Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Helping out a friend


  • This topic is locked This topic is locked
27 replies to this topic

#1 Bela70

Bela70

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 16 May 2014 - 02:27 PM

Friend of mine has been offline for the better part of a year due to medical issues. She just got back on and I was helping her clean up her computer. She had a ton of programs installed. IObits, Advanced System Care, Tuneup programs, Zone Alarm, McAfee Security.. you name it, it was there. Computer was very sluggish.

 

I ran Malwarebytes.. found over 1400 infected objects. Ran Eset online scanner.. first go around it found over 300 files infected.. when it got to 99% and was scanning system.workflow.runtime.dll it got stuck... i let it sit for about a hour opening it would move forward never did. Clicked close.. it said it quarantined X number of files (sorry was 4am my time at this point and I was all but passed out at the desk so dont remember the actual number).

 

Rebooted this computer, restarted the scan and went to bed. It has been running now for 12 hours, 197 infections found and once again is stuck at the 99% point on the same file system.workflow.runtime.dll

 

First time i have had Eset simply stop like this... did read in another post where it took the person over 20 hours to run a full scan... 

 

Any help/advice would be much appreciated! 

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:26 PM

Posted 16 May 2014 - 08:35 PM

Hello Bela70,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 17 May 2014 - 09:47 AM

Thanks Fireman4it... I had previously run AdwCleaner before creating my post.. first go around there was a lot more.. but this is the current run.
 
# AdwCleaner v3.208 - Report created 18/05/2014 at 00:18:00
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : alev - ALEV-PC
# Running from : C:\Users\alev\Desktop\Tech Programs\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\alev\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v6.0.2 (en-GB)
 
[ File : C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\prefs.js ]
 
 
-\\ Google Chrome v34.0.1847.137
 
[ File : C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=104&systemid=473&v=n12281-317&apn_uid=2235415020444545&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
Deleted [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod
 
*************************
 
AdwCleaner[R0].txt - [37264 octets] - [16/05/2014 16:00:33]
AdwCleaner[R1].txt - [1352 octets] - [18/05/2014 00:16:20]
AdwCleaner[S0].txt - [35149 octets] - [16/05/2014 16:02:45]
AdwCleaner[S1].txt - [1279 octets] - [18/05/2014 00:18:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1339 octets] ##########
 
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by alev (administrator) on ALEV-PC on 18-05-2014 00:41:43
Running from C:\Users\alev\Desktop\Tech Programs
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TeamViewer GmbH) C:\Users\alev\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TeamViewer GmbH) C:\Users\alev\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Users\alev\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Users\alev\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Users\alev\AppData\Local\Temp\TeamViewer\Version9\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Telstra) C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-05-05] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-10-01] (Acer Incorporated)
HKLM\...\Run: [ISW] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [4352408 2010-05-14] (Telstra)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-16] (AVAST Software)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgBEAEMASgA2AC0AVABEAFUAWgBBAC0AQgBBAEIAUABBAC0AUwBMAEQAQwBMAC0AUABTAFAANABCAA"&"inst=NwA2AC0ANQAwADMANAAxADYAOQA0ADUALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA"&"prod=94"&"ver=9.0.894 [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1651720748-2129956591-922140169-1000\...\Run: [Google Update] => C:\Users\alev\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-18] (Google Inc.)
HKU\S-1-5-21-1651720748-2129956591-922140169-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1651720748-2129956591-922140169-1000\...\Policies\Explorer: [NoInstrumentation] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {15B81C52-1414-46E6-811F-63B590F0AC0A} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {7CF502E4-5401-44CD-A7F6-212D3CBEEBB9} URL = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
SearchScopes: HKCU - {D8B7A1ED-4DF4-441F-A5C1-04B08DA649BB} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10957
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - No CLSID Value - 
Handler: ms-itss - No CLSID Value - 
Handler-x32: linkscanner - No CLSID Value - 
Handler-x32: ms-itss - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 
FireFox:
========
FF ProfilePath: C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default
FF DefaultSearchEngine: Search Protect Search
FF SelectedSearchEngine: Search Protect Search
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=800236&ilc=12&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\alev\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\alev\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\searchplugins\yahoo_ff.xml
FF Extension: zonealarm.com - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\ffxtlbr@zonealarm.com [2012-06-15]
FF Extension: Greasemonkey - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011-09-21]
FF Extension: Friendly Gaming Simplifier - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\friendlygamingsimplifier@flies.xpi [2011-07-20]
FF Extension: Scriptish - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\scriptish@erikvold.com.xpi [2011-09-21]
 
