-25 16:39 - 00000000 ____D () C:\Users\Public\Foxit Software
    2015-03-25 16:39 - 2015-03-25 16:39 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\Foxit Software
    2015-03-25 16:39 - 2015-03-25 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    2015-03-25 16:38 - 2015-03-25 16:38 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
    2015-03-25 15:49 - 2015-03-25 15:59 - 38602952 _____ (Foxit Software Inc. ) C:\Users\Jorge\Downloads\FoxitReader713.0320_prom_enu_Setup.exe
    2015-03-25 15:35 - 2015-03-25 15:35 - 00000000 ____D () C:\ProgramData\PlotSoft
    2015-03-25 15:35 - 2015-03-25 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill_PDF_Tools
    2015-03-25 15:35 - 2015-03-25 15:35 - 00000000 ____D () C:\Program Files (x86)\PlotSoft
    2015-03-25 15:32 - 2015-03-25 15:33 - 06003640 _____ (PlotSoft LLC) C:\Users\Jorge\Downloads\PDFill_PDF_Tools_FREE.exe
    2015-03-24 21:55 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-24 21:55 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-24 21:55 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-24 21:55 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-24 21:55 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-24 21:55 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-24 21:55 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-03-24 21:55 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-20 00:39 - 2015-03-20 00:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-03-20 00:38 - 2015-03-20 00:38 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-03-18 14:32 - 2015-03-18 16:00 - 00000000 ____D () C:\Users\Jorge\Desktop\Sasha - Involver [Special Edition]
    2015-03-16 15:39 - 2015-03-16 15:39 - 00000197 _____ () C:\Windows\system32\2015-03-16-20-39-48.078-AvastVBoxSVC.exe-1060.log
    2015-03-16 15:35 - 2015-03-16 15:35 - 00000197 _____ () C:\Windows\system32\2015-03-16-20-35-42.015-AvastVBoxSVC.exe-2148.log
    2015-03-16 12:17 - 2015-03-16 12:17 - 00000197 _____ () C:\Windows\system32\2015-03-16-17-17-46.040-AvastVBoxSVC.exe-2748.log
    2015-03-16 09:17 - 2015-03-16 09:17 - 00000197 _____ () C:\Windows\system32\2015-03-16-14-17-49.049-AvastVBoxSVC.exe-2884.log
    2015-03-16 08:44 - 2015-03-16 08:44 - 00000197 _____ () C:\Windows\system32\2015-03-16-13-44-24.062-AvastVBoxSVC.exe-2708.log
    2015-03-14 09:25 - 2015-03-14 09:26 - 00000197 _____ () C:\Windows\system32\2015-03-14-14-25-37.031-AvastVBoxSVC.exe-3500.log
    2015-03-13 06:07 - 2015-03-13 06:07 - 00000197 _____ () C:\Windows\system32\2015-03-13-11-07-21.069-AvastVBoxSVC.exe-2648.log
    2015-03-11 17:30 - 2015-03-11 17:30 - 01190897 _____ () C:\Users\Jorge\Desktop\george astromatrix[Converted].xps
    2015-03-11 16:53 - 2015-03-11 16:53 - 00000197 _____ () C:\Windows\system32\2015-03-11-21-53-06.024-AvastVBoxSVC.exe-2892.log
    2015-03-11 04:40 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-11 04:40 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-11 04:40 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-11 04:40 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-11 04:40 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-11 04:40 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-11 04:40 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-11 04:40 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-11 04:40 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-11 04:40 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-11 04:40 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-11 04:40 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-11 04:40 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-11 04:40 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-11 04:40 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-11 04:40 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-11 04:40 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-11 04:40 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-11 04:40 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-11 04:40 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-11 04:40 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-11 04:40 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-11 04:40 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-11 04:40 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-11 04:40 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-11 04:40 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-11 04:40 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-11 04:40 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-11 04:40 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-11 04:40 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-11 04:40 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-11 04:40 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-11 04:40 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-11 04:40 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-11 04:40 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-11 04:40 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-11 04:40 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-11 04:40 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-11 04:40 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-11 04:40 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-11 04:40 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-11 04:40 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-11 04:40 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-11 04:40 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-11 04:40 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-11 04:40 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-11 04:40 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-11 04:40 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-11 04:40 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-11 04:40 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-11 04:40 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-11 04:40 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-11 04:40 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-11 04:40 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-11 04:40 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-11 04:40 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-11 04:17 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-11 04:17 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-11 04:17 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-11 04:17 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-11 04:17 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-11 04:17 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-11 04:17 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-11 04:17 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-11 04:17 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-11 04:17 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-11 04:17 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-11 04:17 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-11 04:17 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-11 04:17 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-11 04:17 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-11 04:17 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-11 04:17 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-11 04:17 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-11 04:17 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-11 04:17 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-11 04:17 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-11 04:17 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-11 04:17 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-11 04:17 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-11 04:17 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-11 04:17 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-11 04:17 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-11 04:17 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-11 04:17 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-11 04:17 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-11 04:17 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-11 04:17 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-11 04:17 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-11 04:17 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-11 04:17 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-11 04:17 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-11 04:17 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-03-11 04:17 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-03-11 04:15 - 2015-01-30 22:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-11 04:15 - 2015-01-30 22:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-03-11 04:15 - 2015-01-30 18:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-11 04:14 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-11 04:14 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-11 04:14 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-11 04:14 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-11 04:14 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-11 04:14 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-11 04:14 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-11 04:14 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-11 04:14 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-11 04:14 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-11 04:14 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-11 04:14 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-11 04:14 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-11 04:14 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-11 04:14 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-11 04:14 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-11 04:14 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-11 04:14 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-11 04:14 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-11 04:14 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-11 04:12 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-11 04:12 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-11 04:12 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-11 04:12 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-11 04:12 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-11 04:07 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-11 04:07 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-10 14:30 - 2015-03-10 14:30 - 00000000 ____D () C:\Users\Jorge\AppData\Local\{500D4E1B-FE90-424B-B5C4-37324FB01CA2}
    2015-03-10 11:33 - 2015-03-10 11:33 - 00002934 _____ () C:\Windows\System32\Tasks\{C9CB9867-44B4-4153-9504-7E992E06B9DA}
    2015-03-10 06:13 - 2015-03-10 06:13 - 00000197 _____ () C:\Windows\system32\2015-03-10-11-13-22.003-AvastVBoxSVC.exe-2032.log
    2015-03-09 06:07 - 2015-03-09 06:07 - 00000197 _____ () C:\Windows\system32\2015-03-09-11-07-46.013-AvastVBoxSVC.exe-2792.log

