Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Advanced System Protector


  • This topic is locked This topic is locked
35 replies to this topic

#1 Monie78

Monie78

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 November 2013 - 05:18 AM

Hi!

 

I need your help to remove Advanced System Protector. It keeps sending me posts that I have to clean my computer. I googled it and ended up at your sight. I have installed dds and will copy paste and attach this when you respond. Thank you!



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 22 November 2013 - 05:20 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 November 2013 - 05:27 AM

Hi! Thank you for a quick reply. Did I understand correctly that I have to download Farbars recovery tool and run it. And then I post this in a reply? Or what is this Addiction.txt?



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 22 November 2013 - 06:47 AM

Yes, download the file and run the scan. then attach the logs here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 November 2013 - 07:02 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Monika (administrator) on MONIKA-DATOR on 22-11-2013 12:51:47
Running from C:\Users\Monika\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
() C:\Users\Monika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Smartbar) C:\Users\Monika\AppData\Local\Smartbar\Application\QuickShare.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Monika\AppData\Roaming\Spotify\spotify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BitTorrent Inc.) C:\Users\Monika\AppData\Roaming\uTorrent\uTorrent.exe
(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Alcor) C:\windows\WebCam\S6000\S6000Mnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(iMesh Inc.) C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\NOTEPAD.EXE
(Microsoft Corporation) C:\windows\SysWOW64\NOTEPAD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-11-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [5908928 2011-11-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-11-02] (Lenovo)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Monika\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-18] (Spotify Ltd)
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Monika\AppData\Local\Smartbar\Application\QuickShare.exe [13824 2013-02-18] (Smartbar)
HKCU\...\Run: [Spotify] - C:\Users\Monika\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-18] (Spotify Ltd)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-02] (Google Inc.)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google)
HKCU\...\Run: [uTorrent] - C:\Users\Monika\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-18] (BitTorrent Inc.)
MountPoints2: {1d895eb1-cf3e-11e2-8c5e-60d819ed7d62} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [S6000Mnt] - C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [PLTSR] - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-10] (Egis Technology Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
AppInit_DLLs: C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll [23616 2013-09-24] ()
AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll c:\progra~3\wincert\win32c~1.dll [7168 2013-09-22] ()
IMEO\bitguard.exe: [Debugger] tasklist.exe
IMEO\bprotect.exe: [Debugger] tasklist.exe
IMEO\browserdefender.exe: [Debugger] tasklist.exe
IMEO\browserprotect.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli EgisPLPwdFilter
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [486464 2013-09-24] () <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [659008 2013-09-24] () <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKCU - {4AA0F93E-5909-4BBF-A6D3-62E8B4AAC5F8} URL = http://www.mysearchresults.com/search?c=4004&t=01&q={searchTerms}
SearchScopes: HKCU - {99E149D5-D2AA-452A-B3A3-84E7DA48FE34} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: BetterSurf - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Monika\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
Tcpip\Parameters: [DhcpNameServer] 193.150.193.150 83.255.245.11
 