Chrome: 
=======
CHR HomePage: www.google.com
CHR StartupUrls: "www.google.com"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: Ask.com
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll ()
CHR Plugin: (Injovo Extension Plugin) - C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\alev\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (News.net) - C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmbbgcooaabknohabmoaikiakkoignai [2013-07-02]
CHR Extension: (avast! Online Security) - C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-05-16]
CHR Extension: (MWAddon Chromium Client) - C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2013-03-15]
CHR Extension: (Google Wallet) - C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-05-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-16] (AVAST Software)
R2 BITS; C:\Windows\SysWOW64\qmgr.dll [849920 2011-09-09] (Microsoft Corporation)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-04-24] ()
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-10] (IObit)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [1110016 2011-09-09] (Microsoft Corporation)
R2 TeamViewer9; c:\users\alev\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe [4648256 2014-04-25] (TeamViewer GmbH)
S3 TermService; C:\Windows\SysWOW64\termsrv.dll [680960 2011-09-09] (Microsoft Corporation)
S3 VSS; C:\Windows\SysWOW64\vssvc.exe [1600512 2011-09-09] (Microsoft Corporation)
R2 wuauserv; C:\Windows\SysWOW64\wuaueng.dll [2420736 2011-09-09] (Microsoft Corporation)
S2 LMIRescue_8582d7cf-7f55-4379-87d7-4322d2643223; No ImagePath
S2 NTI IScheduleSvc; No ImagePath
S3 NTIBackupSvc; No ImagePath
S2 NTISchedulerSvc; No ImagePath
S2 SpyroService; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-16] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-05-20] (Echobit, LLC)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [36792 2011-03-16] (IObit Information Technology)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-04-10] (Synaptics Incorporated)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-18 00:41 - 2014-05-18 00:41 - 00000000 ____D () C:\FRST
2014-05-18 00:29 - 2014-05-18 00:29 - 00000310 _____ () C:\Windows\PFRO.log
2014-05-17 17:14 - 2014-05-06 14:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 17:14 - 2014-05-06 14:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 17:14 - 2014-05-06 13:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 17:14 - 2014-05-06 13:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 17:14 - 2014-05-06 13:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 17:14 - 2014-05-06 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 15:25 - 2014-03-01 14:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 14:30 - 2014-01-09 12:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-17 14:30 - 2014-01-04 08:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-16 17:49 - 2014-05-16 17:49 - 00001417 _____ () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 17:49 - 2014-05-16 17:49 - 00000000 ____D () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-16 17:43 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-16 17:40 - 2014-05-16 17:40 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 17:40 - 2014-05-16 17:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-16 17:40 - 2014-05-16 17:40 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-16 17:40 - 2014-05-16 17:40 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 17:40 - 2014-05-16 17:40 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 17:40 - 2014-05-16 17:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-16 17:40 - 2014-05-16 17:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 17:40 - 2014-05-16 17:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-16 17:40 - 2014-05-16 17:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-16 17:38 - 2014-05-16 17:43 - 00008272 _____ () C:\Windows\IE11_main.log
2014-05-16 17:37 - 2013-10-02 12:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-16 17:37 - 2013-10-02 12:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-16 17:37 - 2013-10-02 12:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-16 17:37 - 2013-10-02 11:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-16 17:37 - 2013-10-02 11:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-16 17:37 - 2013-10-02 11:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-16 17:37 - 2013-10-02 11:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-16 17:37 - 2013-10-02 10:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-16 17:37 - 2013-10-02 10:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-16 17:37 - 2013-10-02 10:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-16 17:37 - 2013-10-02 10:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-16 17:37 - 2013-10-02 10:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-16 17:37 - 2013-10-02 09:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-16 17:37 - 2013-10-02 09:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-16 17:37 - 2013-10-02 09:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-16 17:37 - 2013-10-02 08:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-16 17:34 - 2013-09-25 12:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-16 17:34 - 2013-09-25 11:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-16 17:20 - 2014-05-18 00:36 - 00000336 _____ () C:\Windows\setupact.log
2014-05-16 17:20 - 2014-05-16 17:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 17:18 - 2014-05-16 17:18 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-16 17:11 - 2014-05-16 17:13 - 88882192 _____ (AVAST Software) C:\Users\alev\Desktop\avast_free_antivirus_setup.exe
2014-05-16 17:09 - 2014-05-18 00:42 - 00252554 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 16:01 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-16 16:00 - 2014-05-18 00:18 - 00000000 ____D () C:\AdwCleaner
2014-05-16 10:30 - 2014-05-16 10:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-16 08:17 - 2014-05-16 08:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 08:17 - 2014-05-16 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 08:16 - 2014-05-16 08:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 08:16 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-16 08:16 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-16 07:59 - 2014-05-16 07:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 07:25 - 2014-05-16 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
2014-05-16 07:01 - 2014-05-16 07:01 - 00000000 ____D () C:\Users\alev\AppData\Roaming\AVAST Software
2014-05-16 06:57 - 2014-05-16 06:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-16 06:56 - 2014-05-16 17:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-16 06:56 - 2014-05-16 17:18 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 06:56 - 2014-05-16 17:18 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-16 06:56 - 2014-05-16 17:18 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400187441471
2014-05-16 06:56 - 2014-05-16 06:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400187441471
2014-05-16 06:56 - 2014-05-16 06:56 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-16 06:56 - 2014-05-16 06:56 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-16 06:56 - 2014-05-16 06:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-16 06:55 - 2014-05-16 06:55 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-16 06:53 - 2014-05-16 06:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-16 05:37 - 2014-05-16 05:37 - 04613416 _____ (TeamViewer) C:\Users\alev\Desktop\TeamViewerQS_en (1).exe
2014-05-16 05:36 - 2014-05-16 05:36 - 04613416 _____ (TeamViewer) C:\Users\alev\Downloads\TeamViewerQS_en.exe
2014-05-16 05:34 - 2014-05-16 05:34 - 00000000 ____D () C:\Users\alev\AppData\Local\Skype
2014-05-16 05:34 - 2014-05-16 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-16 05:27 - 2014-05-16 05:28 - 00000000 ___RD () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 05:20 - 2014-05-16 05:20 - 00000000 _____ () C:\asc_rdflag
2014-05-16 04:31 - 2014-05-16 05:28 - 00000000 ___RD () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 18:33 - 2014-05-15 18:33 - 00000072 _____ () C:\Users\Guest\Desktop\Run - Play it now at Coolmath-Games.com.url
2014-05-15 18:11 - 2014-05-09 16:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 18:11 - 2014-05-09 16:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 18:11 - 2014-03-25 12:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:11 - 2014-03-25 12:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 18:05 - 2014-04-12 12:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 18:05 - 2014-04-12 12:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 18:05 - 2014-04-12 12:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 18:05 - 2014-04-12 12:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 18:05 - 2014-04-12 12:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 18:05 - 2014-04-12 12:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 18:05 - 2014-04-12 12:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 18:05 - 2014-04-12 12:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 18:05 - 2014-04-12 12:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 18:05 - 2014-03-04 19:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 18:05 - 2014-03-04 19:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 18:05 - 2014-03-04 19:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 18:05 - 2014-03-04 19:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 18:05 - 2014-03-04 19:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 18:05 - 2014-03-04 19:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 18:05 - 2014-03-04 19:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 18:05 - 2014-03-04 19:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 18:05 - 2014-03-04 19:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 18:05 - 2014-03-04 19:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 18:05 - 2014-03-04 19:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 18:05 - 2014-03-04 19:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 18:05 - 2014-03-04 19:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 18:05 - 2014-03-04 19:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 18:05 - 2014-03-04 19:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 18:05 - 2014-03-04 19:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 18:05 - 2014-03-04 19:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 18:05 - 2014-03-04 19:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 18:05 - 2014-03-04 19:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 18:05 - 2014-03-04 19:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 18:05 - 2014-03-04 19:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-05 16:29 - 2014-05-05 16:29 - 00000162 ____H () C:\Users\alev\~$0) Doug Remy - Messages.htm
2014-05-05 16:23 - 2014-05-18 00:10 - 00159232 ___SH () C:\Users\alev\Thumbs.db
2014-05-05 16:15 - 2014-05-05 16:15 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-05 16:00 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-05 15:59 - 2014-05-05 15:59 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-05 15:59 - 2014-05-05 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-05 15:59 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-05 15:59 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-05 15:59 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-05 15:50 - 2014-05-05 15:50 - 00301496 _____ (VuuPC Limited) C:\Users\alev\AppData\Local\nsv517E.tmp
2014-05-05 15:02 - 2014-05-05 15:02 - 00145408 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcHdmi.sys
2014-05-05 15:02 - 2014-05-05 15:02 - 00006144 _____ () C:\Windows\system32\HdmiCoin.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 56270848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-05-05 15:00 - 2014-05-05 15:00 - 03872984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-05-05 15:00 - 2014-05-05 15:00 - 02792152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 01024216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 00946392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 00757301 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-05-05 15:00 - 2014-05-05 15:00 - 00624344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-05-05 14:59 - 2014-05-05 14:59 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-05-05 14:53 - 2014-05-05 14:53 - 00002862 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-05-05 14:53 - 2014-03-10 18:17 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2014-05-05 14:53 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2014-05-05 13:20 - 2014-05-05 13:20 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 13:20 - 2014-05-05 13:20 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 13:20 - 2014-05-05 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 13:20 - 2014-05-05 13:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 13:12 - 2014-05-05 13:12 - 00623928 _____ () C:\Users\alev\ccleaner-setup.exe
2014-05-05 13:12 - 2014-05-05 13:12 - 00000000 ____D () C:\Users\alev\AppData\Local\Avg2014
2014-05-04 21:58 - 2014-05-04 21:58 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-05-04 21:37 - 2014-05-16 05:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-20 16:21 - 2014-04-20 16:21 - 00000000 ____D () C:\Users\alev\Documents\Lightshot
2014-04-20 05:58 - 2014-04-20 05:58 - 00116231 _____ () C:\Users\alev\Desktop\Apple - Support - Topic Selection.htm
2014-04-20 05:58 - 2014-04-20 05:58 - 00000000 ____D () C:\Users\alev\Desktop\Apple - Support - Topic Selection_files
2014-04-20 05:30 - 2014-04-20 05:30 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-20 05:30 - 2014-04-20 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-20 05:28 - 2014-04-20 05:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-20 05:28 - 2014-04-20 05:29 - 00000000 ____D () C:\Program Files\iTunes
2014-04-20 05:28 - 2014-04-20 05:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-20 05:28 - 2014-04-20 05:28 - 00000000 ____D () C:\Program Files\iPod
2014-04-20 05:25 - 2014-04-20 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-04-20 04:37 - 2014-04-20 04:45 - 148885840 _____ (Apple Inc.) C:\Users\alev\Downloads\iTunes64Setup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-05-18 00:42 - 2014-05-16 17:09 - 00252554 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 00:41 - 2014-05-18 00:41 - 00000000 ____D () C:\FRST
2014-05-18 00:38 - 2010-05-10 17:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 00:37 - 2014-04-15 13:30 - 00000280 _____ () C:\Windows\Tasks\FF Watcher {9072BB77-2EC5-447F-ADFE-2B2EFC292E1B}.job
2014-05-18 00:37 - 2013-05-18 21:17 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-18 00:37 - 2010-11-24 12:16 - 00000398 _____ () C:\Windows\Tasks\AWC AutoSweep.job
2014-05-18 00:37 - 2010-08-23 18:21 - 00000404 _____ () C:\Windows\Tasks\AutoSmartDefrag.job
2014-05-18 00:36 - 2014-05-16 17:20 - 00000336 _____ () C:\Windows\setupact.log
2014-05-18 00:36 - 2011-12-29 08:02 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-18 00:36 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 00:34 - 2009-07-14 14:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 00:34 - 2009-07-14 14:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 00:29 - 2014-05-18 00:29 - 00000310 _____ () C:\Windows\PFRO.log
2014-05-18 00:25 - 2013-03-26 09:44 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-05-18 00:19 - 2012-11-29 01:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 00:18 - 2014-05-16 16:00 - 00000000 ____D () C:\AdwCleaner
2014-05-18 00:18 - 2012-06-15 05:11 - 00000000 ____D () C:\Users\alev\AppData\Roaming\CheckPoint
2014-05-18 00:10 - 2014-05-05 16:23 - 00159232 ___SH () C:\Users\alev\Thumbs.db
2014-05-18 00:04 - 2013-03-26 09:44 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-1651720748-2129956591-922140169-1000.job
2014-05-17 23:58 - 2010-05-10 17:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-17 23:45 - 2011-08-20 16:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000UA.job
2014-05-17 22:10 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-05-17 22:02 - 2012-06-05 21:29 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000UA.job
2014-05-17 21:44 - 2011-05-16 17:46 - 00000000 ____D () C:\Users\alev\AppData\Roaming\Skype
2014-05-17 14:30 - 2010-11-24 12:16 - 00000410 _____ () C:\Windows\Tasks\AWC Update.job
2014-05-17 10:02 - 2012-06-05 21:29 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000Core.job
2014-05-17 06:26 - 2010-05-11 18:45 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{41966482-0FBA-4580-AE10-38936B46F0A5}
2014-05-17 04:45 - 2011-08-20 16:34 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000Core.job
2014-05-16 17:49 - 2014-05-16 17:49 - 00001417 _____ () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 17:49 - 2014-05-16 17:49 - 00000000 ____D () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-16 17:48 - 2009-07-28 06:41 - 00000000 ____D () C:\Windows\Panther
2014-05-16 17:44 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-16 17:43 - 2014-05-16 17:38 - 00008272 _____ () C:\Windows\IE11_main.log
2014-05-16 17:40 - 2014-05-16 17:40 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-16 17:40 - 2014-05-16 17:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-16 17:40 - 2014-05-16 17:40 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-16 17:40 - 2014-05-16 17:40 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-16 17:40 - 2014-05-16 17:40 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-16 17:40 - 2014-05-16 17:40 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-16 17:40 - 2014-05-16 17:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-16 17:40 - 2014-05-16 17:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-16 17:40 - 2014-05-16 17:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-16 17:40 - 2014-05-16 17:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-16 17:40 - 2014-05-16 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-16 17:24 - 2014-05-16 06:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-16 17:20 - 2014-05-16 17:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 17:18 - 2014-05-16 17:18 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-16 17:18 - 2014-05-16 06:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 17:18 - 2014-05-16 06:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-16 17:18 - 2014-05-16 06:56 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-16 17:13 - 2014-05-16 17:11 - 88882192 _____ (AVAST Software) C:\Users\alev\Desktop\avast_free_antivirus_setup.exe
2014-05-16 16:34 - 2012-06-15 05:11 - 00000000 ____D () C:\Program Files\CheckPoint
2014-05-16 16:34 - 2012-06-15 05:02 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-05-16 16:33 - 2012-06-15 05:02 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-05-16 16:09 - 2010-08-18 19:33 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-05-16 16:03 - 2012-06-15 14:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\CheckPoint
2014-05-16 15:52 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\tracing
2014-05-16 10:30 - 2014-05-16 10:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-16 08:17 - 2014-05-16 08:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 08:17 - 2014-05-16 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-16 08:17 - 2014-05-16 08:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 08:16 - 2011-07-17 03:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 07:59 - 2014-05-16 07:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 07:57 - 2010-08-18 19:33 - 00000000 ____D () C:\Users\alev\AppData\Roaming\IObit
2014-05-16 07:56 - 2010-08-18 19:55 - 00000000 ____D () C:\ProgramData\IObit
2014-05-16 07:25 - 2014-05-16 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSobi v2
2014-05-16 07:16 - 2009-07-14 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:01 - 2014-05-16 07:01 - 00000000 ____D () C:\Users\alev\AppData\Roaming\AVAST Software
2014-05-16 06:57 - 2014-05-16 06:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-16 06:56 - 2014-05-16 06:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400187441471
2014-05-16 06:56 - 2014-05-16 06:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400187441471
2014-05-16 06:56 - 2014-05-16 06:56 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-16 06:56 - 2014-05-16 06:56 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-16 06:56 - 2014-05-16 06:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-16 06:56 - 2014-05-16 06:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-16 06:55 - 2014-05-16 06:55 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-16 06:53 - 2014-05-16 06:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-16 06:19 - 2013-07-12 17:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-16 06:19 - 2012-11-29 01:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 06:19 - 2011-09-11 17:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-16 05:37 - 2014-05-16 05:37 - 04613416 _____ (TeamViewer) C:\Users\alev\Desktop\TeamViewerQS_en (1).exe
2014-05-16 05:37 - 2013-03-13 11:19 - 00000000 ____D () C:\Users\alev\AppData\Roaming\TeamViewer
2014-05-16 05:36 - 2014-05-16 05:36 - 04613416 _____ (TeamViewer) C:\Users\alev\Downloads\TeamViewerQS_en.exe
2014-05-16 05:34 - 2014-05-16 05:34 - 00000000 ____D () C:\Users\alev\AppData\Local\Skype
2014-05-16 05:34 - 2014-05-16 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-16 05:34 - 2012-06-06 22:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-16 05:34 - 2011-05-16 17:46 - 00000000 ____D () C:\ProgramData\Skype
2014-05-16 05:28 - 2014-05-16 05:27 - 00000000 ___RD () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 05:28 - 2014-05-16 04:31 - 00000000 ___RD () C:\Users\alev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 05:21 - 2014-02-03 17:45 - 73510912 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-05-16 05:21 - 2014-02-03 17:44 - 34942976 _____ () C:\Windows\system32\config\components.iodefrag.bak
2014-05-16 05:21 - 2014-02-03 17:44 - 00651264 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-05-16 05:21 - 2014-02-03 17:44 - 00098304 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-05-16 05:21 - 2014-02-03 17:44 - 00028672 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-05-16 05:21 - 2010-05-10 14:42 - 00000000 ____D () C:\Users\alev
2014-05-16 05:20 - 2014-05-16 05:20 - 00000000 _____ () C:\asc_rdflag
2014-05-16 05:18 - 2014-05-04 21:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 05:17 - 2009-10-29 15:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 05:15 - 2013-08-25 13:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 05:12 - 2010-05-12 14:49 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-16 05:06 - 2011-09-09 21:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-16 04:40 - 2011-08-20 16:34 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000UA
2014-05-16 04:40 - 2011-08-20 16:34 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000Core
2014-05-15 18:33 - 2014-05-15 18:33 - 00000072 _____ () C:\Users\Guest\Desktop\Run - Play it now at Coolmath-Games.com.url
2014-05-11 07:53 - 2010-05-10 17:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 07:53 - 2010-05-10 17:15 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-11 07:49 - 2014-02-02 08:41 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-09 16:14 - 2014-05-15 18:11 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 16:11 - 2014-05-15 18:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 14:40 - 2014-05-17 17:14 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 14:17 - 2014-05-17 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 13:25 - 2014-05-17 17:14 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 13:07 - 2014-05-17 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 13:00 - 2014-05-17 17:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 12:10 - 2014-05-17 17:14 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 16:29 - 2014-05-05 16:29 - 00000162 ____H () C:\Users\alev\~$0) Doug Remy - Messages.htm
2014-05-05 16:22 - 2013-03-31 06:30 - 00000000 ____D () C:\Users\alev\(10) Doug Remy - Messages_files
2014-05-05 16:22 - 2011-12-21 14:57 - 00000000 ____D () C:\Users\alev\AppData\Roaming\Apple Computer
2014-05-05 16:19 - 2011-12-21 14:54 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-05 16:19 - 2011-12-21 14:54 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-05 16:15 - 2014-05-05 16:15 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-05-05 16:05 - 2011-10-08 07:47 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-05 16:00 - 2013-11-03 20:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-05 15:59 - 2014-05-05 15:59 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-05 15:59 - 2014-05-05 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-05 15:59 - 2011-08-20 16:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-05 15:50 - 2014-05-05 15:50 - 00301496 _____ (VuuPC Limited) C:\Users\alev\AppData\Local\nsv517E.tmp
2014-05-05 15:02 - 2014-05-05 15:02 - 00145408 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcHdmi.sys
2014-05-05 15:02 - 2014-05-05 15:02 - 00006144 _____ () C:\Windows\system32\HdmiCoin.dll
2014-05-05 15:02 - 2010-03-13 23:09 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-05-05 15:00 - 2014-05-05 15:00 - 56270848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-05-05 15:00 - 2014-05-05 15:00 - 03872984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-05-05 15:00 - 2014-05-05 15:00 - 02792152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 01024216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 00946392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-05-05 15:00 - 2014-05-05 15:00 - 00757301 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-05-05 15:00 - 2014-05-05 15:00 - 00624344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-05-05 14:59 - 2014-05-05 14:59 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-05-05 14:53 - 2014-05-05 14:53 - 00002862 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-05-05 14:26 - 2011-10-08 07:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-05 13:41 - 2014-04-15 13:47 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-05 13:20 - 2014-05-05 13:20 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-05 13:20 - 2014-05-05 13:20 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-05 13:20 - 2014-05-05 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-05 13:20 - 2014-05-05 13:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-05 13:12 - 2014-05-05 13:12 - 00623928 _____ () C:\Users\alev\ccleaner-setup.exe
2014-05-05 13:12 - 2014-05-05 13:12 - 00000000 ____D () C:\Users\alev\AppData\Local\Avg2014
2014-05-05 13:12 - 2011-10-08 07:48 - 00000000 ____D () C:\ProgramData\AVG2012
2014-05-05 13:12 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\Resources
2014-05-04 21:58 - 2014-05-04 21:58 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-05-04 21:58 - 2013-07-22 09:02 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-05-04 21:58 - 2013-03-15 11:34 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-04-20 16:21 - 2014-04-20 16:21 - 00000000 ____D () C:\Users\alev\Documents\Lightshot
2014-04-20 12:55 - 2009-07-14 15:08 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-20 06:43 - 2013-01-30 15:53 - 00000000 ____D () C:\Users\alev\AppData\Local\SecondLife
2014-04-20 06:43 - 2011-10-17 14:23 - 00000000 ____D () C:\9ff0558f0ab47c754751313800392bd4
2014-04-20 06:43 - 2011-10-11 11:42 - 00000000 ____D () C:\Users\alev\White Card Online_files
2014-04-20 06:43 - 2010-06-25 19:17 - 00000000 ____D () C:\508dfa8432f805d9d0
2014-04-20 06:24 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\registration
2014-04-20 05:58 - 2014-04-20 05:58 - 00116231 _____ () C:\Users\alev\Desktop\Apple - Support - Topic Selection.htm
2014-04-20 05:58 - 2014-04-20 05:58 - 00000000 ____D () C:\Users\alev\Desktop\Apple - Support - Topic Selection_files
2014-04-20 05:30 - 2014-04-20 05:30 - 00001747 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-04-20 05:30 - 2014-04-20 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-04-20 05:29 - 2014-04-20 05:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-20 05:29 - 2014-04-20 05:28 - 00000000 ____D () C:\Program Files\iTunes
2014-04-20 05:29 - 2014-04-20 05:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-20 05:28 - 2014-04-20 05:28 - 00000000 ____D () C:\Program Files\iPod
2014-04-20 05:25 - 2014-04-20 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-04-20 05:21 - 2010-03-13 23:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-04-20 05:21 - 2010-03-13 23:20 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-04-20 04:47 - 2011-12-21 14:54 - 00000000 ____D () C:\ProgramData\Apple
2014-04-20 04:45 - 2014-04-20 04:37 - 148885840 _____ (Apple Inc.) C:\Users\alev\Downloads\iTunes64Setup.exe
 