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-08 05:53 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-08 05:53 - 2009-07-13 23:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-08 05:51 - 2013-06-01 20:45 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\PhotoScape
    2015-04-08 05:48 - 2013-07-25 21:33 - 01925746 ____N () C:\Windows\WindowsUpdate.log
    2015-04-08 05:46 - 2009-07-14 00:13 - 00826136 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-08 05:43 - 2012-07-15 20:36 - 00000000 ____D () C:\Windows\Minidump
    2015-04-08 05:40 - 2014-12-18 08:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-04-08 05:39 - 2014-12-22 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-08 05:39 - 2014-12-18 08:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-08 05:39 - 2014-08-10 13:10 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2015-04-08 05:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-07 23:03 - 2013-11-16 16:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-07 22:28 - 2014-12-18 08:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-07 22:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
    2015-04-04 15:21 - 2013-08-25 14:03 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\PhotoScape
    2015-04-02 02:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Vss
    2015-04-02 01:44 - 2014-10-11 07:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-04-01 16:10 - 2015-02-15 17:40 - 00006144 ____H () C:\Users\Public\Documents\photothumb.db
    2015-04-01 16:07 - 2014-08-07 09:19 - 00000000 ____D () C:\Users\Jorge\Downloads\Stinger
    2015-04-01 08:57 - 2012-07-11 19:00 - 00000000 ____D () C:\Program Files\CCleaner
    2015-03-26 14:44 - 2012-07-17 14:12 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\uTorrent
    2015-03-26 09:16 - 2014-12-25 20:36 - 00000000 ___RD () C:\Users\Jorge\Desktop\D-loads
    2015-03-25 03:16 - 2014-12-11 19:00 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-25 03:16 - 2014-05-06 07:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-20 00:39 - 2014-12-18 08:17 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-03-20 00:39 - 2014-12-18 08:17 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-03-20 00:39 - 2014-12-18 08:17 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-03-20 00:39 - 2014-12-18 08:17 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-03-20 00:39 - 2014-12-18 08:17 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-03-20 00:39 - 2014-12-18 08:17 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-03-20 00:39 - 2014-12-18 08:17 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-03-20 00:38 - 2014-12-18 08:17 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-03-17 14:43 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-03-17 14:19 - 2013-11-16 16:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-03-17 14:19 - 2013-07-28 19:28 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-17 14:19 - 2013-07-28 19:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-17 14:14 - 2014-07-27 02:00 - 00000000 ____D () C:\Users\Jorge\AppData\Local\Adobe
    2015-03-16 16:01 - 2013-11-24 14:52 - 00000000 ____D () C:\Windows\pss
    2015-03-16 11:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-15 17:00 - 2015-02-23 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-03-12 05:48 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-03-11 18:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-11 16:52 - 2012-07-09 18:32 - 00000000 ____D () C:\Users\Jorge
    2015-03-11 16:49 - 2013-07-25 21:31 - 00272888 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-11 16:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-11 16:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-11 16:39 - 2013-07-28 14:16 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-11 16:35 - 2012-07-11 16:54 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-10 14:31 - 2013-07-28 09:55 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\Windows Live Writer