Chrome: 
=======
CHR HomePage: hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1157&v=a9396-124&t=4
CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1157&v=a9396-124&t=4"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (ChromeUtilPlugin) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaamgbjecmjdcfljeokhfdabfcfhjoj\7.32481_0\background/ChromeUtilPlugin.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (QuickShare Widget) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
CHR Extension: (Google Drive) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (BetterSurf) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0
CHR Extension: (uTorrentControl_v2) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.100.504_0
CHR Extension: (DefaultTab) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0
CHR Extension: (Google Wallet) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Monika\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM-x32\...\Chrome\Extension: [ijbjbpmhcemdbplaiccloimaedacmjdo] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3420224 2013-09-24] (iMesh Inc.)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
R2 DefaultTabUpdate; C:\Users\Monika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-03-09] ()
R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
U3 BcmSqlStartupSvc; 
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 iATAgentService; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerService; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SeaPort; 
U2 SoftwareService; 
U3 SQLWriter; 
U2 Stereo Service; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-22 12:51 - 2013-11-22 12:52 - 00020691 _____ C:\Users\Monika\Downloads\FRST.txt
2013-11-22 12:51 - 2013-11-22 12:51 - 00000000 ____D C:\FRST
2013-11-22 12:49 - 2013-11-22 12:50 - 01957964 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2013-11-22 10:36 - 2013-11-22 10:42 - 00018304 _____ C:\Users\Monika\Desktop\dds.txt
2013-11-22 10:36 - 2013-11-22 10:41 - 00009114 _____ C:\Users\Monika\Desktop\attach.txt
2013-11-22 10:33 - 2013-11-22 10:34 - 00688992 _____ (Swearware) C:\Users\Monika\Downloads\dds (1).com
2013-11-22 10:32 - 2013-11-22 10:33 - 00688992 ____R (Swearware) C:\Users\Monika\Downloads\dds.com
2013-11-15 10:04 - 2013-11-15 10:04 - 00033631 _____ C:\Users\Monika\Downloads\IMG_4324.jpeg
2013-11-15 10:03 - 2013-11-15 10:03 - 00030500 _____ C:\Users\Monika\Downloads\IMG_4142.jpeg
2013-11-14 14:34 - 2013-11-14 14:34 - 00000000 ____D C:\Program Files (x86)\BetterSurf
2013-11-14 14:34 - 2013-11-14 14:34 - 00000000 _____ C:\extensions.sqlite
2013-11-05 21:40 - 2013-11-05 21:41 - 00144384 _____ C:\Users\Monika\Downloads\Ref_enligt_APA_systemet_Landen_vt07[1].ppt
2013-11-01 20:04 - 2013-11-01 20:38 - 00000000 ____D C:\Users\Monika\Downloads\Hotel.Transylvania.2012.SWESUB.720p.BluRay.x264-Mr.Stiffy
2013-11-01 20:04 - 2013-11-01 20:04 - 00134790 _____ C:\Users\Monika\Downloads\Hotel.Transylvania.2012.SWESUB.720p.BluRay.x264-Mr.Stiffy.8121047.TPB.torrent
2013-10-28 17:53 - 2013-10-28 18:06 - 00000000 ____D C:\Users\Monika\Downloads\BRAVE.2012.DVDrip.Swedish.XviD.AC3-Mr_KeFF
2013-10-28 17:52 - 2013-10-28 17:52 - 00017037 _____ C:\Users\Monika\Downloads\BRAVE.2012.DVDrip.Swedish.XviD.AC3-Mr_KeFF.TPB.torrent
2013-10-27 15:02 - 2013-10-27 15:16 - 878697472 ____R C:\Users\Monika\Downloads\LAPUTA.slottet.i.himlen.Mani26.avi
 