Files to move or delete:
====================
C:\Users\alev\ccleaner-setup.exe
C:\Users\alev\iTunes64Setup.exe
C:\Users\alev\SkypeSetup.exe
C:\Users\alev\TeamViewerQS_en.exe
 
 
Some content of TEMP:
====================
C:\Users\alev\AppData\Local\Temp\Quarantine.exe
C:\Users\alev\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-15 18:05] - [2014-03-04 19:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-16 21:28
 
==================== End Of Log ============================
 
 
 
Addition log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by alev at 2014-05-18 00:43:42
Running from C:\Users\alev\Desktop\Tech Programs
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1103 - Alps Electric)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVG 2012 (Version: 12.0.1831 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1834 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1872 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1890 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1901 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1913 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Windows Driver Package - Cmotech (cmusbnet) Net  (06/11/2007 2.0.0.9) (HKLM\...\51208688C66699298C32E38B6BFF92816EE798CA) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem  (06/08/2007 2.0.3.9) (HKLM\...\7404D4336C2B621F88A2B25CE6577572A8BBD25A) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Driver Package - Cmotech Ports  (06/08/2007 2.0.3.9) (HKLM\...\2021A90B4F2D70AB98CFBF428E09767703FD455E) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Family Safety (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
 
==================== Restore Points  =========================
 
15-05-2014 21:13:51 Removed IObit Apps Toolbar v9.2.
15-05-2014 21:19:23 Removed SpyroPortalDriver
15-05-2014 21:22:42 Removed Backup Manager Basic.
15-05-2014 21:23:18 Removed D3DX10
15-05-2014 21:24:26 Removed eSobi v2.
15-05-2014 21:25:28 Removed Facebook Video Calling 2.0.0.447
15-05-2014 21:28:58 Removed ZoneAlarm Antivirus
15-05-2014 21:30:05 Removed ZoneAlarm Firewall
15-05-2014 21:30:40 Removed ZoneAlarm Security
16-05-2014 07:15:39 avast! antivirus system restore point
16-05-2014 07:34:57 Windows Update
17-05-2014 07:13:50 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 12:34 - 2010-08-18 19:21 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0A2072EE-3614-4B00-9731-F0C40CB3AAD3} - \DSite No Task File <==== ATTENTION
Task: {2382D0F5-4CB5-4A05-8A95-1890DB53966B} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {34CD88ED-3080-411D-B27A-6959D96CC7A2} - System32\Tasks\FF Watcher {9072BB77-2EC5-447F-ADFE-2B2EFC292E1B} => C:\Program Files\V-bates\PrefHelper.exe
Task: {36F75A5B-0FAF-4132-A79B-F66687E2BBB6} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-04-10] (IObit)
Task: {416EFF4A-E6C7-44B2-8ADD-7FEDE09FB41E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000UA => C:\Users\alev\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18] (Google Inc.)
Task: {4D1417E0-E502-4BB9-82CA-4E091D2BC9B1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000UA => C:\Users\alev\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5BB57DE8-E454-49FF-BA1D-A3A4C8A60EAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-22] (Piriform Ltd)
Task: {5ECC0110-EC98-4B7B-8298-9138CDD259E3} - \Dealply No Task File <==== ATTENTION
Task: {62CA9F18-2E0B-418E-AE32-805B6D62C10E} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {6F1FCAB3-7E9C-4141-BE91-657CBB284740} - System32\Tasks\{4A62FF87-B9C1-40D3-A593-89FAD19C7B51} => C:\FarmVilleBot_2.1\farmvillebot.exe
Task: {809AB044-4692-45CE-B049-C89B836BE882} - System32\Tasks\update-S-1-5-21-1651720748-2129956591-922140169-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {80AE06EC-23D1-4AA9-91B5-E468B3C014F0} - System32\Tasks\AutoSmartDefrag => C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: {83BDBABB-249A-4BEE-86E2-7853E9962903} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {852937A2-7064-4A9E-9053-FFEF56B466A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23] (Google Inc.)
Task: {86D621EE-17EE-4E63-B8CD-57A77F205828} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8B7699B9-217D-44B4-9B03-637A7A764F61} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000Core => C:\Users\alev\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18] (Google Inc.)
Task: {8E449CAE-3207-4D84-9626-BC1A2D030A6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {969020B6-B608-4C5A-A8E1-50A284396D15} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {A9363411-DCC4-4DCA-8510-832D93210664} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {AB4B5D2C-4C14-42CE-9599-5A1AEDA0C4D1} - System32\Tasks\{597B53E8-F628-41EE-BE94-7304EFF58A02} => C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
Task: {AFCEF26B-F608-4692-9707-61FA0E81DBCE} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {B112B3BB-4AD6-445B-A5D0-659C20854800} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000Core => C:\Users\alev\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B57BDE35-8811-46AB-B48C-A53314161F1C} - \BrowserProtect No Task File <==== ATTENTION
Task: {BD97E73F-BD23-4130-BCE3-5748A7C1BC7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23] (Google Inc.)
Task: {CF69803A-3019-4344-818B-7C61BC77AAB1} - System32\Tasks\{F151F75F-748F-452B-8D88-F7ABB12DE998} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {D57BC07B-1808-4025-80C8-2D95EAFEC9EE} - System32\Tasks\AWC AutoSweep => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: {DCE18405-7E8F-4631-81CF-B9EFFD78DE11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {E45ACC71-FCB6-4DAC-8A5B-84B3E3F59B63} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-16] (AVAST Software)
Task: {EE03ED36-2BB7-4F3C-A4DD-D8BE408AA305} - System32\Tasks\AWC Update => C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe
Task: {F150DEBB-7058-439E-81C3-15408C684A68} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {FE080F91-597E-4E7B-9232-6DAE98BE18B2} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {FED8E17F-4EA4-469D-B351-0713CDBFADF8} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoSmartDefrag.job => C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: C:\Windows\Tasks\AWC AutoSweep.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: C:\Windows\Tasks\AWC Update.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000Core.job => C:\Users\alev\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000UA.job => C:\Users\alev\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FF Watcher {9072BB77-2EC5-447F-ADFE-2B2EFC292E1B}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000Core.job => C:\Users\alev\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1651720748-2129956591-922140169-1000UA.job => C:\Users\alev\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1651720748-2129956591-922140169-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-17 21:44 - 2014-05-17 21:44 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051700\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-16 06:56 - 2014-05-16 06:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-24 09:54 - 2014-04-24 09:54 - 00052416 _____ () C:\Program Files (x86)\Comodo\Dragon\chrome_elf.dll
2014-04-24 09:55 - 2014-04-24 09:55 - 00908992 _____ () C:\Program Files (x86)\Comodo\Dragon\libglesv2.dll
2014-04-24 09:55 - 2014-04-24 09:55 - 00109248 _____ () C:\Program Files (x86)\Comodo\Dragon\libegl.dll
2014-04-24 09:55 - 2014-04-24 09:55 - 00895680 _____ () C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
2014-05-16 06:19 - 2014-05-16 06:19 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97545176.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97545176.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\startupreg: LightShot => C:\Users\alev\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/18/2014 00:28:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Desktop.exe, version: 9.0.28223.0, time stamp: 0x535a38bb
Faulting module name: TeamViewer_Desktop.exe, version: 9.0.28223.0, time stamp: 0x535a38bb
Exception code: 0xc0000005
Fault offset: 0x0027bdfe
Faulting process id: 0x122c
Faulting application start time: 0xTeamViewer_Desktop.exe0
Faulting application path: TeamViewer_Desktop.exe1
Faulting module path: TeamViewer_Desktop.exe2
Report Id: TeamViewer_Desktop.exe3
 
Error: (05/18/2014 00:18:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Desktop.exe, version: 9.0.28223.0, time stamp: 0x535a38bb
Faulting module name: TeamViewer_Desktop.exe, version: 9.0.28223.0, time stamp: 0x535a38bb
Exception code: 0xc0000005
Fault offset: 0x00167c80
Faulting process id: 0x1104
Faulting application start time: 0xTeamViewer_Desktop.exe0
Faulting application path: TeamViewer_Desktop.exe1
Faulting module path: TeamViewer_Desktop.exe2
Report Id: TeamViewer_Desktop.exe3
 
Error: (05/17/2014 10:46:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Service.exe, version: 9.0.28223.0, time stamp: 0x535a3a70
Faulting module name: TeamViewer_Service.exe, version: 9.0.28223.0, time stamp: 0x535a3a70
Exception code: 0x40000015
Fault offset: 0x0029b5a9
Faulting process id: 0x590
Faulting application start time: 0xTeamViewer_Service.exe0
Faulting application path: TeamViewer_Service.exe1
Faulting module path: TeamViewer_Service.exe2
Report Id: TeamViewer_Service.exe3
 
Error: (05/17/2014 00:33:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/17/2014 00:31:53 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (05/17/2014 00:30:39 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (05/16/2014 05:52:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/16/2014 05:50:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/16/2014 05:35:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (05/16/2014 04:13:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Service.exe, version: 9.0.28223.0, time stamp: 0x535a3a70
Faulting module name: TeamViewer_Service.exe, version: 9.0.28223.0, time stamp: 0x535a3a70
Exception code: 0x40000015
Fault offset: 0x0029b5a9
Faulting process id: 0x990
Faulting application start time: 0xTeamViewer_Service.exe0
Faulting application path: TeamViewer_Service.exe1
Faulting module path: TeamViewer_Service.exe2
Report Id: TeamViewer_Service.exe3
 
 
System errors:
=============
Error: (05/18/2014 00:37:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%2
 
Error: (05/18/2014 00:37:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/18/2014 00:36:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NTI Backup Now 5 Scheduler Service service failed to start due to the following error: 
%%3
 
Error: (05/18/2014 00:36:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NTI IScheduleSvc service failed to start due to the following error: 
%%3
 
Error: (05/18/2014 00:36:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Rescue (8582d7cf-7f55-4379-87d7-4322d2643223) service failed to start due to the following error: 
%%3
 
Error: (05/18/2014 00:36:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1053
 
Error: (05/18/2014 00:36:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect.
 
Error: (05/18/2014 00:31:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%2
 
Error: (05/18/2014 00:31:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/18/2014 00:31:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NTI Backup Now 5 Scheduler Service service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-18 00:36:11.330
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-18 00:36:11.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-18 00:30:19.705
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-18 00:30:19.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-17 17:18:45.533
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-17 17:18:45.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-17 10:44:41.152
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-17 10:44:41.043
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-16 17:46:12.182
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-16 17:46:12.072
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 4024.93 MB
Available physical RAM: 2328.68 MB
Total Pagefile: 8048.03 MB
Available Pagefile: 6238.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:285.3 GB) (Free:187.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3A7B3A7B)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 17 May 2014 - 09:49 AM

I want to let you know.. the current running AV is Avast... there has been a lot of other AV's all piled on top of each other, all running at the same time this past year



#5 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 18 May 2014 - 08:39 PM

Just checking in :)



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:26 PM

Posted 18 May 2014 - 10:06 PM

Hello,

 

1.

First off I would uninstall Google Chrome and reinstall it. Make sure to let it delete any thing it wants. Chrome has so many bad extensions it just need reinstalled.

 

2.Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   5.67KB   4 downloads

 

 

How is the machine running now? Do you have Comodo installed and using it?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 18 May 2014 - 10:47 PM

I removed Chrome 100%, did not reinstall. Also removed Dragon 100% and did not reinstall.

 

I downloaded and installed SuperBird.. as it works better (less flash crashes) from my experience. The only other browser installed (other then IE) is Nightly (FF 64bit).

 

Computer is faster and smoother without a doubt.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by alev at 2014-05-19 13:28:35 Run:1
Running from C:\Users\alev\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [ISW] => [X]
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - {15B81C52-1414-46E6-811F-63B590F0AC0A} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
SearchScopes: HKCU - {7CF502E4-5401-44CD-A7F6-212D3CBEEBB9} URL = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -  No File
Toolbar: HKLM - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: linkscanner - No CLSID Value - 
Handler: ms-itss - No CLSID Value - 
Handler-x32: linkscanner - No CLSID Value - 
Handler-x32: ms-itss - No CLSID Value - 
FF DefaultSearchEngine: Search Protect Search
FF SelectedSearchEngine: Search Protect Search
FF Extension: zonealarm.com - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\ffxtlbr@zonealarm.com [2012-06-15]
FF Extension: Greasemonkey - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011-09-21]
FF Extension: Friendly Gaming Simplifier - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\friendlygamingsimplifier@flies.xpi [2011-07-20]
FF Extension: Scriptish - C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\scriptish@erikvold.com.xpi [2011-09-21]
S2 LMIRescue_8582d7cf-7f55-4379-87d7-4322d2643223; No ImagePath
S2 NTI IScheduleSvc; No ImagePath
S3 NTIBackupSvc; No ImagePath
S2 NTISchedulerSvc; No ImagePath
S2 SpyroService; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
C:\Users\alev\ccleaner-setup.exe
C:\Users\alev\iTunes64Setup.exe
C:\Users\alev\SkypeSetup.exe
C:\Users\alev\TeamViewerQS_en.exe
 Task: {0A2072EE-3614-4B00-9731-F0C40CB3AAD3} - \DSite No Task File <==== ATTENTION
Task: {2382D0F5-4CB5-4A05-8A95-1890DB53966B} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {36F75A5B-0FAF-4132-A79B-F66687E2BBB6} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-04-10] (IObit)
C:\Program Files (x86)\IObit
Task: {5ECC0110-EC98-4B7B-8298-9138CDD259E3} - \Dealply No Task File <==== ATTENTION
Task: {62CA9F18-2E0B-418E-AE32-805B6D62C10E} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {80AE06EC-23D1-4AA9-91B5-E468B3C014F0} - System32\Tasks\AutoSmartDefrag => C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: {83BDBABB-249A-4BEE-86E2-7853E9962903} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {969020B6-B608-4C5A-A8E1-50A284396D15} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {B57BDE35-8811-46AB-B48C-A53314161F1C} - \BrowserProtect No Task File <==== ATTENTION
Task: {D57BC07B-1808-4025-80C8-2D95EAFEC9EE} - System32\Tasks\AWC AutoSweep => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: {F150DEBB-7058-439E-81C3-15408C684A68} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {FE080F91-597E-4E7B-9232-6DAE98BE18B2} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {FED8E17F-4EA4-469D-B351-0713CDBFADF8} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AutoSmartDefrag.job => C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: C:\Windows\Tasks\AWC AutoSweep.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe
Task: C:\Windows\Tasks\AWC Update.job => C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe
 
 
 
 
 
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISW => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{099EF85B-3260-4b87-9239-33355EE6A548} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{099EF85B-3260-4b87-9239-33355EE6A548} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ab8681be-ae18-495c-a313-769e79b9f006} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ab8681be-ae18-495c-a313-769e79b9f006} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15B81C52-1414-46E6-811F-63B590F0AC0A} => Key not found.
HKCR\CLSID\{15B81C52-1414-46E6-811F-63B590F0AC0A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} => Key not found.
HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6140FD62-1392-4E19-9586-289C309B7497} => Key not found.
HKCR\CLSID\{6140FD62-1392-4E19-9586-289C309B7497} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CF502E4-5401-44CD-A7F6-212D3CBEEBB9} => Key not found.
HKCR\CLSID\{7CF502E4-5401-44CD-A7F6-212D3CBEEBB9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ab8681be-ae18-495c-a313-769e79b9f006} => Key not found.
HKCR\CLSID\{ab8681be-ae18-495c-a313-769e79b9f006} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D1C16AF1-2FE0-4AF3-A445-80ADA3BAF859} => Key not found.
HKCR\CLSID\{D1C16AF1-2FE0-4AF3-A445-80ADA3BAF859} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F73DB076-882C-4212-A1C7-82EBA086FB14} => Key not found.
HKCR\CLSID\{F73DB076-882C-4212-A1C7-82EBA086FB14} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} => Key deleted successfully.
HKCR\CLSID\{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value deleted successfully.
HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\Handler: linkscanner - No CLSID Value - => Key not found.
HKCR\PROTOCOLS\Handler\Handler: ms-itss - No CLSID Value - => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\Handler-x32: linkscanner - No CLSID Value - => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\Handler-x32: ms-itss - No CLSID Value - => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\ffxtlbr@zonealarm.com => Moved successfully.
C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} => Moved successfully.
C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\friendlygamingsimplifier@flies.xpi => Moved successfully.
C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\Extensions\scriptish@erikvold.com.xpi => Moved successfully.
LMIRescue_8582d7cf-7f55-4379-87d7-4322d2643223 => Service deleted successfully.
NTI IScheduleSvc => Service deleted successfully.
NTIBackupSvc => Service deleted successfully.
NTISchedulerSvc => Service deleted successfully.
SpyroService => Service deleted successfully.
RtsUIR => Service deleted successfully.
USBCCID => Service deleted successfully.
C:\Users\alev\ccleaner-setup.exe => Moved successfully.
C:\Users\alev\iTunes64Setup.exe => Moved successfully.
C:\Users\alev\SkypeSetup.exe => Moved successfully.
C:\Users\alev\TeamViewerQS_en.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A2072EE-3614-4B00-9731-F0C40CB3AAD3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A2072EE-3614-4B00-9731-F0C40CB3AAD3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2382D0F5-4CB5-4A05-8A95-1890DB53966B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2382D0F5-4CB5-4A05-8A95-1890DB53966B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36F75A5B-0FAF-4132-A79B-F66687E2BBB6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36F75A5B-0FAF-4132-A79B-F66687E2BBB6} => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => Key deleted successfully.
 
"C:\Program Files (x86)\IObit" directory move:
 
Could not move "C:\Program Files (x86)\IObit\Protected Folder\PfCheckService.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\IObit\Protected Folder\ProtectedFolder.exe" => Scheduled to move on reboot.
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll => Moved successfully.
C:\Program Files (x86)\IObit\Game Booster\GBV3ContextMenu.dll => Moved successfully.
Could not move "C:\Program Files (x86)\IObit" directory. => Scheduled to move on reboot.
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ECC0110-EC98-4B7B-8298-9138CDD259E3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ECC0110-EC98-4B7B-8298-9138CDD259E3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62CA9F18-2E0B-418E-AE32-805B6D62C10E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62CA9F18-2E0B-418E-AE32-805B6D62C10E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80AE06EC-23D1-4AA9-91B5-E468B3C014F0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80AE06EC-23D1-4AA9-91B5-E468B3C014F0} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoSmartDefrag => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoSmartDefrag => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83BDBABB-249A-4BEE-86E2-7853E9962903} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83BDBABB-249A-4BEE-86E2-7853E9962903} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{969020B6-B608-4C5A-A8E1-50A284396D15} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{969020B6-B608-4C5A-A8E1-50A284396D15} => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM) => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (SYSTEM) => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B57BDE35-8811-46AB-B48C-A53314161F1C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B57BDE35-8811-46AB-B48C-A53314161F1C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D57BC07B-1808-4025-80C8-2D95EAFEC9EE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D57BC07B-1808-4025-80C8-2D95EAFEC9EE} => Key deleted successfully.
C:\Windows\System32\Tasks\AWC AutoSweep => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AWC AutoSweep => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F150DEBB-7058-439E-81C3-15408C684A68} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F150DEBB-7058-439E-81C3-15408C684A68} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE080F91-597E-4E7B-9232-6DAE98BE18B2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE080F91-597E-4E7B-9232-6DAE98BE18B2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FED8E17F-4EA4-469D-B351-0713CDBFADF8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FED8E17F-4EA4-469D-B351-0713CDBFADF8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
C:\Windows\Tasks\AutoSmartDefrag.job => Moved successfully.
C:\Windows\Tasks\AWC AutoSweep.job => Moved successfully.
C:\Windows\Tasks\AWC Update.job => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-19 13:32:12)<=
 
C:\Program Files (x86)\IObit\Protected Folder\PfCheckService.exe => Is moved successfully.
C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys => Is moved successfully.
C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll => Is moved successfully.
C:\Program Files (x86)\IObit\Protected Folder\ProtectedFolder.exe => Is moved successfully.
C:\Program Files (x86)\IObit => Moved successfully.
 
==== End of Fixlog ====


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:26 PM

Posted 19 May 2014 - 06:20 PM

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is  checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 19 May 2014 - 08:09 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by alev on Tue 20/05/2014 at 10:53:03.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1651720748-2129956591-922140169-1000\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1651720748-2129956591-922140169-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1651720748-2129956591-922140169-1000\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\alev\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\alev\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\alev\music\qtrax media library"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 20/05/2014 at 11:06:30.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:26 PM

Posted 19 May 2014 - 08:57 PM

eset log?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 19 May 2014 - 09:37 PM

scan is at 97%... will post as soon as done. 37 infections found at the moment



#12 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 19 May 2014 - 10:39 PM

looks like we are stuck at the same place.. 99% System.Workflow.Runtime.dll   141 threats found so far.  2 hour 25 minute run time so far



#13 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 20 May 2014 - 07:11 AM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5211495b4a5baf4c9fcaf71963433a33
# engine=18282
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-16 05:47:20
# local_time=2014-05-16 03:47:20 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 76 32939 35494 0 0
# compatibility_mode=5893 16776574 100 94 25774629 151852690 0 0
# compatibility_mode=9217 16776893 100 13 45412069 49629974 0 0
# scanned=241691
# found=222
# cleaned=0
# scan_time=18587
sh=DB1C8E852F46071B2163E77F88966B7951A2CE59 ft=1 fh=fcd24e9a58665dd2 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\tbZyng.dll"
sh=B241C2DC635E63ADA4A5E3AE886B07C029386CC1 ft=1 fh=86426a94a8c8b676 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files (x86)\Uninstall IObit Toolbar.dll"
sh=22AB17783F12E85DE60512B3476FF498CF7C7119 ft=1 fh=2ab1e730e929b09e vn="Win32/Toolbar.Montiera.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\escortShld.dll"
sh=5DB9A1D5E2EDE47CCF64395B7C143DA1F131DBA0 ft=1 fh=b4aae99a820de3e1 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmApp.dll"
sh=0DEAE74BE0139389C266572C8152400BA56963A2 ft=1 fh=cf5880eaedf887b2 vn="probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmEng.dll"
sh=5E27F7CE65EBE8955FD7D91CEDD3EFEF260BF002 ft=1 fh=2db2d4b03e1e7668 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmsrv.exe"
sh=CD1F22AA8594C1E64154E685D7361020407A6456 ft=1 fh=eaf00696d299c311 vn="a variant of Win32/Toolbar.Montiera.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll"
sh=F0345EC15A617389227F4CB0827B7594BA478389 ft=1 fh=fb5f3001714d4739 vn="a variant of Win32/Toolbar.Escort.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll"
sh=BE2B9F60C0C22D10D03720451C0AD4DCFB153806 ft=1 fh=2ab1e730ae33b57a vn="Win32/Toolbar.Montiera.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\escortShld.dll"
sh=9CB411B941E5D981AD03F20A235A9B12AA9E2500 ft=1 fh=c34c8922cff978a7 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll"
sh=A1A1FB734C06F94A4DDB04F9DDF6B2CC4544A3EF ft=1 fh=ad770adcb4fd8b40 vn="probably a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll"
sh=88D9903025D0B7ACEB71F20A9F0072A817EB0F4B ft=1 fh=28d3aba9dd98986a vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmsrv.exe"
sh=4D8009A1CD88C57ABBD0DAF4CA65FD5AB642466A ft=1 fh=efbe008d77ca4685 vn="a variant of Win32/Toolbar.Montiera.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll"
sh=FBA4A75CEB214265D5B00C8804BEBC47B19677A8 ft=1 fh=7fc2e3cfe141dcc9 vn="a variant of Win32/Toolbar.Escort.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll"
sh=8B1B26A3AC6481F55CDE95B008296D9374258426 ft=1 fh=b03f54bd321b7bee vn="a variant of Win64/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe"
sh=33A4D0A7E63D9988E08BAAD3678F5EDA20F346C0 ft=1 fh=db048542d00a7511 vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth180.dll"
sh=BD3566A4EB3D64936EA7F15EF6679BB6D587A2AC ft=1 fh=9c23c83f3ac2e489 vn="a variant of Win32/Toolbar.Widgi.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth182.dll"
sh=5B6F246BD861CF6C62A76B82932C34CA2466998F ft=1 fh=c72b40a18e58326a vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx180.dll"
sh=1EF51F94D1463257FAB867F833F9627B1F2179E9 ft=1 fh=312febd221f04416 vn="a variant of Win64/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx182.dll"
sh=1EC0A3F220F026513E421FA17DF90936C8EBAD48 ft=1 fh=d7325a4bb0bb2d0a vn="a variant of Win32/ELEX.Q potentially unwanted application" ac=I fn="C:\Program Files (x86)\Desk 365\deskplusdl.exe"
sh=07DE12B5FEF6138878A1C04BA45BA0A19382A92A ft=1 fh=a13fd6062ad29c48 vn="a variant of Win32/ELEX.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\Desk 365\deskSvc.exe"
sh=B28B58E2C0800096B77EF4C88B7F6B045200DEF7 ft=1 fh=740fdc12a68e4b5c vn="a variant of Win32/ELEX.Q potentially unwanted application" ac=I fn="C:\Program Files (x86)\Desk 365\WinZipperdl.exe"
sh=26B127840CEAB90DEE0D263E889DB892A4973A4C ft=1 fh=b8a296f727e4fb79 vn="Win32/Toolbar.Widgi.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\IObit\Smart Defrag 2\smart-defrag-3-free.exe"
sh=580B85C50C36B4F1CFD9A9BB671E290ADDFE4720 ft=1 fh=0b4e6b0fccc6cfd1 vn="Win32/Toolbar.Widgi.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\IObit\Smart Defrag 3\SDUpgrate.exe"
sh=E988ADA1F88C4D228850E11F6503416B2B475816 ft=1 fh=fa78f74fb5f93ace vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Program Files (x86)\IObit Toolbar\WidgiHelper.exe"
sh=203301D21FA80631DC64C169AE27287B6D10EEB0 ft=1 fh=23998c4571c94c82 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll"
sh=B22B0FDB9EAA6FF5543977749EA8556D665EAB07 ft=1 fh=984b2a66bce13008 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\alev\ccleaner-setup.exe"
sh=D8C8A345A2EE08A0E283E8EEC7A39E4AEDE1E0A1 ft=1 fh=5b3a9a23dbe51dfc vn="Win32/AnyProtect.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\AnyProtectScannerSetup.exe"
sh=D2566076D557C4907CAAE941FAB004C89F36D7AD ft=1 fh=6512f26d13eeab32 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll"
sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Toolbar.Conduit.Z potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllmkpieefobacaineiimjahccjeakab\10.26.9.505_0\APISupport\APISupport.dll"
sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Toolbar.Conduit.Z potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\10.26.9.505_0\APISupport\APISupport.dll"
sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Toolbar.Conduit.Z potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\joickoplpbbacjmfflffakdlfjfpppbn\10.26.9.505_0\APISupport\APISupport.dll"
sh=B4A39527D5BE35E9C965A797EA062B7420E4E757 ft=1 fh=01a929d2d3c7eceb vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\BrowserHelper.exe"
sh=874FAF5D9C88BC251A111EDF91970B05F3A39E55 ft=1 fh=2500624eb58f0027 vn="a variant of Win32/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\QuickShare.exe"
sh=B8ED7C92EAC8A2698072E32DBF0097E07CB4231F ft=1 fh=6b4ba25f8f076471 vn="a variant of Win32/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll"
sh=4864FB24E70391683B10672765AA079D1F7BFAFC ft=1 fh=830ce39920255a77 vn="a variant of MSIL/Toolbar.Linkury.C potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll"
sh=B0E5CFE54619FDA4835E8DB921205446E0A83DC5 ft=1 fh=4e0c3c06983d0623 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll"
sh=B0E5CFE54619FDA4835E8DB921205446E0A83DC5 ft=1 fh=4e0c3c06983d0623 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll"
sh=002D89D5C9B46FCBBA74AAB62DD45C3F2ECC3560 ft=1 fh=16155bf0aff79d16 vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll"
sh=002D89D5C9B46FCBBA74AAB62DD45C3F2ECC3560 ft=1 fh=16155bf0aff79d16 vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll"
sh=88627DFA3627D4523F061FC52A4D73F97B6FA7C3 ft=1 fh=8a4113a4708e9f99 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe"
sh=D2566076D557C4907CAAE941FAB004C89F36D7AD ft=1 fh=6512f26d13eeab32 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll"
sh=759700F7F89FC84CFCDA39177858A22E1948E459 ft=1 fh=a4de2bf4442b3043 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll"
sh=385BAB8C872180D6EB4616A55EB4603EC7D40FDB ft=1 fh=bb96c627c6a6c637 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll"
sh=5D6E7EB385F68BE4379DDD774049E2BE9E7CE785 ft=1 fh=b0865ffb9722133d vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll"
sh=F5FBBCD9D42D2D7F150C788EE05C25177F968F42 ft=1 fh=d85cc08c7026e265 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll"
sh=BFA0D944405BCD3C42C89A9DAF18BB71D8C70330 ft=1 fh=c210abd8cc5133a0 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll"
sh=B78A4856E70FEA3D7AC5B80269BE6C77C7BF3BFD ft=1 fh=b1abe46a27e1578c vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll"
sh=34C6B470845D638632C42A3363C1F72E84465B29 ft=1 fh=077672ee1716228e vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll"
sh=1A1F530B63B7BB2F509EB52E28F069A2F1D0F85E ft=1 fh=16bac54076a8e8ac vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll"
sh=68D7D042BADCE64294292667B916598A71B93C76 ft=1 fh=bbbb574705617060 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll"
sh=4576ECDA8F607F2A25DE8CD9961BE0B036850FEF ft=1 fh=9ae0aca80761571c vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Temp\7053663.Uninstall\uninstaller.exe"
sh=9A410921289A1F04D167E9225BEBBA8E10D01AEC ft=1 fh=d7f32839e8ba4aac vn="a variant of Win32/ELEX.Y potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Roaming\Desk 365\update\desk365_update_v1.13.20.exe"
sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="a variant of Win32/ELEX.Q potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Roaming\eIntaller\AF0421F4B4CF4440A0687C3057236A4D\Desk365.exe"
sh=F37FDAAD49B857DC99DCEDB9603915502237F567 ft=1 fh=ae37f09b0a9f5c78 vn="a variant of Win32/ELEX.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Roaming\eIntaller\AF0421F4B4CF4440A0687C3057236A4D\eXQ.exe"
sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="a variant of Win32/ELEX.Q potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Roaming\eIntaller\DA896CC293454aebA0C1DD1FCB93D61F\Desk365.exe"
sh=872371DFF0867247BA9970AF63586913B4F97ADB ft=1 fh=73cec1bea8ed5dcd vn="a variant of Win32/ELEX.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Roaming\eIntaller\DA896CC293454aebA0C1DD1FCB93D61F\eXQ-nt.exe"
sh=D92C57559952B5609CFD4AE448FCC4F8C5FBBAD0 ft=1 fh=918726450a13feff vn="a variant of Win32/ELEX.D potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Roaming\eUpdate\9F490BECA5C442ba9F70D58E9CCF4E47\eXQ.exe"
sh=CE40044E85267AA25D507FDD8018F33525D911AF ft=1 fh=536d2439e9ec5db0 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (1).exe"
sh=CE40044E85267AA25D507FDD8018F33525D911AF ft=1 fh=536d2439e9ec5db0 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (2).exe"
sh=CE40044E85267AA25D507FDD8018F33525D911AF ft=1 fh=536d2439e9ec5db0 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (3).exe"
sh=008AC90A5801BFD8B9CE8461D4B72CCFE0849A50 ft=1 fh=7435f503dafe0ed9 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (4).exe"
sh=D5D8C00EA49AA0455C4507AB8FAA0B7CFF3C6FA4 ft=1 fh=ba487aeb357dec5c vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (6).exe"
sh=D5D8C00EA49AA0455C4507AB8FAA0B7CFF3C6FA4 ft=1 fh=ba487aeb357dec5c vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup.exe"
sh=FF06B2B1EDF5CF5CDADDB97659145D3366EBB6FD ft=1 fh=b2cbb1eb79eda15f vn="a variant of Win32/Toolbar.Babylon.A potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Babylon9_setup.exe"
sh=B45806F85A8EFA8AA923A09B28B26EE1FCFD97BA ft=1 fh=021ef04e4af54844 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\alev\Downloads\ccsetup309.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\alev\Downloads\ccsetup410.exe"
sh=38684AF52CC8444AF7FC25F42B6FF080B3B9FDE5 ft=1 fh=d62914b20dec82d7 vn="Win32/ELEX.AH potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\defragsetup (2).exe"
sh=9EA4FB6754C0DB0149263054DC5D2F63763EB974 ft=1 fh=02a97964f6b54c04 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\defragsetup.exe"
sh=95AB3FFC8F2790E2EF36E74FA46759AD2028F4A1 ft=1 fh=8cdad9ab49f33f03 vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\DownloadManagerSetup.exe"
sh=61EE1B5BCBBE47481846B99556606F36745A0D80 ft=1 fh=03fa67b481068b8c vn="Win32/Somoto.N potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\FLVPlayerSetup-0Mlckkiv.exe"
sh=B694002EF559B65168DA0624FC3E57F17F52A6F1 ft=1 fh=ae354c74f75e6bed vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\gb3-setup.exe"
sh=E5515986D8BCE10A2E6183FCAADDD88E0A18CA7A ft=1 fh=ed7dd496aaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iLividSetup (1).exe"
sh=BECC5DDD3353CF2BB7DB724C2AC1914113DCBDB6 ft=1 fh=9dbf728faaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iLividSetup.exe"
sh=77448469E4769A0E2F935F4501CDDE0CF553C181 ft=1 fh=8d541920aaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iLividSetupV1.exe"
sh=5B81D203D1D50310377FAEA84E2D4EFFA6220EA4 ft=1 fh=1ba71fd126f88f61 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (1).exe"
sh=3834AF5782457C4B996CA65E7D890B65FFE5085F ft=1 fh=c574194b29fd2cd3 vn="Win32/ELEX.AH potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (2).exe"
sh=D739A132DE20E472DB3BAFEF6EACA89D476ACF53 ft=1 fh=7597c78a7cbb2991 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (3).exe"
sh=7B54600CE9BC528D8ED4E188EFAEC0AC7F2AF41D ft=1 fh=9a7e4bf52c8fb458 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (5).exe"
sh=5B81D203D1D50310377FAEA84E2D4EFFA6220EA4 ft=1 fh=1ba71fd126f88f61 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup.exe"
sh=48FDDFE6180AE796F9132594D7FA6A2EAEAF74C6 ft=1 fh=6607d605be937689 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iobit-malware-fighter.exe"
sh=3CEFDC5B786B1E943F1FD24E1D60A4EABD42A169 ft=1 fh=29bd68b9a0e9076c vn="Win32/Conduit.SearchProtect.J potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\MefoGames (1).exe"
sh=3CEFDC5B786B1E943F1FD24E1D60A4EABD42A169 ft=1 fh=29bd68b9a0e9076c vn="Win32/Conduit.SearchProtect.J potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\MefoGames.exe"
sh=38684AF52CC8444AF7FC25F42B6FF080B3B9FDE5 ft=1 fh=d62914b20dec82d7 vn="Win32/ELEX.AH potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\sd-setup.exe"
sh=CBACE807076FBE8AE0660AF70F655AB58D5FFD09 ft=1 fh=dacc44cd65a0b7e6 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\sd2-setup220.exe"
sh=B37B52285DE862B7CAEA96BB8EB99D9B10DE236F ft=1 fh=1dbf7062960066bb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\alev\Downloads\Shockwave_Installer_Slim (12).exe"
sh=71C886E5F0BFB0F242D3E02304ADA96CBB4D9562 ft=1 fh=637e5a5d430bcc7d vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\speedupmypc (1).exe"
sh=71C886E5F0BFB0F242D3E02304ADA96CBB4D9562 ft=1 fh=637e5a5d430bcc7d vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\speedupmypc.exe"
sh=A86692D7F4E3867C133A127A6AE5F8C70D9C47C3 ft=1 fh=b798e306b89d1af5 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\SweetImSetup (1).exe"
sh=A86692D7F4E3867C133A127A6AE5F8C70D9C47C3 ft=1 fh=b798e306b89d1af5 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\SweetImSetup.exe"
sh=D8E0C0A08FF54CF83F46C8929A9E7AD91F520729 ft=1 fh=ecba1b82376352ba vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\TB_Myga.exe"
sh=203DC55D22F8B641565D92113AED0CEE84CD6636 ft=1 fh=a5c82d9e7cb612e7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\zafwSetupWeb_102_057_000.exe"
sh=A6C007A1B3ADF6B691CBA35C1B5E06CAB772AB35 ft=1 fh=aed2bdfc0ee55c76 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\zafwSetupWeb_110_000_020.exe"
sh=250B4E37B04BFA6D7F03E87141E36BAA390959CF ft=1 fh=3e7276355491703c vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Zynga (1).exe"
sh=AEC63748F4BBFF838E66D1233739377BAD5D6306 ft=1 fh=39338f2cbda77e58 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Zynga (2).exe"
sh=250B4E37B04BFA6D7F03E87141E36BAA390959CF ft=1 fh=3e7276355491703c vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Zynga.exe"
sh=9A31361A8E665768CD36CDBDBEE6EDC0AB560BA6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\background.html"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\LocalLow\Zynga\ldrtbZyn0.dll"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\LocalLow\Zynga\tbZyn0.dll"
sh=42C28E041EA5F8B06D4857E8E6FCA75ABD4BCF2F ft=1 fh=b55fe72874790c5f vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\LocalLow\Zynga\tbZyn1.dll"
sh=B7834647BE262D1898B89558C2442D9C89B6F017 ft=1 fh=6989ca68f9046391 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe"
sh=361B603F16EBD044A8F204B0DC54BF3FFE87FD20 ft=1 fh=33f5d3aa832a1492 vn="MSIL/Solimba potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\FLV_Media_Player.exe"
sh=12168217658D979A3F01F795FD1F145AA2BC524D ft=1 fh=892c702710192eaa vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\FreeMediaPlayerSetup-f48DhhK.exe"
sh=2503B8A7CE5A931F6CC2C4CEB724E820A74AA7BE ft=1 fh=416224cf4b192bd1 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\playpickle-setup.exe"
sh=60E0D78EC88176F4AA757324EA3FCE4EFBD6BDD2 ft=1 fh=95d7322c65db3c55 vn="Win32/Toolbar.Inbox.A potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\TVSetup.exe"
sh=EF4F46C62420301ECD8D8C5CF443CC037E0DB51B ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows\Installer\1428e49.msi"
sh=0F950F135F45C37872EAB7D88DCA5603C5550017 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.F potentially unwanted application" ac=I fn="C:\Windows\Installer\e084d.msi"
sh=F1415AEB192ED973E172F99A52CBB5DE75A234B8 ft=1 fh=621225464339a142 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\System32\MovieMode.48CA2AEFA22D.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=DEF60FE302E425147F0888F0DA34D646FE7D348D ft=1 fh=f334bd1e4085a8cf vn="Win32/SweetIM.E potentially unwanted application" ac=I fn="C:\Windows\System32\ARFC\wrtc.exe"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt125E.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt199A.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt2C03.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3997.tmp"
sh=32819260669654E77A33E82FB2D3436AB395DC1B ft=1 fh=bd27f76db58b3631 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt41E3.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt42DB.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt49CB.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt4FCF.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt56CC.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5BFE.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6552.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6A3B.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7020.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt76C4.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7869.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7F6B.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt80F1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt819F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8239.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8323.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt84B9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt857F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8593.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8686.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt892B.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8A06.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8BE9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8DFC.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E2B.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E98.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt93D5.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9423.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt956B.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9BE1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9CB0.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA02C.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA23F.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA340.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA592.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA987.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAA74.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAB6.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAD10.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtADDE.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtB309.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD8F8.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtFB43.tmp"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Zynga\ldrtbZyn0.dll"
sh=07438AD608CF6EE5F601C55679835DD2C93B413A ft=1 fh=8de9c2755f6a8399 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Zynga\tbZyn0.dll"
sh=694A6C4A6C09151E896340FBD6597A3DF837CBAF ft=1 fh=439deba0b906930a vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\Windows\System32\WNLT\Installation\WSSetup.exe"
sh=F1415AEB192ED973E172F99A52CBB5DE75A234B8 ft=1 fh=621225464339a142 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=DEF60FE302E425147F0888F0DA34D646FE7D348D ft=1 fh=f334bd1e4085a8cf vn="Win32/SweetIM.E potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\ARFC\wrtc.exe"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt125E.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt199A.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt2C03.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3997.tmp"
sh=32819260669654E77A33E82FB2D3436AB395DC1B ft=1 fh=bd27f76db58b3631 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt41E3.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt42DB.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt49CB.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt4FCF.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt56CC.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5BFE.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6552.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6A3B.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7020.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt76C4.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7869.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7F6B.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt80F1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt819F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8239.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8323.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt84B9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt857F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8593.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8686.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt892B.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8A06.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8BE9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8DFC.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E2B.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E98.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt93D5.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9423.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt956B.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9BE1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9CB0.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA02C.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA23F.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA340.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA592.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA987.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAA74.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAB6.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAD10.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtADDE.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtB309.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD8F8.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtFB43.tmp"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Zynga\ldrtbZyn0.dll"
sh=07438AD608CF6EE5F601C55679835DD2C93B413A ft=1 fh=8de9c2755f6a8399 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Zynga\tbZyn0.dll"
sh=694A6C4A6C09151E896340FBD6597A3DF837CBAF ft=1 fh=439deba0b906930a vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe"
sh=DAD922BFAA2B67278CA3E859D51B6FFAA1C0A8E1 ft=1 fh=61b3aebd44d52cef vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\Temp\IObitAppsToolbar.exe"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5211495b4a5baf4c9fcaf71963433a33
# engine=18282
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-17 12:26:10
# local_time=2014-05-17 10:26:10 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 76 0 102624 0 0
# compatibility_mode=5893 16776573 100 94 0 151919820 0 0
# scanned=231366
# found=197
# cleaned=0
# scan_time=59527
sh=E988ADA1F88C4D228850E11F6503416B2B475816 ft=1 fh=fa78f74fb5f93ace vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Toolbar\WidgiHelper.exe.vir"
sh=203301D21FA80631DC64C169AE27287B6D10EEB0 ft=1 fh=23998c4571c94c82 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Toolbar\IE\4.4\iobitToolbarIE.dll.vir"
sh=D8C8A345A2EE08A0E283E8EEC7A39E4AEDE1E0A1 ft=1 fh=5b3a9a23dbe51dfc vn="Win32/AnyProtect.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=D2566076D557C4907CAAE941FAB004C89F36D7AD ft=1 fh=6512f26d13eeab32 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir"
sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Toolbar.Conduit.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllmkpieefobacaineiimjahccjeakab\10.26.9.505_0\APISupport\APISupport.dll.vir"
sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Toolbar.Conduit.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\10.26.9.505_0\APISupport\APISupport.dll.vir"
sh=DA8C384EEFD7FE4FE271A611EF0443F980FB2C9E ft=1 fh=678d83e5795ef47a vn="a variant of Win32/Toolbar.Conduit.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\joickoplpbbacjmfflffakdlfjfpppbn\10.26.9.505_0\APISupport\APISupport.dll.vir"
sh=B4A39527D5BE35E9C965A797EA062B7420E4E757 ft=1 fh=01a929d2d3c7eceb vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=874FAF5D9C88BC251A111EDF91970B05F3A39E55 ft=1 fh=2500624eb58f0027 vn="a variant of Win32/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\QuickShare.exe.vir"
sh=B8ED7C92EAC8A2698072E32DBF0097E07CB4231F ft=1 fh=6b4ba25f8f076471 vn="a variant of Win32/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=4864FB24E70391683B10672765AA079D1F7BFAFC ft=1 fh=830ce39920255a77 vn="a variant of MSIL/Toolbar.Linkury.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir"
sh=B0E5CFE54619FDA4835E8DB921205446E0A83DC5 ft=1 fh=4e0c3c06983d0623 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=B0E5CFE54619FDA4835E8DB921205446E0A83DC5 ft=1 fh=4e0c3c06983d0623 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=002D89D5C9B46FCBBA74AAB62DD45C3F2ECC3560 ft=1 fh=16155bf0aff79d16 vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=002D89D5C9B46FCBBA74AAB62DD45C3F2ECC3560 ft=1 fh=16155bf0aff79d16 vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=88627DFA3627D4523F061FC52A4D73F97B6FA7C3 ft=1 fh=8a4113a4708e9f99 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir"
sh=D2566076D557C4907CAAE941FAB004C89F36D7AD ft=1 fh=6512f26d13eeab32 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=759700F7F89FC84CFCDA39177858A22E1948E459 ft=1 fh=a4de2bf4442b3043 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=385BAB8C872180D6EB4616A55EB4603EC7D40FDB ft=1 fh=bb96c627c6a6c637 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=5D6E7EB385F68BE4379DDD774049E2BE9E7CE785 ft=1 fh=b0865ffb9722133d vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=F5FBBCD9D42D2D7F150C788EE05C25177F968F42 ft=1 fh=d85cc08c7026e265 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=BFA0D944405BCD3C42C89A9DAF18BB71D8C70330 ft=1 fh=c210abd8cc5133a0 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir"
sh=B78A4856E70FEA3D7AC5B80269BE6C77C7BF3BFD ft=1 fh=b1abe46a27e1578c vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=34C6B470845D638632C42A3363C1F72E84465B29 ft=1 fh=077672ee1716228e vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=1A1F530B63B7BB2F509EB52E28F069A2F1D0F85E ft=1 fh=16bac54076a8e8ac vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=68D7D042BADCE64294292667B916598A71B93C76 ft=1 fh=bbbb574705617060 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=4576ECDA8F607F2A25DE8CD9961BE0B036850FEF ft=1 fh=9ae0aca80761571c vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=9A410921289A1F04D167E9225BEBBA8E10D01AEC ft=1 fh=d7f32839e8ba4aac vn="a variant of Win32/ELEX.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\Desk 365\update\desk365_update_v1.13.20.exe.vir"
sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="a variant of Win32/ELEX.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\AF0421F4B4CF4440A0687C3057236A4D\Desk365.exe.vir"
sh=F37FDAAD49B857DC99DCEDB9603915502237F567 ft=1 fh=ae37f09b0a9f5c78 vn="a variant of Win32/ELEX.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\AF0421F4B4CF4440A0687C3057236A4D\eXQ.exe.vir"
sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="a variant of Win32/ELEX.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\DA896CC293454aebA0C1DD1FCB93D61F\Desk365.exe.vir"
sh=872371DFF0867247BA9970AF63586913B4F97ADB ft=1 fh=73cec1bea8ed5dcd vn="a variant of Win32/ELEX.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\DA896CC293454aebA0C1DD1FCB93D61F\eXQ-nt.exe.vir"
sh=D92C57559952B5609CFD4AE448FCC4F8C5FBBAD0 ft=1 fh=918726450a13feff vn="a variant of Win32/ELEX.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eUpdate\9F490BECA5C442ba9F70D58E9CCF4E47\eXQ.exe.vir"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\Zynga\ldrtbZyn0.dll.vir"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\Zynga\tbZyn0.dll.vir"
sh=42C28E041EA5F8B06D4857E8E6FCA75ABD4BCF2F ft=1 fh=b55fe72874790c5f vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\Zynga\tbZyn1.dll.vir"
sh=DEF60FE302E425147F0888F0DA34D646FE7D348D ft=1 fh=f334bd1e4085a8cf vn="Win32/SweetIM.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=694A6C4A6C09151E896340FBD6597A3DF837CBAF ft=1 fh=439deba0b906930a vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\WSSetup.exe.vir"
sh=B22B0FDB9EAA6FF5543977749EA8556D665EAB07 ft=1 fh=984b2a66bce13008 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\alev\ccleaner-setup.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Temp\7053663.Uninstall\uninstaller.exe"
sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\CUninstallerZA.exe"
sh=CE40044E85267AA25D507FDD8018F33525D911AF ft=1 fh=536d2439e9ec5db0 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (1).exe"
sh=CE40044E85267AA25D507FDD8018F33525D911AF ft=1 fh=536d2439e9ec5db0 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (2).exe"
sh=CE40044E85267AA25D507FDD8018F33525D911AF ft=1 fh=536d2439e9ec5db0 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (3).exe"
sh=008AC90A5801BFD8B9CE8461D4B72CCFE0849A50 ft=1 fh=7435f503dafe0ed9 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (4).exe"
sh=D5D8C00EA49AA0455C4507AB8FAA0B7CFF3C6FA4 ft=1 fh=ba487aeb357dec5c vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup (6).exe"
sh=D5D8C00EA49AA0455C4507AB8FAA0B7CFF3C6FA4 ft=1 fh=ba487aeb357dec5c vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\asc-setup.exe"
sh=FF06B2B1EDF5CF5CDADDB97659145D3366EBB6FD ft=1 fh=b2cbb1eb79eda15f vn="a variant of Win32/Toolbar.Babylon.A potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Babylon9_setup.exe"
sh=B45806F85A8EFA8AA923A09B28B26EE1FCFD97BA ft=1 fh=021ef04e4af54844 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\alev\Downloads\ccsetup309.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\alev\Downloads\ccsetup410.exe"
sh=38684AF52CC8444AF7FC25F42B6FF080B3B9FDE5 ft=1 fh=d62914b20dec82d7 vn="Win32/ELEX.AH potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\defragsetup (2).exe"
sh=9EA4FB6754C0DB0149263054DC5D2F63763EB974 ft=1 fh=02a97964f6b54c04 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\defragsetup.exe"
sh=95AB3FFC8F2790E2EF36E74FA46759AD2028F4A1 ft=1 fh=8cdad9ab49f33f03 vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\DownloadManagerSetup.exe"
sh=61EE1B5BCBBE47481846B99556606F36745A0D80 ft=1 fh=03fa67b481068b8c vn="Win32/Somoto.N potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\FLVPlayerSetup-0Mlckkiv.exe"
sh=B694002EF559B65168DA0624FC3E57F17F52A6F1 ft=1 fh=ae354c74f75e6bed vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\gb3-setup.exe"
sh=E5515986D8BCE10A2E6183FCAADDD88E0A18CA7A ft=1 fh=ed7dd496aaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iLividSetup (1).exe"
sh=BECC5DDD3353CF2BB7DB724C2AC1914113DCBDB6 ft=1 fh=9dbf728faaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iLividSetup.exe"
sh=77448469E4769A0E2F935F4501CDDE0CF553C181 ft=1 fh=8d541920aaa50cda vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iLividSetupV1.exe"
sh=5B81D203D1D50310377FAEA84E2D4EFFA6220EA4 ft=1 fh=1ba71fd126f88f61 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (1).exe"
sh=3834AF5782457C4B996CA65E7D890B65FFE5085F ft=1 fh=c574194b29fd2cd3 vn="Win32/ELEX.AH potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (2).exe"
sh=D739A132DE20E472DB3BAFEF6EACA89D476ACF53 ft=1 fh=7597c78a7cbb2991 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (3).exe"
sh=7B54600CE9BC528D8ED4E188EFAEC0AC7F2AF41D ft=1 fh=9a7e4bf52c8fb458 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup (5).exe"
sh=5B81D203D1D50310377FAEA84E2D4EFFA6220EA4 ft=1 fh=1ba71fd126f88f61 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\imf-setup.exe"
sh=48FDDFE6180AE796F9132594D7FA6A2EAEAF74C6 ft=1 fh=6607d605be937689 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\iobit-malware-fighter.exe"
sh=3CEFDC5B786B1E943F1FD24E1D60A4EABD42A169 ft=1 fh=29bd68b9a0e9076c vn="Win32/Conduit.SearchProtect.J potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\MefoGames (1).exe"
sh=3CEFDC5B786B1E943F1FD24E1D60A4EABD42A169 ft=1 fh=29bd68b9a0e9076c vn="Win32/Conduit.SearchProtect.J potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\MefoGames.exe"
sh=38684AF52CC8444AF7FC25F42B6FF080B3B9FDE5 ft=1 fh=d62914b20dec82d7 vn="Win32/ELEX.AH potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\sd-setup.exe"
sh=CBACE807076FBE8AE0660AF70F655AB58D5FFD09 ft=1 fh=dacc44cd65a0b7e6 vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\sd2-setup220.exe"
sh=B37B52285DE862B7CAEA96BB8EB99D9B10DE236F ft=1 fh=1dbf7062960066bb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\alev\Downloads\Shockwave_Installer_Slim (12).exe"
sh=71C886E5F0BFB0F242D3E02304ADA96CBB4D9562 ft=1 fh=637e5a5d430bcc7d vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\speedupmypc (1).exe"
sh=71C886E5F0BFB0F242D3E02304ADA96CBB4D9562 ft=1 fh=637e5a5d430bcc7d vn="Win32/SpeedUpMyPC potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\speedupmypc.exe"
sh=A86692D7F4E3867C133A127A6AE5F8C70D9C47C3 ft=1 fh=b798e306b89d1af5 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\SweetImSetup (1).exe"
sh=A86692D7F4E3867C133A127A6AE5F8C70D9C47C3 ft=1 fh=b798e306b89d1af5 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\SweetImSetup.exe"
sh=D8E0C0A08FF54CF83F46C8929A9E7AD91F520729 ft=1 fh=ecba1b82376352ba vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\TB_Myga.exe"
sh=203DC55D22F8B641565D92113AED0CEE84CD6636 ft=1 fh=a5c82d9e7cb612e7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\zafwSetupWeb_102_057_000.exe"
sh=A6C007A1B3ADF6B691CBA35C1B5E06CAB772AB35 ft=1 fh=aed2bdfc0ee55c76 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\zafwSetupWeb_110_000_020.exe"
sh=250B4E37B04BFA6D7F03E87141E36BAA390959CF ft=1 fh=3e7276355491703c vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Zynga (1).exe"
sh=AEC63748F4BBFF838E66D1233739377BAD5D6306 ft=1 fh=39338f2cbda77e58 vn="Win32/Toolbar.Conduit.M potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Zynga (2).exe"
sh=250B4E37B04BFA6D7F03E87141E36BAA390959CF ft=1 fh=3e7276355491703c vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\alev\Downloads\Zynga.exe"
sh=9A31361A8E665768CD36CDBDBEE6EDC0AB560BA6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.D potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\background.html"
sh=B7834647BE262D1898B89558C2442D9C89B6F017 ft=1 fh=6989ca68f9046391 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\Users\Guest\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe"
sh=361B603F16EBD044A8F204B0DC54BF3FFE87FD20 ft=1 fh=33f5d3aa832a1492 vn="MSIL/Solimba potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\FLV_Media_Player.exe"
sh=12168217658D979A3F01F795FD1F145AA2BC524D ft=1 fh=892c702710192eaa vn="Win32/Somoto.A potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\FreeMediaPlayerSetup-f48DhhK.exe"
sh=2503B8A7CE5A931F6CC2C4CEB724E820A74AA7BE ft=1 fh=416224cf4b192bd1 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\playpickle-setup.exe"
sh=60E0D78EC88176F4AA757324EA3FCE4EFBD6BDD2 ft=1 fh=95d7322c65db3c55 vn="Win32/Toolbar.Inbox.A potentially unwanted application" ac=I fn="C:\Users\Guest\Downloads\TVSetup.exe"
sh=EF4F46C62420301ECD8D8C5CF443CC037E0DB51B ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application" ac=I fn="C:\Windows\Installer\1428e49.msi"
sh=0F950F135F45C37872EAB7D88DCA5603C5550017 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.F potentially unwanted application" ac=I fn="C:\Windows\Installer\e084d.msi"
sh=F1415AEB192ED973E172F99A52CBB5DE75A234B8 ft=1 fh=621225464339a142 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\System32\MovieMode.48CA2AEFA22D.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt125E.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt199A.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt2C03.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3997.tmp"
sh=32819260669654E77A33E82FB2D3436AB395DC1B ft=1 fh=bd27f76db58b3631 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt41E3.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt42DB.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt49CB.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt4FCF.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt56CC.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5BFE.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6552.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6A3B.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7020.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt76C4.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7869.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7F6B.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt80F1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt819F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8239.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8323.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt84B9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt857F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8593.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8686.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt892B.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8A06.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8BE9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8DFC.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E2B.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E98.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt93D5.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9423.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt956B.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9BE1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9CB0.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA02C.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA23F.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA340.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA592.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA987.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAA74.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAB6.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAD10.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtADDE.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtB309.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD8F8.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtFB43.tmp"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Zynga\ldrtbZyn0.dll"
sh=07438AD608CF6EE5F601C55679835DD2C93B413A ft=1 fh=8de9c2755f6a8399 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Zynga\tbZyn0.dll"
sh=F1415AEB192ED973E172F99A52CBB5DE75A234B8 ft=1 fh=621225464339a142 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt125E.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt199A.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt2C03.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3997.tmp"
sh=32819260669654E77A33E82FB2D3436AB395DC1B ft=1 fh=bd27f76db58b3631 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt41E3.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt42DB.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt49CB.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt4FCF.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt56CC.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5BFE.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6552.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6A3B.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7020.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt76C4.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7869.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7F6B.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt80F1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt819F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8239.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8323.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt84B9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt857F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8593.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8686.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt892B.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8A06.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8BE9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8DFC.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E2B.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E98.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt93D5.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9423.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt956B.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9BE1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9CB0.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA02C.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA23F.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA340.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA592.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA987.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAA74.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAB6.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAD10.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtADDE.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtB309.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD8F8.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtFB43.tmp"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Zynga\ldrtbZyn0.dll"
sh=07438AD608CF6EE5F601C55679835DD2C93B413A ft=1 fh=8de9c2755f6a8399 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Zynga\tbZyn0.dll"
sh=DAD922BFAA2B67278CA3E859D51B6FFAA1C0A8E1 ft=1 fh=61b3aebd44d52cef vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\Temp\IObitAppsToolbar.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5211495b4a5baf4c9fcaf71963433a33
# engine=18330
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-20 05:21:29
# local_time=2014-05-20 03:21:29 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 76 0 379543 0 0
# compatibility_mode=5893 16776573 100 94 0 152196739 0 0
# scanned=230115
# found=141
# cleaned=90
# scan_time=14896
sh=F1415AEB192ED973E172F99A52CBB5DE75A234B8 ft=1 fh=621225464339a142 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.dll"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt125E.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt199A.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt2C03.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3997.tmp"
sh=32819260669654E77A33E82FB2D3436AB395DC1B ft=1 fh=bd27f76db58b3631 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt41E3.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt42DB.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt49CB.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt4FCF.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt56CC.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5BFE.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6552.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6A3B.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7020.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt76C4.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7869.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7F6B.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt80F1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt819F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8239.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8323.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt84B9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt857F.tmp"
sh=AA0095A9766CE272A105A511098346B00762FB9E ft=1 fh=a6274f6541b356f6 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8593.tmp"
sh=6300EF9F6E7765587AC13BC96918B97EB4C6FF81 ft=1 fh=44cda52ead1e88c2 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8686.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt892B.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8A06.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8BE9.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8DFC.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E2B.tmp"
sh=E255B76878C4971C05C628BD82900851D3F826F7 ft=1 fh=3e6a422d64a689bc vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E98.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt93D5.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9423.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt956B.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9BE1.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9CB0.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA02C.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA23F.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA340.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA592.tmp"
sh=E2D36AF177C3943F0C87A592AF6745063A5D110D ft=1 fh=d0a15644b98a0533 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA987.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAA74.tmp"
sh=6099886661B554653217CFF4E8145E490600A18A ft=1 fh=6266a5bfb1a91b7a vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAB6.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAD10.tmp"
sh=A5F3D9499334E831B01688E91894C10FDAD6AE50 ft=1 fh=47a90f4439f5a0ea vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtADDE.tmp"
sh=2B790226A07534A1FEEF63827BB4F08149051436 ft=1 fh=81ab39081f895c07 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtB309.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD8F8.tmp"
sh=EC3A45BB1796D1221C4CFDD794C2BD9099F15AAA ft=1 fh=be552283bb388d19 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtFB43.tmp"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Zynga\ldrtbZyn0.dll"
sh=07438AD608CF6EE5F601C55679835DD2C93B413A ft=1 fh=8de9c2755f6a8399 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Zynga\tbZyn0.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcgmidjhhnnjikpigolabhacfngibde\10.26.9.505_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Linkury.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Linkury.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/ELEX.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\Desk 365\update\desk365_update_v1.13.20.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/ELEX.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\AF0421F4B4CF4440A0687C3057236A4D\Desk365.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/ELEX.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\AF0421F4B4CF4440A0687C3057236A4D\eXQ.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/ELEX.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\DA896CC293454aebA0C1DD1FCB93D61F\Desk365.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/ELEX.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eIntaller\DA896CC293454aebA0C1DD1FCB93D61F\eXQ-nt.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/ELEX.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\alev\AppData\Roaming\eUpdate\9F490BECA5C442ba9F70D58E9CCF4E47\eXQ.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\Zynga\ldrtbZyn0.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\Zynga\tbZyn0.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\Zynga\tbZyn1.dll.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/SweetIM.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Perion.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\WSSetup.exe.vir"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\alev\ccleaner-setup.exe.xBAD"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\alev\AppData\Local\Temp\7053663.Uninstall\uninstaller.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\alev\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\CUninstallerZA.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Perion.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\background.html"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Conduit.S potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Guest\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="MSIL/Solimba potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Guest\Downloads\FLV_Media_Player.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Somoto.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Guest\Downloads\FreeMediaPlayerSetup-f48DhhK.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Guest\Downloads\playpickle-setup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Toolbar.Inbox.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Guest\Downloads\TVSetup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\1428e49.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/SweetIM.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\e084d.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/Adware.PullUpdate.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\MovieMode.48CA2AEFA22D.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt125E.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt199A.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt2C03.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt3997.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt41E3.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt42DB.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt49CB.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt4FCF.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt56CC.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5BFE.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6552.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt6A3B.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7020.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt76C4.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7869.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt7F6B.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt80F1.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt819F.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8239.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8323.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt84B9.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt857F.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8593.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8686.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt892B.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8A06.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8BE9.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8DFC.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E2B.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt8E98.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt93D5.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9423.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt956B.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9BE1.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt9CB0.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA02C.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA23F.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA340.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA592.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtA987.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAA74.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAB6.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtAD10.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtADDE.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtB309.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtD8F8.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtFB43.tmp"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Zynga\ldrtbZyn0.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Zynga\tbZyn0.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\Temp\IObitAppsToolbar.exe"


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:26 PM

Posted 21 May 2014 - 05:39 PM

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Bela70

Bela70
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 21 May 2014 - 10:09 PM

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 22/05/2014

Scan Time: 10:47:48 AM

Logfile:

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.21.10

Rootkit Database: v2014.05.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: alev

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 381994

Time Elapsed: 57 min, 21 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 28

PUP.Optional.VBates, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, Quarantined, [a56968ec1962f2449e1cc46940c2728e],

PUP.Optional.VBates, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, Quarantined, [a56968ec1962f2449e1cc46940c2728e],

PUP.Optional.QuickShare.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [789630242a519e98ac10ff61a260f30d],

PUP.Optional.QuickShare.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [789630242a519e98ac10ff61a260f30d],

PUP.Optional.QuickShare.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [789630242a519e98ac10ff61a260f30d],

PUP.Optional.HomePageProtector.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, Quarantined, [f01e74e03f3c2f0745a7f03a689a1ce4],

PUP.Optional.HomePageProtector.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, Quarantined, [f01e74e03f3c2f0745a7f03a689a1ce4],

PUP.Optional.HomePageProtector.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{336D0C35-8A85-403A-B9D2-65C292C39087}, Quarantined, [f01e74e03f3c2f0745a7f03a689a1ce4],

PUP.Optional.HomePageProtector.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{336D0C35-8A85-403A-B9D2-65C292C39087}, Quarantined, [f01e74e03f3c2f0745a7f03a689a1ce4],

PUP.Optional.Wajam.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [9e70f2624833dc5ac0d32e00b74bf10f],

PUP.Optional.Wajam.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [9e70f2624833dc5ac0d32e00b74bf10f],

PUP.Optional.SweetPacks, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [0806351f1a61b284fd989995dc26ab55],

PUP.Optional.SweetPacks, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [0806351f1a61b284fd989995dc26ab55],

PUP.Optional.PricePeep.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, Quarantined, [c94589cb314a4fe7d1ab124ebb471ce4],

PUP.Optional.PricePeep.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, Quarantined, [c94589cb314a4fe7d1ab124ebb471ce4],

PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [8985015335462e08e8a56f50c142e818],

PUP.Optional.DataMngr.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [4cc287cde497d56195bc22963cc78b75],

PUP.Optional.DealPly.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, Quarantined, [59b5e173e6950531fbe25e5bd52eb947],

PUP.Optional.CrossRider.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [f41a2232c5b667cf728118b41fe41be5],

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [ff0fca8ab2c966d09aff533326dcf40c],

PUP.Optional.GiantSavings.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Giant Savings Extension, Quarantined, [6ba381d384f79f9712777a5b56ad0df3],

PUP.Optional.PriceGong.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [5cb29cb8daa137ff29ab14880af8f60a],

PUP.Optional.PricePeep.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, Quarantined, [1af46aea304bed49ec7bacf914ee2dd3],

PUP.Optional.ShoppingSideKick.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Shopping Sidekick, Quarantined, [50be153f314a83b3b8902f59f111e41c],

PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [8589f0643e3d9e98b80c7a1f6a984cb4],

PUP.Optional.BProtector.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [d43a3e1632493ef81b8f9d1ee81bf60a],

PUP.Optional.SweetIM.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [ee2080d47cff2511441eccedc73ca15f],

PUP.Optional.InstallBrain.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Quarantined, [f816db790675d462ace17f40b94a41bf],

 

Registry Values: 6

PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://search.findwide.com/?guid={9BF1C21F-C75E-42FB-ACC2-1EA504A7F11F}&action=homepage_search, Quarantined, [44ca1440f38865d159608d3c82816e92]

PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, Quarantined, [8985015335462e08e8a56f50c142e818],

PUP.BProtector, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://www.claro-search.com/?affID=117455&tt=4812_1&babsrc=HP_ss&mntrId=eaad16d400000000000000262d942943, Quarantined, [13fb243082f9fa3cd57dbff9c34037c9]

PUP.BProtector, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Quarantined, [68a6c39194e7e25430239c1ca65d37c9]

PUP.Optional.SweetIM.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {2687EC8E-204A-4521-838E-36867627A6C7}, Quarantined, [ee2080d47cff2511441eccedc73ca15f]

PUP.Optional.InstallBrain.A, HKU\S-1-5-21-1651720748-2129956591-922140169-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, Quarantined, [f816db790675d462ace17f40b94a41bf],

 

Registry Data: 1

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[40ced77db1ca1e188577a5add62eee12]

 

Folders: 4

PUP.Optional.Conduit.A, C:\Users\alev\AppData\Local\Temp\CT2296675, Quarantined, [67a712422c4fa195564c21537290da26],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\SOMOTOMOVIESTOOLBAR181, Quarantined, [fd11de76a7d451e54aa70b6e51b1c937],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Local\SOMOTOMOVIESTOOLBAR181, Quarantined, [cc42aea6a3d8ba7c2b01bbca7a8850b0],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Local\SOMOTOMOVIESTOOLBAR181\GC, Quarantined, [cc42aea6a3d8ba7c2b01bbca7a8850b0],

 

Files: 13

PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [a46a7dd71d5e4fe7244e063752ae35cb],

PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [a06e3d176b101d19bd1b152cae5628d8],

PUP.Optional.SweetIM, C:\Windows\Installer\e0852.msi, Quarantined, [b75753015b200a2c69ff0b6b80848f71],

PUP.Optional.SupraSavings.A, C:\Windows\Installer\14a40b.msi, Quarantined, [22ec5df74734c571d701ab967f85d927],

PUP.Optional.Conduit.A, C:\Users\alev\AppData\Local\Temp\CT2296675\CT2296675.txt, Quarantined, [67a712422c4fa195564c21537290da26],

PUP.Optional.Conduit.A, C:\Users\alev\AppData\Local\Temp\CT2296675\initData.json, Quarantined, [67a712422c4fa195564c21537290da26],

PUP.Optional.Conduit.A, C:\Users\alev\AppData\Local\Temp\CT2296675\manifest.json, Quarantined, [67a712422c4fa195564c21537290da26],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\somotomoviestoolbar181\apnuserid.dat, Quarantined, [fd11de76a7d451e54aa70b6e51b1c937],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\somotomoviestoolbar181\appid.dat, Quarantined, [fd11de76a7d451e54aa70b6e51b1c937],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\somotomoviestoolbar181\setupCfg.xml, Quarantined, [fd11de76a7d451e54aa70b6e51b1c937],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\somotomoviestoolbar181\sysid.dat, Quarantined, [fd11de76a7d451e54aa70b6e51b1c937],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Roaming\Mozilla\Firefox\Profiles\j30sjgcr.default\somotomoviestoolbar181\trackid.dat, Quarantined, [fd11de76a7d451e54aa70b6e51b1c937],

PUP.Optional.MoviesToolBar.A, C:\Users\alev\AppData\Local\somotomoviestoolbar181\GC\toolbar.crx, Quarantined, [cc42aea6a3d8ba7c2b01bbca7a8850b0],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/22/2014 at 01:03 PM

 

Application Version : 5.7.1018

 

Core Rules Database Version : 11250

Trace Rules Database Version: 9062

 

Scan type       : Complete Scan

Total Scan Time : 02:01:25

 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator

 

Memory items scanned      : 432

Memory threats detected   : 0

Registry items scanned    : 68895

Registry threats detected : 0

File items scanned        : 233245

File threats detected     : 37

 

Adware.Tracking Cookie

                .doubleclick.net [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .serving-sys.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .serving-sys.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .at.atwola.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .ru4.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .mediaplex.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .mediaplex.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .mediaplex.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .server.cpmstar.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .server.cpmstar.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .bs.serving-sys.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .doubleclick.net [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .serving-sys.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .atdmt.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .atdmt.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .atdmt.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .casalemedia.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .casalemedia.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .casalemedia.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .casalemedia.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .casalemedia.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .pro-market.net [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                ads1.solocpm.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .smartadserver.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .smartadserver.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .smartadserver.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .adtechus.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .ru4.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                c1.adform.net [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                c1.adform.net [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .adform.net [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .advertising.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .advertising.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .ad.mlnadvertising.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .tribalfusion.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .serving-sys.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]

                .serving-sys.com [ C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users