    ==================== Files in the root of some directories =======

    2013-07-21 04:18 - 2013-07-21 04:18 - 0000288 _____ () C:\Users\Jorge\AppData\Roaming\.backup.dm
    2013-08-25 22:23 - 2014-09-24 10:59 - 0024797 _____ () C:\Users\Jorge\AppData\Roaming\UserTile.png
    2013-07-05 09:11 - 2013-07-05 09:11 - 0000037 ___SH () C:\Users\Jorge\AppData\Local\70149b02515b3bb20dd492.47983420
    2014-12-27 19:58 - 2014-12-27 20:05 - 0000600 _____ () C:\Users\Jorge\AppData\Local\PUTTY.RND
    2014-08-11 19:11 - 2014-08-11 19:11 - 0007609 _____ () C:\Users\Jorge\AppData\Local\Resmon.ResmonCfg
    2014-12-27 06:20 - 2014-12-27 06:20 - 14351213 _____ () C:\ProgramData\Old Firefox Data.zip

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-04 03:18

    ==================== End Of Log ============================
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    I would suggest you remove Yahoo as a search provider.
    You can use google.com or startpage.com, or something else.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    µTorrent
    Coupon Printer for Windows
    Dell Support Center
    Softonic Assistant

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.
     

    Attached Files:

  9. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    Hey again askey127... I hope I did everything you asked correctly. Yahoo is no longer my default anything. The programs you asked me to delete are now history. ( Thanks again )
    The log you requested now follows:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Jorge at 2015-04-08 17:40:42 Run:1
    Running from C:\Users\Jorge\Desktop
    Loaded Profiles: Jorge (Available profiles: Kathy & Jorge)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-4294075401-3671837289-1785583548-1003 -> {C0660786-3FDA-4E8A-9D8B-E783B54A7BA8} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
    FF Keyword.URL: https://search.yahoo.com/yhs/search
    FF DefaultSearchEngine: Yahoo! (Avast)
    FF DefaultSearchEngine.US: Yahoo! (Avast)
    FF SearchEngineOrder.1: Yahoo! (Avast)
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
    R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-05-22] (Freemake) [File not signed]
    C:\ProgramData\Freemake
    2015-03-26 14:44 - 2012-07-17 14:12 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\uTorrent
    EmptyTemp:
    Cmd: ipconfig /flushdns

