Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\Windows\Temp\SVCHost.exe


  • This topic is locked This topic is locked
20 replies to this topic

#1 Paranoid_Android

Paranoid_Android

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 14 March 2014 - 04:05 PM

Well as of recently AVG has been reporting about an svchost.exe threat, and whenever it says that the threat has been removed it comes back when I boot up my computer. I have done a bit of research on my own but I don't feel safe trying out these method of removal without a bit of guidance in the process, so I would really appreciate your help.

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 15 March 2014 - 01:39 PM

Hello Paranoid_Android,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 15 March 2014 - 08:12 PM

Thanks for the help. Here are the logs:

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by User (administrator) on USER-PC on 15-03-2014 21:06:43
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(TOSHIBA) C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [X]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [561152 2011-04-20] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2212456 2011-05-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544104 2011-04-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1042344 2011-04-28] (TOSHIBA Corporation.)
HKLM\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2011-03-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2011-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2011-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2011-03-31] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2075288 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TOSDCR] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2539544 2014-03-03] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-24] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe] - C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent.vbe [15550 2013-01-20] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1635752 2013-05-03] (Valve Corporation)
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\Run: [Google Update] - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-03] (Google Inc.)
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\Run: [NextLive] - C:\windows\SysWOW64\rundll32.exe "C:\Users\User\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\Run: [BitTorrent] - C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [900696 2014-01-26] (BitTorrent Inc.)
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\MountPoints2: {7d432f7e-5b81-11e2-b3b5-e8e0b7a2c959} - F:\AutoRun.exe
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\MountPoints2: {7d432f8d-5b81-11e2-b3b5-e8e0b7a2c959} - G:\AutoRun.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E9048BFC-076F-4795-ABB9-C4FE0B77D6FB}&mid=618f19c9e1c347d0a0cd39a9f14620aa-eef4ee58affb842842add1aa22142fa6c4ea74f2&lang=en&ds=st011&pr=sa&d=2012-06-06 18:20:21&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {49C41AC7-CB61-4E0D-8A11-2723D0B18E8F} URL = http://isearch.avg.com/search?cid={E9048BFC-076F-4795-ABB9-C4FE0B77D6FB}&mid=618f19c9e1c347d0a0cd39a9f14620aa-eef4ee58affb842842add1aa22142fa6c4ea74f2&lang=en&ds=st011&pr=sa&d=2012-06-06 18:20:21&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E9048BFC-076F-4795-ABB9-C4FE0B77D6FB}&mid=618f19c9e1c347d0a0cd39a9f14620aa-eef4ee58affb842842add1aa22142fa6c4ea74f2&lang=en&ds=st011&pr=sa&d=2012-06-06 18:20:21&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Freecorder extension x64 - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\windows\SysWOW64\d3dx9_366.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Freecorder extension - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 200.83.1.4 190.160.0.14 200.74.121.11
 
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\oj87rc8x.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: sony.com/MediaGoDetector - C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: OneClickDownloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-07-12]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.0.248 [2014-03-03]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-12]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-12]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-12]
CHR Extension: (OneClickDownload) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\User\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files (x86)\Freecorder extension\Freecorder.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx [2012-07-11]
CHR StartMenuInternet: Google Chrome - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-03-11] ()
R2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [1759768 2014-03-03] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [6656 2011-03-09] (Windows ® Win 7 DDK provider)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nuvotonhidcir; C:\Windows\System32\DRIVERS\nuvotonhidcir.sys [32256 2011-03-09] (Nuvoton Technology Corporation)
R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 SuperDUSB; C:\Windows\System32\Drivers\SuperDUSB.sys [46856 2011-05-02] (SuperD Co. Ltd.)
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 X6va008; \??\C:\windows\SysWOW64\Drivers\X6va008 [X]
S2 {09BB444F-B2E2-4009-BAF2-7B727681223E}; \??\C:\Program Files (x86)\VMLaunch\BuddyVM.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-15 21:06 - 2014-03-15 21:07 - 00029809 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-15 21:06 - 2014-03-15 21:06 - 00000000 ____D () C:\FRST
2014-03-15 21:02 - 2014-03-15 21:03 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-14 15:53 - 2014-03-14 15:56 - 00000000 ____D () C:\AdwCleaner
2014-03-14 15:53 - 2014-03-14 15:53 - 01950720 _____ () C:\Users\User\Downloads\adwcleaner.exe
2014-03-13 22:16 - 2014-03-13 22:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\ParetoLogic
2014-03-13 22:16 - 2014-03-13 22:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\DriverCure
2014-03-13 22:15 - 2014-03-13 22:27 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-13 19:02 - 2014-03-13 19:02 - 00000000 ____D () C:\Users\User\Desktop\Autoruns
2014-03-13 18:55 - 2014-03-13 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-03-13 18:54 - 2014-03-13 18:54 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-13 18:54 - 2014-03-13 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 18:54 - 2014-03-13 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-13 18:54 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-12 14:54 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 14:54 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 14:54 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-12 14:54 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 14:54 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 14:54 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-12 14:54 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 14:54 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 14:54 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 14:54 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-12 14:54 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-12 14:54 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-12 14:54 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 14:54 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-12 14:54 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 14:54 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 14:54 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 14:54 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 14:54 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 14:54 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-12 14:54 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 14:54 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 14:54 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 14:54 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 14:54 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 14:54 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-12 14:54 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-12 14:54 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-12 14:54 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 14:54 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 14:54 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 14:54 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 14:54 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 14:54 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-12 14:54 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 14:54 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 14:54 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 14:54 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 14:54 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-12 14:54 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-12 14:54 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 14:54 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 14:54 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 14:54 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-12 14:53 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 14:53 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 14:53 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-12 14:53 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 01:05 - 2014-03-12 01:06 - 00002965 _____ () C:\Users\User\Desktop\Fallout New Vegas.lnk
2014-03-11 18:06 - 2014-03-11 18:06 - 05777288 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 17:12 - 2014-03-11 17:13 - 00000000 ____D () C:\Users\User\Downloads\Minecraft 1.6.4 by TeamExtremeMc.com
2014-03-11 17:10 - 2014-03-11 17:10 - 01187104 _____ () C:\Users\User\Downloads\Dragon Block C Mod Installer 1.6.4.exe
2014-03-11 17:08 - 2014-03-11 17:08 - 00000000 ____D () C:\Users\User\Downloads\FRACTbeta_PC_Richard_E_Flanagan
2014-03-08 15:53 - 2014-03-08 15:53 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-08 15:53 - 2014-02-15 13:58 - 00000426 _____ () C:\AVScanner.ini
2014-03-08 00:32 - 2014-03-08 00:33 - 05401798 _____ () C:\Users\User\Downloads\Skyrim Audio Converter 1_0_2-8303-1-0-2.7z
2014-03-03 02:11 - 2014-03-03 02:11 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-02-28 10:15 - 2014-03-11 01:19 - 00000000 ____D () C:\Users\User\Downloads\American Hustle (2013) 720p BluRay + Subtitles [GlowGaze.Com]
2014-02-26 12:50 - 2014-02-26 13:50 - 00000000 ____D () C:\Users\User\Downloads\The Book Thief (2013) 720p WEBRip [GlowGaze.Com]
2014-02-20 22:17 - 2014-02-20 22:35 - 00000000 ____D () C:\Users\User\Downloads\Harvester
2014-02-15 13:58 - 2014-03-08 15:53 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-15 00:53 - 2014-02-15 00:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 20:10 - 2014-02-15 18:32 - 00000000 ____D () C:\Users\User\Downloads\Starbound Update
2014-02-14 17:10 - 2014-02-14 17:20 - 00000000 ____D () C:\Program Files (x86)\Cube World
2014-02-14 17:10 - 2014-02-14 17:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cube World - July 23, 2013
2014-02-14 17:10 - 2014-02-14 17:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-02-13 02:03 - 2013-12-21 05:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-13 02:03 - 2013-12-21 04:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
 
==================== One Month Modified Files and Folders =======
 
2014-03-15 21:07 - 2014-03-15 21:06 - 00029809 _____ () C:\Users\User\Desktop\FRST.txt
2014-03-15 21:06 - 2014-03-15 21:06 - 00000000 ____D () C:\FRST
2014-03-15 21:06 - 2013-03-22 12:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 21:03 - 2014-03-15 21:02 - 02157056 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-03-15 21:00 - 2012-05-25 21:17 - 01561791 _____ () C:\windows\WindowsUpdate.log
2014-03-15 20:53 - 2012-06-03 06:50 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360139627-1176390748-761116575-1000UA.job
2014-03-15 17:17 - 2013-03-22 15:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-15 13:54 - 2012-06-03 13:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\BitTorrent
2014-03-15 13:17 - 2012-12-15 10:10 - 00000000 ____D () C:\Users\User\Downloads\Something
2014-03-15 10:16 - 2013-05-26 13:39 - 00000000 ____D () C:\Users\User\Downloads\Hannibal
2014-03-15 08:06 - 2012-06-03 06:50 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360139627-1176390748-761116575-1000Core.job
2014-03-15 08:04 - 2013-09-01 11:03 - 00002370 _____ () C:\Users\User\Desktop\Google Chrome.lnk
2014-03-15 07:59 - 2013-12-07 04:06 - 00000418 _____ () C:\windows\Tasks\At1.job
2014-03-14 20:55 - 2012-07-08 06:06 - 21373952 ___SH () C:\Users\User\Downloads\Thumbs.db
2014-03-14 16:34 - 2013-10-14 16:43 - 00000000 ____D () C:\Users\User\AppData\Local\Avg2014
2014-03-14 16:24 - 2013-01-06 22:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-14 15:56 - 2014-03-14 15:53 - 00000000 ____D () C:\AdwCleaner
2014-03-14 15:53 - 2014-03-14 15:53 - 01950720 _____ () C:\Users\User\Downloads\adwcleaner.exe
2014-03-14 15:24 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 15:24 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 15:22 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-14 15:16 - 2013-06-08 15:54 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-03-14 15:16 - 2013-06-02 20:24 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-03-14 15:16 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-14 09:53 - 2013-01-13 23:31 - 00000695 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-03-14 09:53 - 2013-01-13 23:31 - 00000000 ____D () C:\Nexus Mod Manager
2014-03-14 02:02 - 2013-08-10 17:09 - 00000000 ____D () C:\Users\User\Downloads\La U
2014-03-14 01:57 - 2013-07-31 16:59 - 00000000 ____D () C:\Users\User\Desktop\Matematicas
2014-03-13 22:29 - 2012-06-05 10:48 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-03-13 22:27 - 2014-03-13 22:15 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-03-13 22:16 - 2014-03-13 22:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\ParetoLogic
2014-03-13 22:16 - 2014-03-13 22:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\DriverCure
2014-03-13 20:49 - 2013-12-22 00:01 - 00000000 ____D () C:\Users\User\AppData\Local\genienext
2014-03-13 20:43 - 2013-12-07 19:16 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-03-13 19:02 - 2014-03-13 19:02 - 00000000 ____D () C:\Users\User\Desktop\Autoruns
2014-03-13 18:55 - 2014-03-13 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-03-13 18:54 - 2014-03-13 18:54 - 00001080 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-13 18:54 - 2014-03-13 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 18:54 - 2014-03-13 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-13 18:30 - 2009-07-14 00:45 - 00438688 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-13 18:29 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:29 - 2013-03-13 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 01:06 - 2013-06-11 13:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 21:02 - 2012-06-06 06:11 - 00000000 ____D () C:\Users\User\AppData\Local\Skyrim
2014-03-12 15:44 - 2013-03-03 14:17 - 00000000 ____D () C:\Users\User\Downloads\Funny Pics
2014-03-12 14:52 - 2013-10-14 16:48 - 00000936 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-12 01:06 - 2014-03-12 01:05 - 00002965 _____ () C:\Users\User\Desktop\Fallout New Vegas.lnk
2014-03-12 01:04 - 2012-10-05 22:07 - 00000000 ____D () C:\windows\SysWOW64\directx
2014-03-11 23:30 - 2013-01-13 23:33 - 00000000 ____D () C:\Games
2014-03-11 23:23 - 2012-06-06 06:11 - 00000000 ____D () C:\Users\User\Documents\My Games
2014-03-11 23:06 - 2013-02-12 13:33 - 00000000 ____D () C:\Users\User\AppData\Local\FalloutNV
2014-03-11 18:06 - 2014-03-11 18:06 - 05777288 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 18:06 - 2013-03-22 12:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 18:06 - 2013-03-22 12:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 18:06 - 2013-03-22 12:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 17:13 - 2014-03-11 17:12 - 00000000 ____D () C:\Users\User\Downloads\Minecraft 1.6.4 by TeamExtremeMc.com
2014-03-11 17:10 - 2014-03-11 17:10 - 01187104 _____ () C:\Users\User\Downloads\Dragon Block C Mod Installer 1.6.4.exe
2014-03-11 17:08 - 2014-03-11 17:08 - 00000000 ____D () C:\Users\User\Downloads\FRACTbeta_PC_Richard_E_Flanagan
2014-03-11 01:19 - 2014-02-28 10:15 - 00000000 ____D () C:\Users\User\Downloads\American Hustle (2013) 720p BluRay + Subtitles [GlowGaze.Com]
2014-03-10 02:58 - 2012-07-27 15:05 - 00000000 ____D () C:\Users\User\Downloads\The Walking Dead
2014-03-08 15:53 - 2014-03-08 15:53 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-08 15:53 - 2014-02-15 13:58 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-08 00:33 - 2014-03-08 00:32 - 05401798 _____ () C:\Users\User\Downloads\Skyrim Audio Converter 1_0_2-8303-1-0-2.7z
2014-03-07 14:50 - 2013-12-22 00:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\newnext.me
2014-03-05 16:26 - 2013-02-04 18:42 - 00000571 _____ () C:\Users\User\Desktop\jay.txt
2014-03-04 11:20 - 2012-05-25 22:16 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 11:19 - 2012-05-25 22:16 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-04 11:19 - 2012-05-25 22:16 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-03 02:11 - 2014-03-03 02:11 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-03-03 02:11 - 2013-11-10 09:23 - 00003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-03-03 02:11 - 2012-08-30 17:29 - 00050976 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-03-03 02:11 - 2012-06-06 06:20 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-03-01 02:05 - 2014-03-12 14:54 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-12 14:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-12 14:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-12 14:54 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-12 14:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-12 14:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-12 14:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-12 14:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-12 14:54 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-12 14:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-12 14:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-12 14:54 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-12 14:54 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-12 14:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-12 14:54 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-12 14:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-12 14:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-12 14:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-12 14:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-12 14:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-12 14:54 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-12 14:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-12 14:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-12 14:54 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-12 14:54 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-12 14:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-12 14:54 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-12 14:54 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-12 14:54 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-12 14:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-12 14:54 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-12 14:54 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-12 14:54 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-12 14:54 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-12 14:54 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-12 14:54 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-12 14:54 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-12 14:54 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-12 14:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-12 14:54 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-27 23:18 - 2013-02-04 19:02 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-02-27 02:59 - 2013-07-10 22:43 - 00000000 ___RD () C:\Users\User\Dropbox
2014-02-27 02:59 - 2013-07-10 22:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-02-27 02:51 - 2012-06-03 06:54 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-27 02:50 - 2012-06-03 06:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-27 02:01 - 2012-06-05 10:47 - 00766780 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-26 21:36 - 2013-07-10 22:43 - 00001025 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-02-26 21:36 - 2013-07-10 22:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-26 13:50 - 2014-02-26 12:50 - 00000000 ____D () C:\Users\User\Downloads\The Book Thief (2013) 720p WEBRip [GlowGaze.Com]
2014-02-26 12:53 - 2012-07-07 11:03 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2014-02-25 18:11 - 2013-03-03 08:46 - 00001159 _____ () C:\Users\User\Desktop\Songs.txt
2014-02-23 20:17 - 2014-01-09 20:34 - 00000000 ____D () C:\Users\User\Desktop\Skyrim
2014-02-20 22:35 - 2014-02-20 22:17 - 00000000 ____D () C:\Users\User\Downloads\Harvester
2014-02-19 10:56 - 2013-11-06 22:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-18 13:28 - 2013-03-03 08:36 - 00000840 _____ () C:\Users\User\Desktop\Movies.txt
2014-02-16 02:04 - 2013-08-15 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 02:00 - 2012-06-06 05:07 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 18:32 - 2014-02-14 20:10 - 00000000 ____D () C:\Users\User\Downloads\Starbound Update
2014-02-15 18:27 - 2014-02-12 20:03 - 00000000 ____D () C:\Users\User\Downloads\K-11 2012 BRRip XViD juggs
2014-02-15 13:58 - 2014-03-08 15:53 - 00000426 _____ () C:\AVScanner.ini
2014-02-15 03:50 - 2012-10-05 22:07 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-02-15 00:53 - 2014-02-15 00:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 18:28 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-02-14 17:20 - 2014-02-14 17:10 - 00000000 ____D () C:\Program Files (x86)\Cube World
2014-02-14 17:10 - 2014-02-14 17:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cube World - July 23, 2013
2014-02-14 17:10 - 2014-02-14 17:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-02-13 02:05 - 2009-07-13 22:34 - 00000478 _____ () C:\windows\win.ini
 
Files to move or delete:
====================
C:\Users\User\atimgpud.dll
C:\Users\User\binkw32.dll
C:\Users\User\enable_data.exe
C:\Users\User\SkyrimLauncher.exe
C:\Users\User\steam_api.dll
C:\Users\User\TESV.exe
C:\Users\User\update-Skyrim.bat
C:\Windows\Tasks\At1.job
 
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\libcurl.dll
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\libidn-11.dll
C:\Users\User\AppData\Local\Temp\librtmp.dll
C:\Users\User\AppData\Local\Temp\libssh2.dll
C:\Users\User\AppData\Local\Temp\libusb-1.0.dll
C:\Users\User\AppData\Local\Temp\ssleay32.dll
C:\Users\User\AppData\Local\Temp\zlib1.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-10 12:09
 
==================== End Of Log ============================


#4 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 15 March 2014 - 08:13 PM

And finally here is the second log.

 

Adittion:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by User at 2014-03-15 21:07:35
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
@Home Mate (HKLM-x32\...\{B883F0C7-64DB-4D11-A7F6-FEB08A072595}_is1) (Version: 1.0 - ILLUSION)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
ADRIFT 5 (HKLM-x32\...\{22EEACC9-C06E-45E5-8FBA-C9270989CA13}) (Version: 5.0.31.4 - Campbell Wild)
Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.0.0.0 - Visicom Media Inc. (Powered by Panda Security))
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.0.0.248 - AVG Technologies)
Babylon Chrome Toolbar (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.7 - Babylon Ltd) <==== ATTENTION
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioShock Infinite (HKLM-x32\...\BioShock Infinite_is1) (Version:  - )
BioShock Infinite Burial at Sea - Episode 1 (HKLM-x32\...\QmlvU2hvY2tJbmZpbml0ZQ==_is1) (Version: 1 - )
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30489 - BitTorrent Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.09(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Browse2save (HKLM-x32\...\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}) (Version:  - BrowseToSave) <==== ATTENTION
calibre (HKLM-x32\...\{04DA2FBD-B750-4070-90DE-D387DAC13C71}) (Version: 1.21.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Corel Digital Studio SE (HKLM-x32\...\_{E185BD5C-0E10-479F-AF44-63D3A068446A}) (Version: 1.5.10.332 - Corel Corporation)
Cube World - July 23, 2013 (HKLM-x32\...\Cube World - July 23, 2013July 23, 2013) (Version: July 23, 2013 - Friends in War)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Darksiders II (HKLM-x32\...\{80E34226-8D94-482F-B4BC-36F39CBFD267}_is1) (Version:  - )
DarkSiders II version 5.1 (HKLM-x32\...\{B810D852-DFD6-DARKSIII-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Daum PotPlayer 1.5.39659 (HKLM-x32\...\PotPlayer) (Version:  - )
Dead Space 2 (HKLM-x32\...\{8A96EA3C-7FDD-4B98-872E-1A20572BED61}_is1) (Version: Dead Space 2 - eviboss)
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
DeviceIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Devil May Cry 3 Special Edition (HKLM-x32\...\{D4A8FCAB-9D30-4509-A3F1-D0B7E1BE9F00}) (Version: 1.00.000 - CAPCOM)
DFPro (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
DMC Devi May Cry 1.0.2 (HKLM-x32\...\DMC Devi May Cry 1.0.2) (Version: 1.0.2 - Capcom)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
ƒOƒŠƒUƒCƒA‚̉ʎÀ (HKLM-x32\...\FW_Grisaia) (Version:  - )
Freecorder 7 Applications (7.0.0.48) (HKLM-x32\...\Freecorder 7 Applications) (Version: 7.0.0.48 - Applian Technologies)
Freecorder extension (HKLM-x32\...\Freecorder extension) (Version: 7.0.0.8 - Applian Technologies Inc.)
Freecorder extension for Chrome (HKLM-x32\...\Freecorder extension for Chrome) (Version: 7.0.0.7 - Applian Technologies, Inc.)
Freecorder extension x64 (HKLM-x32\...\Freecorder extension x64) (Version: 7.0.0.8 - Applian Technologies Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
HDMI Control Manager (HKLM-x32\...\InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}) (Version: 2.0 - TOSHIBA CORPORATION)
HDMI Control Manager (Version: 2.0 - TOSHIBA CORPORATION) Hidden
HDMI Control Manager (x32 Version: 2.0 - TOSHIBA CORPORATION) Hidden
HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version:  - )
ICA (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
ILLUSION ジンコウガクエン (HKLM-x32\...\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン きゃらめいく (HKLM-x32\...\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}) (Version: 1.00.0000 - ILLUSION)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IPM_OEM (x32 Version: 1.53 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.109.08290 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.109.08290 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.161.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft1.5.2 (HKLM-x32\...\Minecraft1.5.2) (Version:  - )
MLE (x32 Version: 1.0.0.60 - Corel Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-GB)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.0 - Black Tree Gaming)
Nuvoton CIR Device Drivers (HKLM-x32\...\{0ECEB38D-9474-4938-9140-654971B4E788}) (Version: 8.60.2008 - Nuvoton Technology Corporation)
NVIDIA Control Panel 290.39 (Version: 290.39 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 290.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 290.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
PureHD (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAGNAROK BATTLE OFFLINE 1.0 (HKLM-x32\...\10_is1) (Version:  - Weiky)
Rain Blood Chronicles: Mirage (HKLM-x32\...\UmFpbkJsb29kQ2hyb25pY2xlc01pcmFnZQ==_is1) (Version: 1 - )
RBO Extra Scenario Vol.1 (HKLM-x32\...\18_is1) (Version:  - Weiky)
RBO Extra Scenario Vol.2 (HKLM-x32\...\35_is1) (Version: 3.00 - Weiky)
RBO Extra Scenario Vol.3 (HKLM-x32\...\36_is1) (Version: 4.00 - Weiky)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6363 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.1 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.13.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.17.01 - RICOH)
Saints Row IV Update and DLC pack (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
Saints Row The Third (HKLM-x32\...\Saints Row The Third_is1) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share64 (Version: 1.5.10.332 - Corel Corporation) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Mobile Update Service (HKLM-x32\...\Update Service) (Version: 2.13.8.201307151333 - Sony Mobile Communications AB)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Starbound - Irritated Koala Update [13/12/06] (HKCU\...\Starbound - Irritated Koala Update [13/12/06]) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SuperD spd2900gs (HKLM-x32\...\{8B883A0D-6CA9-4FBC-8B7F-DEAFE6A18995}) (Version: 1.0.1613.809 - SuperD Co., Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Blu-ray Disc Player (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 1.0.1.299  - TOSHIBA Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}) (Version: 2.1.10.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 2.1.10.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{38C52F7D-A6CB-4CE7-A189-8AABE8774D8A}) (Version: 8.0.38 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.9 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{6FF9A012-0254-41E9-81E2-F538C4B53611}) (Version: 1.3.2.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.16.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.7.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.18.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.18.64 - TOSHIBA Corporation) Hidden
TOSHIBA Remote Control Manager (HKLM-x32\...\{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}) (Version: 3.0.8.2 - TOSHIBA CORPORATION)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.14.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.5.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.5.14.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.25 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.25 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}) (Version: 1.0.4 - TOSHIBA CORPORATION)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{E84E9B25-BEB6-4F2F-84BB-755CDA8E89C0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{55C3C61D-31E9-4ECF-B29B-C1C6A8FB68FB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
VIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
X-Tune (HKLM-x32\...\{B4EDE2FE-C1F4-4E48-A967-39D63B7702F9}) (Version: 1.0.0.0 - SuperD)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
鋼鉄のガールフレンド2nd (HKLM-x32\...\鋼鉄のガールフレンド2nd) (Version:  - )
 
==================== Restore Points  =========================
 
12-03-2014 18:47:43 Windows Update
13-03-2014 05:03:12 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0628424E-16E3-42A1-B41B-D0347FCFEDEE} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: {141586AC-FD22-47FC-ACB6-2815E8462EC0} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {3872111D-FADB-4744-B80A-C6DB7977C3A9} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {39C96F41-CB8F-460A-89AB-84EA8DB01997} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {3C90EECA-ED48-434A-A421-029D5F961458} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {3FFF371E-A83D-4DC2-B350-6068530396F4} - System32\Tasks\{8C530A72-4FF9-412B-98EB-2DD786BF8FDD} => C:\Empress\STARLESS\STARLESS.exe
Task: {44503D30-D1DB-45C8-BE0B-642606F19961} - System32\Tasks\{3AE70CEC-1058-4117-B00D-A5ACDACEBB98} => C:\Empress\STARLESS\STARLESS.exe
Task: {54F1F5C5-A298-4E75-B11C-73ACFB15049D} - System32\Tasks\Google Updater and Installer => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {700E8BE8-D9CE-44A7-B3FF-05B67E2E98FC} - System32\Tasks\{EE7D5B86-8749-4CB4-AFD5-4AE2E23388A4} => C:\Users\User\Desktop\Diablo 2 with Lord of Destruction (v1.13c) (Direct Play)\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe [2011-01-05] (Blizzard North)
Task: {76D648A6-4B7A-49B0-8473-46A7419F185A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {801BBEB1-A072-4452-8690-DE8E549F377E} - System32\Tasks\{1ACFD8D1-E102-4FAA-95E5-D2D848073ED4} => C:\The Elder Scrolls V Skyrim\Skyrim.Memory.(4gb).Patch.exe
Task: {821D5F45-FEA8-446B-B784-9202BA90883A} - System32\Tasks\{07BBEEEB-F58A-4C7A-9C83-C26B228E6EA6} => C:\The Elder Scrolls V Skyrim\SkyrimLauncher.exe
Task: {82BEE188-9F9E-4E14-B0BD-D0E9DA5A45A8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-360139627-1176390748-761116575-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {91E1E2D6-C9A8-46DD-AF74-9A85CD29DE5F} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\windows\TEMP\{BAF48721-4ADC-4820-88B7-8D0C3CED7EC0}.exe
Task: {95285C00-2227-4730-9D2C-E670FC6CECC1} - System32\Tasks\At1 => C:\windows\SysWOW64\logmaan.exe
Task: {A06DAAE6-E4B7-4DB2-911F-361264A8E276} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {A9BB24CB-75C1-4F25-83DA-5BE7FE79664F} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B660614B-9346-4B56-AD93-417E406DC370} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {CB7C1273-0957-4AD4-B867-DB4324442473} - System32\Tasks\{E7DB4146-3554-4A0E-9496-F792A50B7A7C} => C:\Empress\STARLESS\STARLESS.exe
Task: {DE1CDA92-8605-4BF1-8D2D-552A7F75C706} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {DE9E6E05-C6A5-4241-9C45-4200D2E78807} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-360139627-1176390748-761116575-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-03] (Google Inc.)
Task: {E0B01170-8059-4F2E-BCA6-7FC61DE4CF6C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {EAF272B2-1957-4DDF-8C3C-F745FC62C985} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{87C0484B-B60F-421E-A9DB-95536C412E21}.exe
Task: {EBF7DA3F-240C-4000-A4C6-402BD68E0FA1} - System32\Tasks\{3482B243-5B9D-43AC-8851-AC89D9AFD4F1} => C:\Empress\HIMECUS.EXE
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\At1.job => C:\windows\SysWOW64\logmaan.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\windows\TEMP\{BAF48721-4ADC-4820-88B7-8D0C3CED7EC0}.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{87C0484B-B60F-421E-A9DB-95536C412E21}.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360139627-1176390748-761116575-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-360139627-1176390748-761116575-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-11 17:14 - 2011-03-11 17:14 - 00030064 _____ () c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
2014-03-03 02:11 - 2014-03-03 02:11 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-02-22 22:22 - 2011-02-22 22:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2013-02-15 21:41 - 2013-10-31 10:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-06-06 06:20 - 2014-03-03 02:11 - 02539544 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2010-12-08 18:42 - 2010-12-08 18:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-03 02:11 - 2014-03-03 02:11 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\log4cplusU.dll
2013-02-15 21:41 - 2012-04-30 09:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-02-15 21:41 - 2013-09-13 09:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 13:54 - 2011-07-07 13:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2012-10-05 02:51 - 2013-05-20 10:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2013-02-15 21:41 - 2010-01-11 14:44 - 00053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2013-07-05 09:47 - 2013-07-05 09:47 - 00607232 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-03-04 09:01 - 2014-03-01 22:35 - 00051016 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-04 09:01 - 2014-03-01 22:35 - 00716616 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 09:01 - 2014-03-01 22:35 - 00100168 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 09:01 - 2014-03-01 22:35 - 04061000 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 09:01 - 2014-03-01 22:35 - 00394568 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 09:01 - 2014-03-01 22:35 - 01647432 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2014-03-04 09:01 - 2014-03-01 22:35 - 13632840 _____ () C:\Users\User\AppData\Local\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2014 07:59:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22392743
 
Error: (03/15/2014 07:59:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22392743
 
Error: (03/15/2014 07:59:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/15/2014 07:59:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22391744
 
Error: (03/15/2014 07:59:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22391744
 
Error: (03/15/2014 07:59:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/15/2014 07:59:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22390746
 
Error: (03/15/2014 07:59:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22390746
 
Error: (03/15/2014 07:59:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/15/2014 01:46:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12106
 
 
System errors:
=============
Error: (03/14/2014 03:17:09 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (03/14/2014 03:16:11 PM) (Source: Service Control Manager) (User: )
Description: The BuddyVM service failed to start due to the following error: 
%%3
 
Error: (03/13/2014 10:05:06 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (03/13/2014 10:03:42 PM) (Source: Service Control Manager) (User: )
Description: The BuddyVM service failed to start due to the following error: 
%%3
 
Error: (03/13/2014 06:40:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (03/13/2014 06:39:46 PM) (Source: Service Control Manager) (User: )
Description: The BuddyVM service failed to start due to the following error: 
%%3
 
Error: (03/13/2014 06:32:24 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (03/13/2014 06:30:43 PM) (Source: Service Control Manager) (User: )
Description: The BuddyVM service failed to start due to the following error: 
%%3
 
Error: (03/12/2014 02:43:52 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (03/12/2014 02:42:45 PM) (Source: Service Control Manager) (User: )
Description: The BuddyVM service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (03/15/2014 07:59:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22392743
 
Error: (03/15/2014 07:59:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22392743
 
Error: (03/15/2014 07:59:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/15/2014 07:59:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22391744
 
Error: (03/15/2014 07:59:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22391744
 
Error: (03/15/2014 07:59:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/15/2014 07:59:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22390746
 
Error: (03/15/2014 07:59:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22390746
 
Error: (03/15/2014 07:59:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/15/2014 01:46:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12106
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-12-04 14:27:33.076
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-12-04 14:27:33.034
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-24 20:33:47.746
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-24 20:33:47.734
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-24 20:28:56.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-24 20:28:56.621
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-20 20:24:10.904
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-20 20:24:10.895
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-20 20:15:59.827
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-20 20:15:59.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Games\VMLaunch\BuddyVM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 78%
Total physical RAM: 8165.43 MB
Available physical RAM: 1782.89 MB
Total Pagefile: 16329.03 MB
Available Pagefile: 8323.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (S3A8509D002) (Fixed) (Total:582.28 GB) (Free:114.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 0CE59860)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 16 March 2014 - 11:52 AM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   4.83KB   1 downloads

 

 

2.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

  • Once done scanning click the Clean button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

3.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Things to include in your next reply::

Fixlog.txt

AdwCleaner log

Roguekiller log

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 16 March 2014 - 12:43 PM

I just have some questions fireman4it, I have check the fixlist,txt and in it appears listed the Skyrim launcher,exe, will this process affect my game or anything at all? I'm grateful again for your help.

By the way i already have all the programs on stand-by, I'm just concerned about this doubt.


Edited by Paranoid_Android, 16 March 2014 - 12:46 PM.


#7 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 16 March 2014 - 01:07 PM

Forget my previous post.

 

Here's the FRST.64.exe,  Fix Log:

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by User at 2014-03-16 14:10:02 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [Adobe] - C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent.vbe [15550 2013-01-20] ()
HKU\S-1-5-21-360139627-1176390748-761116575-1000\...\Run: [NextLive] - C:\windows\SysWOW64\rundll32.exe "C:\Users\User\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E9048BFC-076F-4795-ABB9-C4FE0B77D6FB}&mid=618f19c9e1c347d0a0cd39a9f14620aa-eef4ee58affb842842add1aa22142fa6c4ea74f2&lang=en&ds=st011&pr=sa&d=2012-06-06 18:20:21&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {49C41AC7-CB61-4E0D-8A11-2723D0B18E8F} URL = http://isearch.avg.com/search?cid={E9048BFC-076F-4795-ABB9-C4FE0B77D6FB}&mid=618f19c9e1c347d0a0cd39a9f14620aa-eef4ee58affb842842add1aa22142fa6c4ea74f2&lang=en&ds=st011&pr=sa&d=2012-06-06 18:20:21&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E9048BFC-076F-4795-ABB9-C4FE0B77D6FB}&mid=618f19c9e1c347d0a0cd39a9f14620aa-eef4ee58affb842842add1aa22142fa6c4ea74f2&lang=en&ds=st011&pr=sa&d=2012-06-06 18:20:21&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
BHO: Freecorder extension x64 - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
BHO-x32: Freecorder extension - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Extension: OneClickDownloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-07-12]
CHR Extension: (OneClickDownload) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\User\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [gpicboiclhmnllnjdcfcffifpoaebgkm] - C:\Program Files (x86)\Freecorder extension\Freecorder.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx [2012-07-11]
C:\Users\User\atimgpud.dll
C:\Users\User\binkw32.dll
C:\Users\User\enable_data.exe
C:\Users\User\SkyrimLauncher.exe
C:\Users\User\steam_api.dll
C:\Users\User\TESV.exe
C:\Users\User\update-Skyrim.bat
C:\Windows\Tasks\At1.job
C:\Users\User\AppData\Local\Temp\libcurl.dll
C:\Users\User\AppData\Local\Temp\libeay32.dll
C:\Users\User\AppData\Local\Temp\libidn-11.dll
C:\Users\User\AppData\Local\Temp\librtmp.dll
C:\Users\User\AppData\Local\Temp\libssh2.dll
C:\Users\User\AppData\Local\Temp\libusb-1.0.dll
C:\Users\User\AppData\Local\Temp\ssleay32.dll
C:\Users\User\AppData\Local\Temp\zlib1.dll
Browse2save (HKLM-x32\...\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}) (Version:  - BrowseToSave) <==== ATTENTION
Babylon Chrome Toolbar (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.7 - Babylon Ltd) <==== ATTENTION
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Task: {141586AC-FD22-47FC-ACB6-2815E8462EC0} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {3872111D-FADB-4744-B80A-C6DB7977C3A9} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {95285C00-2227-4730-9D2C-E670FC6CECC1} - System32\Tasks\At1 => C:\windows\SysWOW64\logmaan.exe
Task: C:\windows\Tasks\At1.job => C:\windows\SysWOW64\logmaan.exe
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe => Value deleted successfully.
HKU\S-1-5-21-360139627-1176390748-761116575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49C41AC7-CB61-4E0D-8A11-2723D0B18E8F} => Key deleted successfully.
HKCR\CLSID\{49C41AC7-CB61-4E0D-8A11-2723D0B18E8F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => Key deleted successfully.
HKCR\CLSID\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} => Key deleted successfully.
HKCR\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb => Key deleted successfully.
"C:\Users\User\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm => Key deleted successfully.
"C:\Program Files (x86)\Freecorder extension\Freecorder.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf => Key deleted successfully.
"C:\Program Files (x86)\TornTV.com\torn11.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key deleted successfully.
"C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco => Key deleted successfully.
C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx => Moved successfully.
C:\Users\User\atimgpud.dll => Moved successfully.
C:\Users\User\binkw32.dll => Moved successfully.
C:\Users\User\enable_data.exe => Moved successfully.
C:\Users\User\SkyrimLauncher.exe => Moved successfully.
C:\Users\User\steam_api.dll => Moved successfully.
C:\Users\User\TESV.exe => Moved successfully.
C:\Users\User\update-Skyrim.bat => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Users\User\AppData\Local\Temp\libcurl.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\libeay32.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\libidn-11.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\librtmp.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\libssh2.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\libusb-1.0.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\ssleay32.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\zlib1.dll => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{141586AC-FD22-47FC-ACB6-2815E8462EC0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{141586AC-FD22-47FC-ACB6-2815E8462EC0} => Key deleted successfully.
C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3872111D-FADB-4744-B80A-C6DB7977C3A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3872111D-FADB-4744-B80A-C6DB7977C3A9} => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95285C00-2227-4730-9D2C-E670FC6CECC1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95285C00-2227-4730-9D2C-E670FC6CECC1} => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
C:\windows\Tasks\At1.job not found.
 
==== End of Fixlog ====

Edited by Paranoid_Android, 16 March 2014 - 01:12 PM.


#8 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 16 March 2014 - 01:34 PM

Well after running AdwCleaner, it asked me to boot up my computer and the logfile that appeared wasn't the [R1] but instead the [SO] either way I'm attaching the [R1] text.

 

AdwCleaner[R1]:

 

# AdwCleaner v3.022 - Report created 14/03/2014 at 15:55:37
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Found : C:\windows\System32\Tasks\Express FilesUpdate
File Found : C:\windows\System32\Tasks\GoforFilesUpdate
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Folder Found C:\Program Files (x86)\1ClickDownload
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\BonanzaDeals
Folder Found C:\Program Files (x86)\BonanzaDealsLive
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\ExpressFiles
Folder Found C:\Program Files (x86)\Freecorder extension
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\Red Sky
Folder Found C:\Program Files (x86)\smart pc cleaner
Folder Found C:\ProgramData\Anti-phishing Domain Advisor
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\BonanzaDealsLive
Folder Found C:\ProgramData\Browse2save
Folder Found C:\ProgramData\Browse2Save
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2Save
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\RightClick
Folder Found C:\Users\User\AppData\Local\AVG Secure Search
Folder Found C:\Users\User\AppData\Local\blekkotb_031
Folder Found C:\Users\User\AppData\Local\BonanzaDealsLive
Folder Found C:\Users\User\AppData\Local\DownTango
Folder Found C:\Users\User\AppData\Local\genienext
Folder Found C:\Users\User\AppData\Local\Mobogenie
Folder Found C:\Users\User\AppData\Local\PackageAware
Folder Found C:\Users\User\AppData\Local\vghd
Folder Found C:\Users\User\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\User\AppData\LocalLow\Browse2Save
Folder Found C:\Users\User\AppData\LocalLow\Browse2save
Folder Found C:\Users\User\AppData\Roaming\Babylon
Folder Found C:\Users\User\AppData\Roaming\DriverCure
Folder Found C:\Users\User\AppData\Roaming\ExpressFiles
Folder Found C:\Users\User\AppData\Roaming\goforfiles
Folder Found C:\Users\User\AppData\Roaming\newnext.me
Folder Found C:\Users\User\AppData\Roaming\ParetoLogic
Folder Found C:\Users\User\AppData\Roaming\yourfiledownloader
Folder Found C:\Users\User\Documents\Mobogenie
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BonanzaDealsLive
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\f0dedeb46dbd13
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YourFileDownloader
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\BonanzaDealsLive
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Babylon
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YourFileDownloader
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BonanzaDealsLive
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\Driver-Soft
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\SOFTWARE\f0dedeb46dbd13
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder extension
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\YourFileDownloader
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com/?cid={E9048BFC-076F-4795-ABB9-C4FE0B77D6FB}&mid=618f19c9e1c347d0a0cd39a9f14620aa-eef4ee58affb842842add1aa22142fa6c4ea74f2&lang=en&ds=st011&pr=sa&d=2012-06-06%2018:20:21&v=15.3.0.11&pid=avg&sg=0&sap=hp
 
-\\ Mozilla Firefox v27.0.1 (en-GB)
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
 
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\oj87rc8x.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [21429 octets] - [14/03/2014 15:53:44]
AdwCleaner[R1].txt - [21140 octets] - [14/03/2014 15:55:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [21201 octets] ##########


#9 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 16 March 2014 - 01:48 PM

Here's the RogueKiller report:

 

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 03/16/2014 14:39:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\windows\TEMP\{BAF48721-4ADC-4820-88B7-8D0C3CED7EC0}.exe - --uninstall=1 [x] -> FOUND
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\windows\TEMP\{87C0484B-B60F-421E-A9DB-95536C412E21}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\windows\TEMP\{BAF48721-4ADC-4820-88B7-8D0C3CED7EC0}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\windows\TEMP\{87C0484B-B60F-421E-A9DB-95536C412E21}.exe - --uninstall=1 [x] -> FOUND
[V2][SUSP PATH] {EE7D5B86-8749-4CB4-AFD5-4AE2E23388A4} : C:\Users\User\Desktop\Diablo 2 with Lord of Destruction (v1.13c) (Direct Play)\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe [-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 1 ¤¤¤
[FF][PUP] oj87rc8x.default : AVG Security Toolbar
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : PUP ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK6476GSX +++++
--- User ---
[MBR] e1fb78eddbe50900997d8a674299e8e4
[BSP] c560384971bc8896dc095a129e4c0e37 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596258 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1224210432 | Size: 12721 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_03162014_143911.txt >>
 
I have noticed a slight increase in performance, plus no freezing when opening tabs in my browsers. I really appreciate your help in the process fireman4it, thanks.
 
Just wondering, should I keep all the programs that I used to do the cleaning or can I delete them?
 
P.S: Any tips on how to keep these things on check?

Edited by Paranoid_Android, 16 March 2014 - 01:51 PM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 16 March 2014 - 05:31 PM

 

Just wondering, should I keep all the programs that I used to do the cleaning or can I delete them?
 
P.S: Any tips on how to keep these things on check?

Once I have determined your machine is clean I will give you directions for both.

 

Can you please post the AdwCleaner[S0] txt?

 

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 16 March 2014 - 07:23 PM

Here's the AdwCleaner[S0].txt:

 

# AdwCleaner v3.022 - Report created 16/03/2014 at 14:19:21

# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\ProgramData\Browse2Save
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\RightClick
[/!\] Not Deleted ( Junction ) : C:\ProgramData\Browse2save
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2Save
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\Freecorder extension
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\smart pc cleaner
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\User\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\User\AppData\Local\blekkotb_031
Folder Deleted : C:\Users\User\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\User\AppData\Local\DownTango
Folder Deleted : C:\Users\User\AppData\Local\genienext
Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
Folder Deleted : C:\Users\User\AppData\Local\PackageAware
Folder Deleted : C:\Users\User\AppData\Local\vghd
Folder Deleted : C:\Users\User\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\User\AppData\LocalLow\Browse2Save
Folder Deleted : C:\Users\User\AppData\Roaming\Babylon
Folder Deleted : C:\Users\User\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\User\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\User\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\User\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\User\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\User\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\User\Documents\Mobogenie
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\windows\System32\Tasks\Express FilesUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\f0dedeb46dbd13
Key Deleted : HKLM\SOFTWARE\f0dedeb46dbd13
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BonanzaDealsLive
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder extension
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v27.0.1 (en-GB)
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]
 
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]
 
 
[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\oj87rc8x.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [21429 octets] - [14/03/2014 15:53:44]
AdwCleaner[R1].txt - [21490 octets] - [14/03/2014 15:55:37]
AdwCleaner[R2].txt - [19443 octets] - [16/03/2014 14:13:25]
AdwCleaner[S0].txt - [18684 octets] - [16/03/2014 14:19:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18745 octets] ##########


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 16 March 2014 - 07:32 PM

just need the rogue killer log after you use the delete button


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 16 March 2014 - 08:26 PM

Here's the RogueKiller report:

 

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 03/16/2014 21:21:46
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\windows\TEMP\{BAF48721-4ADC-4820-88B7-8D0C3CED7EC0}.exe - --uninstall=1 [x] -> DELETED
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\windows\TEMP\{87C0484B-B60F-421E-A9DB-95536C412E21}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\windows\TEMP\{BAF48721-4ADC-4820-88B7-8D0C3CED7EC0}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\windows\TEMP\{87C0484B-B60F-421E-A9DB-95536C412E21}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] {EE7D5B86-8749-4CB4-AFD5-4AE2E23388A4} : C:\Users\User\Desktop\Diablo 2 with Lord of Destruction (v1.13c) (Direct Play)\Diablo II Lord of Destruction (v1.13c)\Diablo II\Diablo II.exe [-] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK6476GSX +++++
--- User ---
[MBR] e1fb78eddbe50900997d8a674299e8e4
[BSP] c560384971bc8896dc095a129e4c0e37 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 596258 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1224210432 | Size: 12721 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_03162014_212146.txt >>
RKreport[0]_S_03162014_143911.txt;RKreport[0]_S_03162014_211832.txt;RKreport[0]_S_03162014_211854.txt
RKreport[0]_S_03162014_212041.txt


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:32 AM

Posted 17 March 2014 - 05:43 PM

One last check for any remaining malware.

1.
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
2.
ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Now click on: EOLS3.gif
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic.
    • Now click on: EOLS4.gif
      (Selecting Uninstall application on close if you so wish)

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Paranoid_Android

Paranoid_Android
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 AM

Posted 18 March 2014 - 12:13 AM

Here are the mbar logs:

 

mbar-log-2014-03-18 (00-17-32)::

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.03.18.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
User :: USER-PC [administrator]
 
18/3/2014 12:17:32 AM
mbar-log-2014-03-18 (00-17-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 270219
Time elapsed: 16 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 5
C:\Users\User\AppData\Local\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\User\AppData\Local\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\User\AppData\Local\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\User\AppData\Local\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Delete on reboot.
C:\Users\User\AppData\Local\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Delete on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
system-log.txt:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16521
 
Java version: 1.6.0_20
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8562069504, free: 4292259840
 
Downloaded database version: v2014.03.18.02
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
     03/18/2014 00:17:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\rimspe64.sys
\SystemRoot\system32\DRIVERS\rixdpe64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\nuvotonir.sys
\SystemRoot\system32\DRIVERS\nuvotonhidcir.sys
\SystemRoot\system32\DRIVERS\hidshim.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\tosrfec.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\system32\DRIVERS\MijXfilt.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\SuperDUSB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800992d790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b93050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800992d790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800992d2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800992d790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b8db20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007b93050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CE59860
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 1221136384
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1224210432  Numsec = 26052608
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 640135028736 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Read File:  File "c:\programdata\avg2014\chjw\1ed60733d6070aab.dat:b64b5a42-3a71-444d-8c6c-a742b277e432" is sparse (flags = 32768)
Infected: C:\Users\User\AppData\Local\Temp\phatk121016.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\User\AppData\Local\Temp\scrypt130511.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\User\AppData\Local\Temp\diablo130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\User\AppData\Local\Temp\poclbm130302.cl --> [Trojan.BitcoinMiner]
Infected: C:\Users\User\AppData\Local\Temp\diakgcn121016.cl --> [Trojan.BitcoinMiner]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1224210432-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users