==================== One Month Modified Files and Folders =======
 
2013-11-22 12:52 - 2013-11-22 12:51 - 00020691 _____ C:\Users\Monika\Downloads\FRST.txt
2013-11-22 12:52 - 2013-10-03 08:19 - 00000000 ____D C:\ProgramData\Datamngr
2013-11-22 12:52 - 2013-01-12 16:56 - 00000000 ____D C:\Users\Monika\AppData\Roaming\uTorrent
2013-11-22 12:51 - 2013-11-22 12:51 - 00000000 ____D C:\FRST
2013-11-22 12:50 - 2013-11-22 12:49 - 01957964 _____ (Farbar) C:\Users\Monika\Downloads\FRST64.exe
2013-11-22 12:44 - 2011-11-02 02:42 - 01304790 _____ C:\windows\WindowsUpdate.log
2013-11-22 12:31 - 2011-11-02 03:44 - 00001008 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-22 12:30 - 2013-04-04 10:42 - 00000868 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-22 11:31 - 2011-11-02 03:44 - 00001004 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-22 10:42 - 2013-11-22 10:36 - 00018304 _____ C:\Users\Monika\Desktop\dds.txt
2013-11-22 10:41 - 2013-11-22 10:36 - 00009114 _____ C:\Users\Monika\Desktop\attach.txt
2013-11-22 10:34 - 2013-11-22 10:33 - 00688992 _____ (Swearware) C:\Users\Monika\Downloads\dds (1).com
2013-11-22 10:33 - 2013-11-22 10:32 - 00688992 ____R (Swearware) C:\Users\Monika\Downloads\dds.com
2013-11-22 10:21 - 2012-11-18 12:09 - 00000000 ____D C:\Users\Monika\AppData\Roaming\Spotify
2013-11-22 10:13 - 2009-07-14 05:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 10:13 - 2009-07-14 05:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 10:10 - 2011-10-28 17:49 - 00625772 _____ C:\windows\system32\perfh01D.dat
2013-11-22 10:10 - 2011-10-28 17:49 - 00123894 _____ C:\windows\system32\perfc01D.dat
2013-11-22 10:10 - 2009-07-14 06:13 - 01466438 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-22 10:08 - 2013-03-09 08:12 - 00000360 _____ C:\windows\Tasks\AmiUpdXp.job
2013-11-22 10:07 - 2013-06-04 10:33 - 00000000 ___RD C:\Users\Monika\Google Drive
2013-11-22 10:07 - 2011-11-02 03:49 - 00136463 _____ C:\windows\system32\fastboot.set
2013-11-22 10:05 - 2013-05-23 10:02 - 00015831 _____ C:\windows\setupact.log
2013-11-22 10:05 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-20 16:41 - 2013-04-05 08:46 - 00000000 ____D C:\Users\Monika\Documents\Arbete
2013-11-20 15:26 - 2012-11-18 12:11 - 00000000 ____D C:\Users\Monika\AppData\Local\Spotify
2013-11-20 15:23 - 2013-06-07 10:25 - 00000000 ____D C:\Users\Public\Documents\Välkommen
2013-11-19 11:21 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-15 11:58 - 2013-01-12 22:41 - 00000000 ____D C:\Users\Monika\AppData\Roaming\vlc
2013-11-15 11:33 - 2013-05-04 12:38 - 00535552 ___SH C:\Users\Monika\Downloads\Thumbs.db
2013-11-15 10:04 - 2013-11-15 10:04 - 00033631 _____ C:\Users\Monika\Downloads\IMG_4324.jpeg
2013-11-15 10:03 - 2013-11-15 10:03 - 00030500 _____ C:\Users\Monika\Downloads\IMG_4142.jpeg
2013-11-14 14:34 - 2013-11-14 14:34 - 00000000 ____D C:\Program Files (x86)\BetterSurf
2013-11-14 14:34 - 2013-11-14 14:34 - 00000000 _____ C:\extensions.sqlite
2013-11-14 14:14 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-07 17:40 - 2013-01-06 20:28 - 00000000 ____D C:\Users\Monika\Documents\Stjärnresan
2013-11-05 21:41 - 2013-11-05 21:40 - 00144384 _____ C:\Users\Monika\Downloads\Ref_enligt_APA_systemet_Landen_vt07[1].ppt
2013-11-02 11:09 - 2013-03-09 08:12 - 00000254 __RSH C:\Users\Monika\ntuser.pol
2013-11-02 11:09 - 2012-11-14 11:39 - 00000000 ____D C:\Users\Monika
2013-11-01 20:38 - 2013-11-01 20:04 - 00000000 ____D C:\Users\Monika\Downloads\Hotel.Transylvania.2012.SWESUB.720p.BluRay.x264-Mr.Stiffy
2013-11-01 20:04 - 2013-11-01 20:04 - 00134790 _____ C:\Users\Monika\Downloads\Hotel.Transylvania.2012.SWESUB.720p.BluRay.x264-Mr.Stiffy.8121047.TPB.torrent
2013-10-29 10:11 - 2013-03-09 08:12 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-10-28 18:06 - 2013-10-28 17:53 - 00000000 ____D C:\Users\Monika\Downloads\BRAVE.2012.DVDrip.Swedish.XviD.AC3-Mr_KeFF
2013-10-28 17:52 - 2013-10-28 17:52 - 00017037 _____ C:\Users\Monika\Downloads\BRAVE.2012.DVDrip.Swedish.XviD.AC3-Mr_KeFF.TPB.torrent
2013-10-27 15:16 - 2013-10-27 15:02 - 878697472 ____R C:\Users\Monika\Downloads\LAPUTA.slottet.i.himlen.Mani26.avi
 
Files to move or delete:
====================
C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll
 
 
Some content of TEMP:
====================
C:\Users\Monika\AppData\Local\Temp\BetterSurf.exe
C:\Users\Monika\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Monika\AppData\Local\Temp\Delta.exe
C:\Users\Monika\AppData\Local\Temp\DeltaTB.exe
C:\Users\Monika\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Monika\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Monika\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Monika\AppData\Local\Temp\propsys.dll
C:\Users\Monika\AppData\Local\Temp\uedtug4s.dll
C:\Users\Monika\AppData\Local\Temp\uninstall1868876.exe
C:\Users\Monika\AppData\Local\Temp\uninstall1904132.exe
C:\Users\Monika\AppData\Local\Temp\uninstall1915941.exe
C:\Users\Monika\AppData\Local\Temp\Updater.exe
C:\Users\Monika\AppData\Local\Temp\utt7040.tmp.exe
C:\Users\Monika\AppData\Local\Temp\WSSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-20 09:56
 
==================== End Of Log ============================


#6 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 November 2013 - 07:04 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Monika at 2013-11-22 12:55:58
Running from C:\Users\Monika\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30303)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Apple-programstöd (x32 Version: 2.3.6)
Atheros Client Installation Program (x32 Version: 7.0)
BankID säkerhetsprogram (x32 Version: 4.19.3)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.24)
CyberLink YouCam (x32 Version: 3.1.3623)
D3DX10 (x32 Version: 15.4.2368.0902)
DefaultTab (x32 Version: 2.2.3.0)
Energy Management (x32 Version: 6.0.2.1)
Google Chrome (x32 Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
iLivid (x32 Version: 4.0.0.2466)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Intel® Rapid Storage Technology (x32 Version: 10.1.5.1001)
iTunes (Version: 11.1.1.11)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
K-Lite Codec Pack 7.0.0 (Standard) (x32 Version: 7.0.0)
Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.8000)
Lenovo EasyCamera (x32 Version: 2.16.23.3)
Lenovo EE Boot Optimizer (Version: 0.0.1.6)
Lenovo OneKey Recovery (Version: 7.0.1628)
Lenovo OneKey Recovery (x32 Version: 7.0.1628)
Lenovo Security Suite (x32 Version: 2.0.11.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile Language Pack - SVE (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile SVE Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Port Locker (Version: 1.0.5.24)
Port Locker (x32 Version: 1.0.5.24)
Power2Go (x32 Version: 5.6.0.7303)
QuickShare (x32 Version: 1.6.1.872)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6282)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10008)
Search-Results Toolbar (x32 Version: 1.0.0.12)
Software Version Updater (x32 Version: 1.1.3.6)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
Synaptics Pointing Device Driver (Version: 15.2.7.0)
Torch (HKCU Version: 2.0.0.1705)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
uTorrentControl_v2 Toolbar (x32 Version: 6.9.0.16)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
VLC media player 2.0.6 (x32 Version: 2.0.6)
 
==================== Restore Points  =========================
 
18-10-2013 21:12:03 Windows Update
21-10-2013 10:25:02 Installed Java 7 Update 45
22-10-2013 08:56:26 Windows Update
27-10-2013 14:17:04 Windows Update
01-11-2013 10:10:39 Windows Update
04-11-2013 13:08:15 Windows Update
07-11-2013 22:44:38 Windows Update
12-11-2013 15:01:38 Windows Update
18-11-2013 10:08:44 Windows Update
22-11-2013 09:18:36 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {057E2587-B9C4-4C55-8C73-B9124F3E71F4} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {21ECF46D-629B-4E33-9AE1-6B644A354A99} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
Task: {2B77B214-4DC2-4009-97D8-B987FBFC434E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)
Task: {470ACEE7-CA3A-4593-8381-DD2DCDAF8FFA} - System32\Tasks\AmiUpdXp => C:\Users\Monika\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.)
Task: {4D1899B3-DBE0-41FD-9C3D-D6105CD723ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {A995E7B9-5B8A-4F6A-A738-CE0F7A7FAA16} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {C7A27DDA-F423-48F1-9B6F-1AF16146E7F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)
Task: {FB32BEA7-5C6D-4B93-8362-D8537C587D7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\Monika\AppData\Local\SwvUpdater\Updater.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-03 08:19 - 2013-09-24 18:05 - 00659008 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll
2011-02-15 13:26 - 2011-02-15 13:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2008-12-20 04:20 - 2011-11-02 03:46 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2011-11-02 03:46 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-04-15 06:28 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-03 08:20 - 2013-09-24 18:05 - 00019520 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\mgrldr.dll
2013-10-03 08:19 - 2013-09-24 18:05 - 00486464 _____ () C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll
2013-02-18 14:27 - 2013-02-18 14:27 - 00023040 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-02-18 14:27 - 2013-02-18 14:27 - 00037888 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00012288 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00062976 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-02-18 14:27 - 2013-02-18 14:27 - 01594880 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00071168 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00006144 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00650752 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00074752 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00007168 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00009728 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00013312 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00013312 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00051200 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00007168 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
2013-03-09 08:13 - 2013-03-09 08:13 - 00911432 _____ () C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-02-18 14:27 - 2013-02-18 14:27 - 00007680 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00044032 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00040960 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-02-18 14:25 - 2013-02-18 14:25 - 00018944 _____ () C:\Users\Monika\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2012-11-18 12:10 - 2013-11-18 12:20 - 36967424 _____ () C:\Users\Monika\AppData\Roaming\Spotify\Data\libcef.dll
2013-11-22 10:07 - 2013-11-22 10:07 - 00098816 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32api.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00110080 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\pywintypes27.dll
2013-11-22 10:07 - 2013-11-22 10:07 - 00364544 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\pythoncom27.dll
2013-11-22 10:07 - 2013-11-22 10:07 - 00044032 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\_socket.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 01153024 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\_ssl.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00320512 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32com.shell.shell.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00711680 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\_hashlib.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 01175040 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\wx._core_.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00805888 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\wx._gdi_.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00811008 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\wx._windows_.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 01062400 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\wx._controls_.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00735232 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\wx._misc_.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00128512 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\_elementtree.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00127488 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\pyexpat.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00557056 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\pysqlite2._sqlite.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00087040 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\_ctypes.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00119808 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32file.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00108544 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32security.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00018432 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32event.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00038912 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32inet.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00122368 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\wx._wizard.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00686080 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\unicodedata.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00026624 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\_multiprocessing.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00070656 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\wx._html2.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00010240 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\select.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00025600 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32pdh.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00504832 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\windows._cacheinvalidation.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00011264 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32crypt.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00035840 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32process.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00017408 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32profile.pyd
2013-11-22 10:07 - 2013-11-22 10:07 - 00022528 _____ () C:\Users\Monika\AppData\Local\Temp\_MEI36802\win32ts.pyd
2013-11-18 11:00 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-18 11:00 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-18 11:00 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-18 11:00 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-18 11:00 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-18 11:00 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/22/2013 10:07:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/22/2013 10:05:48 AM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: DefaultTabSearch.exe, version 0.0.0.0, tidsstämpel 0x5252e730
, felet uppstod i modulen med namn: DefaultTabSearch.exe, version 0.0.0.0, tidsstämpel 0x5252e730
Undantagskod: 0xc0000005
Felförskjutning: 0x00002c60
Process-ID: 0x7e8
Programmets starttid: 0xDefaultTabSearch.exe0
Sökväg till program: DefaultTabSearch.exe1
Sökväg till modul: DefaultTabSearch.exe2
Rapport-ID: DefaultTabSearch.exe3
 
Error: (11/20/2013 09:28:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2013 00:19:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2013 00:17:28 PM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: DefaultTabSearch.exe, version 0.0.0.0, tidsstämpel 0x5252e730
, felet uppstod i modulen med namn: DefaultTabSearch.exe, version 0.0.0.0, tidsstämpel 0x5252e730
Undantagskod: 0xc0000005
Felförskjutning: 0x00002c60
Process-ID: 0x7c8
Programmets starttid: 0xDefaultTabSearch.exe0
Sökväg till program: DefaultTabSearch.exe1
Sökväg till modul: DefaultTabSearch.exe2
Rapport-ID: DefaultTabSearch.exe3
 
Error: (11/18/2013 10:48:31 AM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: googledrivesync.exe, version 1.12.5329.1887, tidsstämpel 0x509418e4
, felet uppstod i modulen med namn: ntdll.dll, version 6.1.7601.17725, tidsstämpel 0x4ec49b8f
Undantagskod: 0xc0000005
Felförskjutning: 0x0002e41b
Process-ID: 0x113c
Programmets starttid: 0xgoogledrivesync.exe0
Sökväg till program: googledrivesync.exe1
Sökväg till modul: googledrivesync.exe2
Rapport-ID: googledrivesync.exe3
 
Error: (11/15/2013 06:54:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13588
 
Error: (11/15/2013 06:54:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13588
 
Error: (11/15/2013 06:54:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/15/2013 06:54:31 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12496
 
 
System errors:
=============
Error: (11/22/2013 10:05:51 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten DefaultTabSearch avslutades oväntat. Detta har skett 1 gånger.
 
Error: (11/18/2013 00:17:30 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten DefaultTabSearch avslutades oväntat. Detta har skett 1 gånger.
 
Error: (11/18/2013 00:16:37 PM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (11/14/2013 02:08:17 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten DefaultTabSearch avslutades oväntat. Detta har skett 1 gånger.
 
Error: (11/13/2013 00:19:43 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten DefaultTabSearch avslutades oväntat. Detta har skett 1 gånger.
 
Error: (11/11/2013 08:56:23 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten DefaultTabSearch avslutades oväntat. Detta har skett 1 gånger.
 
Error: (11/10/2013 09:48:39 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten DefaultTabSearch avslutades oväntat. Detta har skett 1 gånger.
 
Error: (11/10/2013 01:47:23 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
 
Error: (11/10/2013 11:44:56 AM) (Source: Service Control Manager) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på transaktionssvar från tjänsten ShellHWDetection.
 
Error: (11/08/2013 08:35:43 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten DefaultTabSearch avslutades oväntat. Detta har skett 1 gånger.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 66%
Total physical RAM: 4010.14 MB
Available physical RAM: 1339.53 MB
Total Pagefile: 8018.46 MB
Available Pagefile: 5474.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:254.14 GB) (Free:120.15 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 838EB328)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 22 November 2013 - 07:18 AM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Monika\AppData\Local\Smartbar\Application\QuickShare.exe [13824 2013-02-18] (Smartbar)
    AppInit_DLLs: C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll [23616 2013-09-24] ()
    AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll c:\progra~3\wincert\win32c~1.dll [7168 2013-09-22] ()
    IMEO\bitguard.exe: [Debugger] tasklist.exe
    IMEO\bprotect.exe: [Debugger] tasklist.exe
    IMEO\browserdefender.exe: [Debugger] tasklist.exe
    IMEO\browserprotect.exe: [Debugger] tasklist.exe
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [486464 2013-09-24] () <===== ATTENTION
    HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [659008 2013-09-24] () <===== ATTENTION
    URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5431752111314632&q={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = ${SEARCH_URL}{searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5431752111314632&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKCU - {1D4FEAAB-00B7-4DF6-81AE-3544AA0C7546} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYSE&apn_uid=87062427-ACC2-46CA-BF15-B1E855EFC4BF&apn_sauid=D51700BA-8251-4AE4-9982-B424D809A98A
    SearchScopes: HKCU - {4AA0F93E-5909-4BBF-A6D3-62E8B4AAC5F8} URL = http://www.mysearchresults.com/search?c=4004&t=01&q={searchTerms}
    SearchScopes: HKCU - {99E149D5-D2AA-452A-B3A3-84E7DA48FE34} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5431752111314632&q={searchTerms}
    BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: BetterSurf - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll ()
    BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Monika\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    BHO-x32: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
    CHR HomePage: hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1157&v=a9396-124&t=4
    CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1157&v=a9396-124&t=4"
    CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
    CHR Plugin: (Conduit Radio Plugin) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll No File
    CHR Extension: (QuickShare Widget) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
    CHR Extension: (BetterSurf) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0
    CHR Extension: (uTorrentControl_v2) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.100.504_0
    CHR Extension: (DefaultTab) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0
    CHR Extension: (Google Wallet) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx
    CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Monika\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
    CHR HKLM-x32\...\Chrome\Extension: [ijbjbpmhcemdbplaiccloimaedacmjdo] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx
    CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Task: {21ECF46D-629B-4E33-9AE1-6B644A354A99} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
    Task: {470ACEE7-CA3A-4593-8381-DD2DCDAF8FFA} - System32\Tasks\AmiUpdXp => C:\Users\Monika\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.)
    
    R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3420224 2013-09-24] (iMesh Inc.)
    S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
    R2 DefaultTabUpdate; C:\Users\Monika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-03-09] ()
    
    C:\windows\Tasks\AmiUpdXp.job
    C:\Users\Monika\AppData\Local\SwvUpdater
    C:\Users\Monika\AppData\Local\Smartbar
    C:\Program Files (x86)\Music Toolbar
    C:\Program Files (x86)\uTorrentControl_v2
    C:\Program Files (x86)\BetterSurf
    C:\Users\Monika\AppData\Roaming\DefaultTab
    C:\Program Files (x86)\Search Results Toolbar
    C:\Users\Monika\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
    C:\Program Files (x86)\DefaultTab
    C:\Program Files (x86)\ExpressFiles
    C:\Users\Monika\AppData\Local\SwvUpdater
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 November 2013 - 08:34 AM

Hi!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by Monika at 2013-11-22 14:25:49 Run:1
Running from C:\Users\Monika\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
 
*****************
 
 
==== End of Fixlog ====


#9 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 November 2013 - 08:35 AM

Should I install the Malwarebytes Antimalware?



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 22 November 2013 - 09:18 AM

that didn´t work.

 

download the attached file, then run FRST and hit scan.

Post up the log.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 November 2013 - 02:52 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by Monika at 2013-11-22 20:52:17 Run:2
Running from C:\Users\Monika\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
 
*****************
 
 
==== End of Fixlog ====


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 25 November 2013 - 02:57 AM

Fix with FRST (Recovery Environment)


To run FRST on Vista and Windows7:

 

Also, copy the fixlist.txt to your flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press fix button.

It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 25 November 2013 - 05:41 PM

I made it to the step where I have opened the flashdrive. But Then I can
not close the notepad. And on the flashdrive I see only the fixlist.txt. Do
I have to change the format from txt to all files? And do I have to resave the frst.64.exe again?

Thanks

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 26 November 2013 - 09:25 AM

No, you just have to open notepad to see the drive letter of your flash drive.

FRST must be run from the command prompt as explained

Delete the existing fixlist.txt from your flash drive, then go through these steps carefully to create anew one and fix the issues:

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Monika\AppData\Local\Smartbar\Application\QuickShare.exe [13824 2013-02-18] (Smartbar)
    AppInit_DLLs: C:\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll [23616 2013-09-24] ()
    AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll c:\progra~3\wincert\win32c~1.dll [7168 2013-09-22] ()
    IMEO\bitguard.exe: [Debugger] tasklist.exe
    IMEO\bprotect.exe: [Debugger] tasklist.exe
    IMEO\browserdefender.exe: [Debugger] tasklist.exe
    IMEO\browserprotect.exe: [Debugger] tasklist.exe
    HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Music Toolbar\Datamngr\apcrtldr.dll [486464 2013-09-24] () <===== ATTENTION
    HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll [659008 2013-09-24] () <===== ATTENTION
    URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5431752111314632&q={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = ${SEARCH_URL}{searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5431752111314632&q={searchTerms}
    SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKCU - {1D4FEAAB-00B7-4DF6-81AE-3544AA0C7546} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYSE&apn_uid=87062427-ACC2-46CA-BF15-B1E855EFC4BF&apn_sauid=D51700BA-8251-4AE4-9982-B424D809A98A
    SearchScopes: HKCU - {4AA0F93E-5909-4BBF-A6D3-62E8B4AAC5F8} URL = http://www.mysearchresults.com/search?c=4004&t=01&q={searchTerms}
    SearchScopes: HKCU - {99E149D5-D2AA-452A-B3A3-84E7DA48FE34} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1157&systemid=1&v=a9396-124&apn_uid=4140041080504331&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5431752111314632&q={searchTerms}
    BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: BetterSurf - {6E3C6B04-08FE-43BC-8E50-F90285024DEA} - C:\Program Files (x86)\BetterSurf\ie\BetterSurf.dll ()
    BHO-x32: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Monika\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    BHO-x32: Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
    Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
    Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} -  No File
    CHR HomePage: hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1157&v=a9396-124&t=4
    CHR RestoreOnStartup: "hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1157&v=a9396-124&t=4"
    CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll No File
    CHR Plugin: (Conduit Radio Plugin) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll No File
    CHR Extension: (QuickShare Widget) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
    CHR Extension: (BetterSurf) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0
    CHR Extension: (uTorrentControl_v2) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.100.504_0
    CHR Extension: (DefaultTab) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0
    CHR Extension: (Google Wallet) - C:\Users\Monika\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx
    CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Monika\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
    CHR HKLM-x32\...\Chrome\Extension: [ijbjbpmhcemdbplaiccloimaedacmjdo] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx
    CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Task: {21ECF46D-629B-4E33-9AE1-6B644A354A99} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
    Task: {470ACEE7-CA3A-4593-8381-DD2DCDAF8FFA} - System32\Tasks\AmiUpdXp => C:\Users\Monika\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.)
    
    R2 DatamngrCoordinator; C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe [3420224 2013-09-24] (iMesh Inc.)
    S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
    R2 DefaultTabUpdate; C:\Users\Monika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-03-09] ()
    
    C:\windows\Tasks\AmiUpdXp.job
    C:\Users\Monika\AppData\Local\SwvUpdater
    C:\Users\Monika\AppData\Local\Smartbar
    C:\Program Files (x86)\Music Toolbar
    C:\Program Files (x86)\uTorrentControl_v2
    C:\Program Files (x86)\BetterSurf
    C:\Users\Monika\AppData\Roaming\DefaultTab
    C:\Program Files (x86)\Search Results Toolbar
    C:\Users\Monika\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
    C:\Program Files (x86)\DefaultTab
    C:\Program Files (x86)\ExpressFiles
    C:\Users\Monika\AppData\Local\SwvUpdater

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Monie78

Monie78
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 26 November 2013 - 03:20 PM

Hi! I think I got it this time!

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users