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-4294075401-3671837289-1785583548-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0660786-3FDA-4E8A-9D8B-E783B54A7BA8}" => Key deleted successfully.
    HKCR\CLSID\{C0660786-3FDA-4E8A-9D8B-E783B54A7BA8} => Key not found.
    Firefox DefaultSearchUrl deleted successfully.
    Firefox Keyword.URL deleted successfully.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox DefaultSearchEngine.US deleted successfully.
    Firefox SearchEngineOrder.1 deleted successfully.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => Key deleted successfully.
    Freemake Improver => Service deleted successfully.
    C:\ProgramData\Freemake => Moved successfully.
    C:\Users\Jorge\AppData\Roaming\uTorrent => Moved successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 33.7 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 17:42:15 ====
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    If you don't want Foxit tracking you around, you can disable the service.
    -----------------------------------------------------------
    Stop and Disable A Service
    Go to Start and type Services.msc into the box, and click services in the popup.
    When the window comes up, Scroll down and find this service.

    Foxit Cloud Safe Update Service

    Click once on the service to highlight it.
    Then Right-Click on the service and choose\ Properties

    On the General tab, Next to Service Status, click Stop.
    Click the Arrow-down tab on the right-hand side of the Start-up Type box.
    From the drop-down menu, click on Disabled
    Click Apply , then OK

    -------------------------------------------------------------
    AdwCleaner Download and Run

    Download AdwCleaner and save it to your desktop or somewhere you can find it.
    Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete.
    When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
    You will then be presented with the report. Copy & Paste it into a reply here.

    [​IMG]
    If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
     
  11. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    The download for adwcleaner from your link above (saved to desktop from firefox) opens a dialog window...
    "You are currently running an outdated version of AdwCleaner. Please click (ok) to open download page and get latest version.... blah blah "

    Click Ok and takes me to toolslib.net

    wants me to d/l v4.201

    Seems normal to me but it wasn't mentioned above. Go ahead with this or no ?
     
  12. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Should be OK.
    occasionally the bleeping computer link gets a revision behind.
    Hopefully you won't get a French language one.
     
  13. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    Nope...not French lol Here ya go !

    # AdwCleaner v4.201 - Logfile created 09/04/2015 at 10:57:48
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-08.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Jorge - KATHY-PC
    # Running from : C:\Users\Jorge\Desktop\adwcleaner_4.201.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Jorge\AppData\Local\StormWatch
    Folder Deleted : C:\Users\Jorge\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\Jorge\AppData\LocalLow\ShopAtHome
    Folder Deleted : C:\Users\Jorge\AppData\Roaming\DownloadManager
    Folder Deleted : C:\Users\Kathy\AppData\LocalLow\ShopAtHome
    Folder Deleted : C:\Users\Kathy\AppData\Roaming\ShopAtHome
    Folder Deleted : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    File Deleted : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKCU\Software\Classes\MF
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update BrowseFox
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKCU\Software\Escolade
    Key Deleted : HKCU\Software\Softonic
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:21320
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17689


    -\\ Mozilla Firefox v37.0.1 (x86 en-US)


    -\\ Google Chrome v41.0.2272.118

    [C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN33709570921898520&ctid=CT3298580&UM=2
    [C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={12F32EA1-3313-4E93-A247-689693EF1C7E}&mid=0378f280892247d0b182d15426116129-875817c8177cde03a6ca046744deccef5ec93369&lang=en&ds=ft011&pr=sa&d=2012-05-05 21:05:14&v=11.0.0.9&sap=dsp&q={searchTerms}
    [C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
    [C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_smbox_15_05_ff&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0A0DyDzztA0C0E0BzytN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0ByBzy0AtAyCtCtGyBtCyDyEtG0E0F0CyCtGyBtCzz0BtGtCtCtDyC0CyDyDyByBtAtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyD0D0ByD0BtAtG0C0DzztCtGyE0FyCtCtGzzyCtC0DtGtAtA0C0C0B0D0ByCyEzzyDzy2Q&cr=1500901971&ir=
    [C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
    [C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://vosteran.com/?f=7&a=vst_smbox_15_05_ff&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0A0DyDzztA0C0E0BzytN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0ByBzy0AtAyCtCtGyBtCyDyEtG0E0F0CyCtGyBtCzz0BtGtCtCtDyC0CyDyDyByBtAtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyD0D0ByD0BtAtG0C0DzztCtGyE0FyCtCtGzzyCtC0DtGtAtA0C0C0B0D0ByCyEzzyDzy2Q&cr=1500901971&ir=
    [C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_smbox_15_05_ff&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0Dzy0C0A0DyDzztA0C0E0BzytN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFyBtFtBtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0ByBzy0AtAyCtCtGyBtCyDyEtG0E0F0CyCtGyBtCzz0BtGtCtCtDyC0CyDyDyByBtAtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0CyD0D0ByD0BtAtG0C0DzztCtGyE0FyCtCtGzzyCtC0DtGtAtA0C0C0B0D0ByCyEzzyDzy2Q&cr=1500901971&ir=

    *************************

    AdwCleaner[R2].txt - [5228 bytes] - [09/04/2015 10:55:43]
    AdwCleaner[S2].txt - [4913 bytes] - [09/04/2015 10:57:48]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4972 bytes] ##########
     
  14. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Unless I am mistaken, you should be pretty good.

    ----------------------------------------------
    Download and Run Temp File Cleaner (TFC.exe)
    Download Temp File Cleaner and save it to your desktop.
    You might want to Save any unsaved work. TFC will close ALL open programs... including your browser!
    Right click the TFC icon and choose Run as administrator.
    If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
    When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
    After Restart, log back in to your usual account.
    You can keep TFC on your desktop and run it every week or two to clean out excessive temporary files. It does usually require a restart.

    -------------------------------------------------------------
    Download MyDefrag from here and Install it : http://www.mydefrag.com/
    (The download button is on the left).
    After Installation, run MyDefrag in System Disk Monthly Mode on the C: drive
    (Click System Disk Monthly and then check C: drive, click Run)
    Wait for it. It goes through 6 Zones. The Window will be labeled Finished at the top when it is done.
    Going forward, you can run it in System Disk Daily mode, but once every week or two is sufficient.
    It will finish quite a bit faster in the ensuing runs.
    ---------------------------------------------------------------
    Avoiding Unwanted Adware
    There are a few seriously important tips to avoid unwanted adware.
    Adware purveyors are getting more devious and unethical, so you have to be more diligent.

    • Don't click on the Sidebars of Websites
      The items on the sides of websites may be enticing, but they are all advertising, and one click could download unwanted adware onto your machine.

    • Never agree to download anything, if prompted to do so while Online.
      that goes for, "Your codec/browser/flash... needs to be updated to do this, blah, blah.."
      or "you need to first download the xyz.. program to do what you want".
      It's OK to download updates if prompted by legitimate suppliers, when the machine boots, while not yet online.

    • Don't download anything from sites known for adware bundling.
      For any online downloads, best avoid using CNET, Download.com, BrotherSoft, or Softonic
      They package their own "downloaders" and, without notice, deliver serious adware in addition to the desired free programs.
      Unfortunately, the results may be disastrous for your machine.
      FileHippo, MajorGeeks and Softpedia have been better, so far, as sources for downloading software.
      The website of any program's original author is best of all.
      You can Google any Freeware program by typing <program name> adware to see what comes up.


    • Avoid Using P2P file sharing programs
      This includes µTorrent, Bearshare, BitComet, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
      The Unethical have "planted" thousands upon thousands of infections and Adware items in the shared torrent files.
     
  15. 00J1817900

    00J1817900 Thread Starter

    Joined:
    Oct 27, 2013
    Messages:
    47
    It's amazing to me the amount of junk one can accumulate while browsing the internet. The web is still a great tool, nonetheless. Live and learn, pay attention to what you're doing and if you don't know...
    ask someone who does !

    Thanks again TSG and thank you for your time and effort Askey127 !

    PC is purring like a kitten again :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145869

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice