Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to Remove BrowserSafeGuard.exe


  • This topic is locked This topic is locked
14 replies to this topic

#1 tomvd

tomvd

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 04 July 2014 - 02:45 AM

Hi, 

 

I have BrowserSafeGuard.exe for unknown reasons. I uninstalled it in control panel on Windows 7. It still gives a BrowserSafeGuard message when I type a search query into the Firefox address bar. I tried removing it by deleting it, but it says that other processes are using it. I tried Malwarebytes, and it removed the files, but then I can't access any webpages at all on any browser. I tried terminating the process in Windows Task Manager, and the same thing happened. I couldn't access any websites. I tried to contact the douchebags at iBryte, but their webform doesn't even work. Whenever BrowserSafeGuard.exe crashes, I can't access any websites. This is costing me a lot of money. How do I fix this? Apparently, they're a legit company? I was thinking very violently when I posted this. I'd really love to sue these people. . 


Edited by tomvd, 04 July 2014 - 09:29 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 04 July 2014 - 09:08 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 04 July 2014 - 09:36 AM

OK. I'll do that. 


Edited by tomvd, 04 July 2014 - 09:51 AM.


#4 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 04 July 2014 - 10:03 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Nobody (administrator) on NOBODY-PC on 04-07-2014 07:57:33
Running from C:\Users\Nobody\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rstrui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\Nobody\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
() C:\Users\Nobody\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Nobody\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-02-09] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [S6000Mnt] => C:\windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-09] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-03-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [349184 2014-07-03] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [Google Update] => C:\Users\Nobody\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-20] (Google Inc.)
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-09] (Google Inc.)
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [Amazon Cloud Player] => C:\Users\Nobody\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3113792 2013-05-22] ()
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [DW7] => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [iLivid] => "C:\Users\Nobody\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [TouchFreeze] => C:\Users\Nobody\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-1804870422-2122964907-2388872723-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49224;https=127.0.0.1:49224
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=lenn&bmod=lenn
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll No File
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar - {99079A25-328F-4BD4-BE04-00955ACAA0A7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079A25-328F-4BD4-BE04-00955ACAA0A7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coIEPlg.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
FireFox:
========
FF ProfilePath: C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Delta Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR - C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Nobody\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Nobody\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Nobody\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Nobody\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Nobody\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nobody\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Nobody\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nobody\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\searchplugins\Search_Results.xml
FF Extension: Leapforce - Search Engine Evaluator Toolbar - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\qrptoolbar@leapforceathome.com [2014-02-25]
FF Extension: EPUBReader - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-02]
FF Extension: DownloadHelper - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-01]
FF Extension: Check4Change - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\check4change-owner@mozdev.org.xpi [2012-08-13]
FF Extension: Firebug - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\firebug@software.joehewitt.com.xpi [2013-10-26]
FF Extension: RaterAide - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\jid1-uPkhccQwZ0FMIA@jetpack.xpi [2012-09-26]
FF Extension: LF PQ Quiz - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\lfpqquiz@example.net.xpi [2013-04-29]
FF Extension: User Agent Switcher - C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-04-20]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-06-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-21]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Google Talk Plugin) - C:\Users\Nobody\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Nobody\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U39) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (Leapforce Extension) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\belncckcaakhmonmcfmegbglccbjlebc [2014-03-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (RaterAide) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlblfbajhmkflfamdiiccdohdkbdaon [2014-03-03]
CHR Extension: (Win7 Scrollbars) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifcnoebhbpdndjendfkpehpfbglgfkc [2014-04-01]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2012-10-02]
CHR Extension: (RealDownloader) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-24]
CHR Extension: (Kicktraq) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfbmdekphdknccdlbhlkbifdbdioekd [2014-05-13]
CHR Extension: (Hangouts) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-11]
CHR Extension: (YSlow) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Nobody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-15]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1015592 2014-05-15] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-13] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [561448 2014-05-15] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-13] (AnchorFree Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-13] (Anchorfree Inc.)
U2 CLKMSVC10_3A60B698; 
U2 CLKMSVC10_C3B3B687; 
U2 DriverService; 
U2 IAStorDataMgrSvc; 
U2 idealife Update Service; 
U3 IGRS; 
U2 IviRegMgr; 
U2 nvUpdatusService; 
U2 Oasis2Service; 
U2 PCCarerServic; 
U2 ReadyComm.DirectRouter; 
U2 RichVideo; 
U2 RtLedService; 
U2 SoftwareService; 
U2 Stereo Service; 
U3 aswMBR; \??\C:\Users\Nobody\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Nobody\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-04 07:57 - 2014-07-04 07:58 - 00035875 _____ () C:\Users\Nobody\Downloads\FRST.txt
2014-07-04 07:57 - 2014-07-04 07:57 - 00000000 ____D () C:\FRST
2014-07-04 07:56 - 2014-07-04 07:56 - 02083840 _____ (Farbar) C:\Users\Nobody\Downloads\FRST64.exe
2014-07-04 07:55 - 2014-07-04 07:55 - 05185536 _____ (AVAST Software) C:\Users\Nobody\Downloads\aswmbr.exe
2014-07-03 23:57 - 2014-07-04 00:37 - 00003344 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1804870422-2122964907-2388872723-1000
2014-07-03 23:53 - 2014-07-04 00:19 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-03 23:53 - 2014-07-04 00:19 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-07-03 23:53 - 2014-07-03 23:53 - 02042536 _____ (LiveSoftAction) C:\Users\Nobody\Downloads\SpeedFan provided through GetNow.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 01645424 _____ (Bandoo Media Inc) C:\Users\Nobody\Downloads\iLividSetup-r20-n-bc.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 01077648 _____ (Ask.com) C:\Users\Nobody\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 00352952 _____ (Softonic) C:\Users\Nobody\Downloads\SoftonicDownloader_for_wave-mp3-editor.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 00352936 _____ (Softonic) C:\Users\Nobody\Downloads\SoftonicDownloader_for_goldwave.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
2014-07-03 23:44 - 2014-07-04 00:37 - 00003212 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1804870422-2122964907-2388872723-1000
2014-07-03 23:23 - 2014-07-04 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-03 23:23 - 2014-07-04 00:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 23:23 - 2014-07-03 23:49 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 23:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-03 23:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-03 23:17 - 2014-07-03 23:17 - 01346519 _____ () C:\Users\Nobody\Downloads\adwcleaner_3.214.exe
2014-07-03 23:10 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-03 23:09 - 2014-07-04 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-03 23:09 - 2014-07-03 23:09 - 00004430 _____ () C:\windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-03 23:09 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-03 23:09 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-03 23:09 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-01 14:52 - 2014-07-01 14:52 - 00918952 _____ (Oracle Corporation) C:\Users\Nobody\Downloads\chromeinstall-7u60.exe
2014-06-21 01:11 - 2014-06-21 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 21:50 - 2014-07-04 00:21 - 00000380 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Nobody.job
2014-06-19 21:50 - 2014-07-03 21:57 - 00000370 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Nobody.job
2014-06-19 21:50 - 2014-07-03 19:54 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Nobody.job
2014-06-19 21:50 - 2014-06-30 21:54 - 00002964 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Nobody
2014-06-19 21:50 - 2014-06-21 20:51 - 00002968 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Nobody
2014-06-19 21:50 - 2014-06-19 21:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Nobody
2014-06-19 21:50 - 2014-06-19 21:50 - 00002672 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Nobody
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2014-06-12 00:46 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-12 00:46 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-12 00:46 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-12 00:46 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-12 00:46 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-12 00:46 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-12 00:46 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-12 00:46 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-12 00:46 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-12 00:46 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-12 00:46 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-12 00:46 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-12 00:46 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-12 00:46 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-12 00:46 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-12 00:46 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-12 00:46 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-12 00:46 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-12 00:46 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 00:46 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-12 00:46 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-12 00:46 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-12 00:46 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-12 00:46 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-12 00:46 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-12 00:46 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-12 00:46 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-12 00:46 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-12 00:46 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-12 00:46 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-12 00:46 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-12 00:46 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-12 00:46 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-12 00:46 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-12 00:46 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-12 00:46 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-12 00:46 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 00:46 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-12 00:46 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-12 00:46 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-12 00:46 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-12 00:46 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-12 00:46 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-12 00:46 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-12 00:46 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-12 00:46 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-12 00:46 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-12 00:46 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-12 00:46 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-12 00:46 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-12 00:46 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-12 00:46 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-12 00:46 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-12 00:46 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-12 00:46 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-12 00:46 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 00:46 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-12 00:46 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-12 00:46 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-12 00:46 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-12 00:46 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-12 00:46 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-12 00:46 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-12 00:46 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-12 00:45 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-12 00:45 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-11 18:03 - 2014-06-11 18:04 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-06-11 18:03 - 2014-06-11 18:04 - 00000000 ____D () C:\Program Files (x86)\Balabolka
2014-06-11 18:03 - 2014-06-11 18:03 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Balabolka
2014-06-11 18:01 - 2014-06-11 19:04 - 00000000 ____D () C:\Users\Nobody\Documents\Balabolka
2014-06-11 10:29 - 2014-06-11 10:29 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-11 10:29 - 2014-06-11 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-11 10:28 - 2014-06-11 10:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-11 10:28 - 2014-06-11 10:29 - 00000000 ____D () C:\Program Files\iTunes
2014-06-11 10:28 - 2014-06-11 10:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-11 10:28 - 2014-06-11 10:28 - 00000000 ____D () C:\Program Files\iPod
2014-06-10 20:49 - 2014-06-10 21:14 - 472734172 _____ () C:\Users\Nobody\Downloads\wetransfer-770fab.zip
2014-06-05 01:06 - 2014-06-05 14:30 - 00000000 ____D () C:\Program Files (x86)\Zabaware
2014-06-05 01:06 - 2014-06-05 01:06 - 04109124 _____ () C:\Users\Nobody\Downloads\HalReader.zip
2014-06-05 01:06 - 2014-06-05 01:06 - 00000000 ____D () C:\windows\lhsp
2014-06-05 00:32 - 2014-06-05 00:32 - 00000000 ____D () C:\Users\Nobody\Documents\PC Speed Maximizer
2014-06-05 00:29 - 2014-06-05 00:30 - 00000000 ____D () C:\Program Files\003
2014-06-05 00:20 - 2014-06-05 00:21 - 02074763 _____ () C:\Users\Nobody\Downloads\AlienSpeech.ZIP
 
==================== One Month Modified Files and Folders =======
 
2014-07-04 07:58 - 2014-07-04 07:57 - 00035875 _____ () C:\Users\Nobody\Downloads\FRST.txt
2014-07-04 07:57 - 2014-07-04 07:57 - 00000000 ____D () C:\FRST
2014-07-04 07:56 - 2014-07-04 07:56 - 02083840 _____ (Farbar) C:\Users\Nobody\Downloads\FRST64.exe
2014-07-04 07:55 - 2014-07-04 07:55 - 05185536 _____ (AVAST Software) C:\Users\Nobody\Downloads\aswmbr.exe
2014-07-04 07:47 - 2012-07-07 08:06 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 07:43 - 2014-02-06 16:49 - 00000568 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1804870422-2122964907-2388872723-1000.job
2014-07-04 07:22 - 2012-02-09 06:15 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 07:21 - 2014-03-12 13:19 - 00320561 _____ () C:\FaceProv.log
2014-07-04 07:21 - 2012-05-13 12:17 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000UA.job
2014-07-04 07:21 - 2012-02-09 06:05 - 00000000 ____D () C:\ProgramData\VeriFace
2014-07-04 07:21 - 2012-02-09 05:20 - 01055436 _____ () C:\windows\WindowsUpdate.log
2014-07-04 00:37 - 2014-07-03 23:57 - 00003344 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1804870422-2122964907-2388872723-1000
2014-07-04 00:37 - 2014-07-03 23:44 - 00003212 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1804870422-2122964907-2388872723-1000
2014-07-04 00:29 - 2009-07-13 21:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 00:29 - 2009-07-13 21:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 00:26 - 2009-07-13 22:13 - 00783400 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-04 00:23 - 2013-09-10 13:26 - 00003366 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1804870422-2122964907-2388872723-1000
2014-07-04 00:23 - 2013-09-10 13:26 - 00003234 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1804870422-2122964907-2388872723-1000
2014-07-04 00:21 - 2014-06-19 21:50 - 00000380 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Nobody.job
2014-07-04 00:21 - 2013-04-27 22:09 - 00000342 _____ () C:\windows\Tasks\dsmonitor.job
2014-07-04 00:21 - 2012-02-09 06:15 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 00:20 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-04 00:20 - 2009-07-13 21:51 - 00081692 _____ () C:\windows\setupact.log
2014-07-04 00:19 - 2014-07-03 23:53 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-04 00:19 - 2014-07-03 23:53 - 00000000 ____D () C:\Program Files (x86)\Browsersafeguard
2014-07-04 00:19 - 2014-07-03 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-04 00:19 - 2014-07-03 23:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-04 00:19 - 2014-07-03 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-04 00:19 - 2012-04-20 11:29 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-07-04 00:19 - 2012-04-20 11:29 - 00000000 ____D () C:\Users\Nobody
2014-07-04 00:19 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration
2014-07-03 23:55 - 2010-11-20 20:47 - 00897302 _____ () C:\windows\PFRO.log
2014-07-03 23:53 - 2014-07-03 23:53 - 02042536 _____ (LiveSoftAction) C:\Users\Nobody\Downloads\SpeedFan provided through GetNow.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 01645424 _____ (Bandoo Media Inc) C:\Users\Nobody\Downloads\iLividSetup-r20-n-bc.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 01077648 _____ (Ask.com) C:\Users\Nobody\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 00352952 _____ (Softonic) C:\Users\Nobody\Downloads\SoftonicDownloader_for_wave-mp3-editor.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 00352936 _____ (Softonic) C:\Users\Nobody\Downloads\SoftonicDownloader_for_goldwave.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 00004392 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task
2014-07-03 23:49 - 2014-07-03 23:23 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 23:41 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\Vss
2014-07-03 23:23 - 2014-02-11 12:34 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Malwarebytes
2014-07-03 23:23 - 2014-02-11 12:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 23:17 - 2014-07-03 23:17 - 01346519 _____ () C:\Users\Nobody\Downloads\adwcleaner_3.214.exe
2014-07-03 23:10 - 2013-10-08 18:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-03 23:09 - 2014-07-03 23:09 - 00004430 _____ () C:\windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-07-03 23:09 - 2012-04-20 12:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-03 22:48 - 2014-04-18 13:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-03 21:57 - 2014-06-19 21:50 - 00000370 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Nobody.job
2014-07-03 19:54 - 2014-06-19 21:50 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Nobody.job
2014-07-03 16:09 - 2012-05-13 12:17 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000Core.job
2014-07-03 11:50 - 2014-04-18 13:17 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-03 11:50 - 2014-04-18 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-02 01:17 - 2012-08-08 12:01 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Skype
2014-07-01 14:52 - 2014-07-01 14:52 - 00918952 _____ (Oracle Corporation) C:\Users\Nobody\Downloads\chromeinstall-7u60.exe
2014-06-30 21:54 - 2014-06-19 21:50 - 00002964 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Nobody
2014-06-28 21:16 - 2012-07-15 14:35 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-28 21:16 - 2012-04-20 12:12 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 21:16 - 2012-04-20 12:12 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-28 21:11 - 2012-04-25 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-28 21:09 - 2012-04-20 15:27 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\SoftGrid Client
2014-06-26 16:32 - 2014-05-13 16:33 - 00000000 ____D () C:\Users\Nobody\Documents\Kickstarter
2014-06-25 16:29 - 2012-05-23 12:39 - 00000000 ____D () C:\Users\Nobody\Documents\Leapforce
2014-06-22 22:30 - 2012-04-20 11:32 - 00067224 _____ () C:\Users\Nobody\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 20:51 - 2014-06-19 21:50 - 00002968 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Nobody
2014-06-21 01:11 - 2014-06-21 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 21:55 - 2014-04-18 13:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-20 21:55 - 2012-08-08 12:01 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 21:50 - 2014-06-19 21:50 - 00003618 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Nobody
2014-06-19 21:50 - 2014-06-19 21:50 - 00002672 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Nobody
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgrkx64.sys
2014-06-17 16:04 - 2012-05-13 12:17 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000UA
2014-06-17 16:04 - 2012-05-13 12:17 - 00003488 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000Core
2014-06-16 13:27 - 2014-05-08 22:12 - 00000000 ____D () C:\Users\Nobody\Documents\Tsunami
2014-06-16 13:27 - 2012-04-20 14:01 - 00000000 ____D () C:\Users\Nobody\AppData\Local\Paint.NET
2014-06-15 13:38 - 2012-04-20 12:37 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Audacity
2014-06-14 21:18 - 2013-05-24 12:05 - 00000000 ____D () C:\Users\Nobody\AppData\Local\CrashDumps
2014-06-13 17:09 - 2012-02-09 06:15 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-13 17:09 - 2012-02-09 06:15 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-12 11:25 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-06-12 03:05 - 2013-08-11 10:37 - 00000000 ____D () C:\windows\system32\MRT
2014-06-12 03:03 - 2012-04-26 11:24 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-12 03:01 - 2014-05-06 10:34 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-11 19:04 - 2014-06-11 18:01 - 00000000 ____D () C:\Users\Nobody\Documents\Balabolka
2014-06-11 18:04 - 2014-06-11 18:03 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-06-11 18:04 - 2014-06-11 18:03 - 00000000 ____D () C:\Program Files (x86)\Balabolka
2014-06-11 18:03 - 2014-06-11 18:03 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Balabolka
2014-06-11 15:12 - 2012-02-09 06:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 10:29 - 2014-06-11 10:29 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-11 10:29 - 2014-06-11 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-11 10:29 - 2014-06-11 10:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-11 10:29 - 2014-06-11 10:28 - 00000000 ____D () C:\Program Files\iTunes
2014-06-11 10:29 - 2014-06-11 10:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-11 10:28 - 2014-06-11 10:28 - 00000000 ____D () C:\Program Files\iPod
2014-06-10 21:14 - 2014-06-10 20:49 - 472734172 _____ () C:\Users\Nobody\Downloads\wetransfer-770fab.zip
2014-06-08 02:13 - 2014-06-12 00:45 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 02:08 - 2014-06-12 00:45 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-07 17:05 - 2012-04-20 12:14 - 00000000 ____D () C:\Users\Nobody\AppData\Roaming\Mozilla
2014-06-07 11:53 - 2014-02-06 16:49 - 00003598 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1804870422-2122964907-2388872723-1000
2014-06-05 14:30 - 2014-06-05 01:06 - 00000000 ____D () C:\Program Files (x86)\Zabaware
2014-06-05 01:06 - 2014-06-05 01:06 - 04109124 _____ () C:\Users\Nobody\Downloads\HalReader.zip
2014-06-05 01:06 - 2014-06-05 01:06 - 00000000 ____D () C:\windows\lhsp
2014-06-05 01:06 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\Speech
2014-06-05 00:32 - 2014-06-05 00:32 - 00000000 ____D () C:\Users\Nobody\Documents\PC Speed Maximizer
2014-06-05 00:30 - 2014-06-05 00:29 - 00000000 ____D () C:\Program Files\003
2014-06-05 00:28 - 2014-04-18 13:16 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-05 00:21 - 2014-06-05 00:20 - 02074763 _____ () C:\Users\Nobody\Downloads\AlienSpeech.ZIP
 
Files to move or delete:
====================
C:\Users\Nobody\jagex_cl_runescape_LIVE.dat
 
 
Some content of TEMP:
====================
C:\Users\Nobody\AppData\Local\Temp\aacdec.exe
C:\Users\Nobody\AppData\Local\Temp\DeleteUninstall.exe
C:\Users\Nobody\AppData\Local\Temp\DivXSetup.exe
C:\Users\Nobody\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Nobody\AppData\Local\Temp\installhelper.dll
C:\Users\Nobody\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Nobody\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nobody\AppData\Local\Temp\nsl6364.tmp.exe
C:\Users\Nobody\AppData\Local\Temp\oi_{0B711068-3C6A-4F42-AFB7-FD8F6BABE8FC}.exe
C:\Users\Nobody\AppData\Local\Temp\Paint.NET.3.5.11.Install.exe
C:\Users\Nobody\AppData\Local\Temp\remove.exe
C:\Users\Nobody\AppData\Local\Temp\sfextra.dll
C:\Users\Nobody\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Nobody\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Nobody\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite10228.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite20337.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite25116.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite30662.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite30748.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite32461.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite32700.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite35315.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite36570.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite41583.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite47069.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite48548.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite51239.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite55662.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite56049.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite66269.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite66344.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite75689.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite77782.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite78037.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite79244.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite87202.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite95701.dll
C:\Users\Nobody\AppData\Local\Temp\System.Data.SQLite96923.dll
C:\Users\Nobody\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Nobody\AppData\Local\Temp\uninst1.exe
C:\Users\Nobody\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Nobody\AppData\Local\Temp\zipsetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-28 13:25
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Nobody at 2014-07-04 07:58:51
Running from C:\Users\Nobody\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.0.2.314 - Amazon Services LLC)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Anime Studio Pro 8.0 (HKLM-x32\...\ASP800_is1) (Version: 8.0 - Smith Micro Software, Inc.)
Anime Studio Pro 8.2 (HKLM-x32\...\ASP820_is1) (Version: 8.2 - Smith Micro Software, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Balabolka (HKLM-x32\...\Balabolka) (Version: 2.10.0.570 - Ilya Morozov)
Blender (HKLM\...\Blender) (Version: 2.62-release - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{CF3C170B-D713-4089-84FE-63285B424B95}) (Version: 0.9.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
CoffeeCup Free HTML Editor (HKCU\...\CoffeeCup Free HTML Editor) (Version:  - )
Crystl (HKLM-x32\...\com.ideaincubatorlp.crystl) (Version: 1.0.0 - Infomastery, LLC)
Crystl (x32 Version: 1.0.0 - Infomastery, LLC) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.28 - DivX, LLC)
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.10.0 - Uniblue Systems Ltd)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Zip File Compression Software (HKLM-x32\...\ExpressZip) (Version:  - NCH Software)
FeedDemon (HKLM-x32\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
GoldWave v5.57 (HKLM-x32\...\GoldWave v5.57) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1440 (HKCU\...\GoToMeeting) (Version: 6.3.0.1440 - CitrixOnline)
H&R Block Arizona 2012 (HKLM-x32\...\{23ADF1CF-4578-4BEC-AF07-FFEC8EA17C9C}) (Version: 1.12.4601 - HRB Technology, LLC.)
H&R Block Arizona 2013 (HKLM-x32\...\{E9772A9E-A62D-4935-938A-770CBDB30E2A}) (Version: 1.13.4901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
HairBall - MailChimp's List Tool (HKLM-x32\...\HairBall) (Version: 2.0.2 - The Rocket Science Group, LLC)
HairBall - MailChimp's List Tool (x32 Version: 2.0.2 - The Rocket Science Group, LLC) Hidden
Hotspot Shield 3.41 (HKLM-x32\...\HotspotShield) (Version: 3.41 - AnchorFree)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
jZip (HKLM-x32\...\jZip) (Version:  - Bandoo Media Inc.) <==== ATTENTION
KindlePreviewer (HKCU\...\KindlePreviewer) (Version: 2.91 - Amazon)
KISS Wave MP3 Editor v12.9 (HKLM-x32\...\{027EE8D9-D18B-4D37-825D-D5240DB4A06C}) (Version: 12.09.00 - Code-it Software Solutions)
Kobo (HKLM-x32\...\Kobo) (Version: 3.2.3 - Kobo Inc.)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Leapforce Extension Native Host (HKLM-x32\...\{23C4C901-6887-4C5D-A2AE-B9F72FB6A044}) (Version: 1.1.1 - Leapforce)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{FC9B811E-39BC-4813-9E29-B83CCF700010}) (Version: 2.16.23.3 - Alcor)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Miro (HKLM-x32\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
TouchFreeze (HKLM-x32\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
ZillaTube 5.6.7 (HKLM-x32\...\ZillaTube) (Version: 5.6.7 - ZillaTube)
ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software)
 
==================== Restore Points  =========================
 
22-06-2014 04:03:13 Windows Update
26-06-2014 06:15:37 Windows Update
30-06-2014 01:25:36 Windows Update
03-07-2014 19:00:48 Windows Update
04-07-2014 06:08:30 Installed Java 7 Update 60
04-07-2014 07:16:12 Restore Operation
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {01B55DAE-BE24-48B1-B9EA-DCDAC59635B0} - System32\Tasks\RNUpgradeHelperResumePrompt_Nobody => C:\Users\Nobody\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-19] (RealNetworks, Inc.)
Task: {1074B824-D8FC-4152-82B5-6917C317A7E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1261B1DE-F42C-4CD5-A402-F45C93B2E41D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe
Task: {1294F1B9-383B-4C60-B215-ABD0E5341745} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {1B2393B9-27E6-45A8-85C1-66EC2B2E72CE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {314BB55A-F017-4720-8904-BA086817BB92} - System32\Tasks\RNUpgradeHelperLogonPrompt_Nobody => C:\Users\Nobody\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-19] (RealNetworks, Inc.)
Task: {37D4AA37-B67B-4F38-8B67-A7F3D6C22168} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-28] (Adobe Systems Incorporated)
Task: {45FB4F38-3813-4CB6-8718-A0799859BB94} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000Core => C:\Users\Nobody\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
Task: {523B07EF-16DF-4635-AF6F-9CD48802CC13} - System32\Tasks\ReclaimerUpdateXML_Nobody => C:\Users\Nobody\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-19] (RealNetworks, Inc.)
Task: {619536EC-329E-4095-80A8-B860357AD998} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {61DEB8EA-D945-4972-80B2-435DACC404AD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {76CE2EED-1BE8-4DAA-8E31-4940DE2D48B1} - System32\Tasks\G2MUpdateTask-S-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Users\Nobody\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe [2014-06-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {8B0D815C-C9A9-415C-8589-F6D262EB07C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09] (Google Inc.)
Task: {942A7B91-D84D-422C-BD9C-CC4A1A8BC1D1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B05B3807-62BC-4EBA-9ED9-3A38F5878FD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-09] (Google Inc.)
Task: {C0B31B79-6B41-4964-BC24-93507487EB71} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C3F64C19-AE73-4794-B416-0BFCE5C2430C} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {C43658D5-4AC6-43B9-83C2-B09A9D9214A1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C8A915C0-C4AE-4C93-A40F-D25CBD419FF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000UA => C:\Users\Nobody\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20] (Google Inc.)
Task: {D08E9F49-399B-4000-8E38-BE34D5970F9D} - System32\Tasks\ReclaimerUpdateFiles_Nobody => C:\Users\Nobody\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe [2014-06-19] (RealNetworks, Inc.)
Task: {D51D5E74-A7C2-48A4-93F4-D8F0A4EE0CDC} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe
Task: {D7667D34-1CA4-478B-A1AE-C43514552084} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E973AF4C-DE48-4561-AC3E-B7753EFC15A7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1804870422-2122964907-2388872723-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-1804870422-2122964907-2388872723-1000.job => C:\Users\Nobody\AppData\Local\Citrix\GoToMeeting\1440\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000Core.job => C:\Users\Nobody\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1804870422-2122964907-2388872723-1000UA.job => C:\Users\Nobody\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Nobody.job => C:\Users\Nobody\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Nobody.job => C:\Users\Nobody\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Nobody.job => C:\Users\Nobody\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.01\agent\rnupgagent.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-27 13:07 - 2011-07-27 13:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-06-06 07:20 - 2010-06-06 07:20 - 00065344 _____ () C:\windows\System32\PDFreDirectMon64.dll
2014-05-15 11:49 - 2014-05-15 11:49 - 00561448 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-11-11 03:42 - 2010-11-11 03:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 03:44 - 2010-11-11 03:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2012-02-09 06:05 - 2012-02-09 06:05 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-04-13 20:01 - 2011-03-25 02:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 13:07 - 2011-07-27 13:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2008-12-19 20:20 - 2012-02-09 06:20 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 20:20 - 2012-02-09 06:20 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-05-24 13:03 - 2013-05-22 14:51 - 03113792 _____ () C:\Users\Nobody\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2012-07-24 19:26 - 2012-07-24 19:26 - 00040960 _____ () C:\Users\Nobody\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
2011-02-15 05:26 - 2011-02-15 05:26 - 00205088 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll
2012-02-09 06:08 - 2012-02-09 06:08 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2013-02-12 19:37 - 2013-02-12 19:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-07-03 23:53 - 2014-07-03 23:53 - 00349184 _____ () C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-15 11:45 - 2014-05-15 11:45 - 00965928 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-05-15 11:49 - 2014-05-15 11:49 - 00229160 _____ () C:\Program Files (x86)\Hotspot Shield\bin\cmwhydraplugin.dll
2010-11-11 03:38 - 2010-11-11 03:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 03:39 - 2010-11-11 03:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 00034304 _____ () C:\Users\Nobody\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
2012-02-09 06:05 - 2012-02-09 06:05 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2013-02-12 19:38 - 2013-02-12 19:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-08-07 12:25 - 2013-08-07 12:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-06-11 15:12 - 2014-06-05 06:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 15:12 - 2014-06-05 06:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 15:12 - 2014-06-05 06:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 15:12 - 2014-06-05 06:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 15:12 - 2014-06-05 06:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-11 15:12 - 2014-06-05 06:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/04/2014 01:33:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3027
 
Error: (07/04/2014 01:33:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3027
 
Error: (07/04/2014 01:33:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2014 01:33:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error: (07/04/2014 01:33:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028
 
Error: (07/04/2014 01:33:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2014 01:33:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (07/04/2014 01:33:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (07/04/2014 01:33:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2014 00:23:33 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed Java 7 Update 60). Additional information: 0x80070005.
 
 
System errors:
=============
Error: (07/03/2014 10:47:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
 
Error: (07/03/2014 10:31:33 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error: (07/03/2014 10:31:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
 
Microsoft Office Sessions:
=========================
Error: (07/04/2014 01:33:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3027
 
Error: (07/04/2014 01:33:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3027
 
Error: (07/04/2014 01:33:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2014 01:33:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error: (07/04/2014 01:33:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028
 
Error: (07/04/2014 01:33:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2014 01:33:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (07/04/2014 01:33:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (07/04/2014 01:33:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/04/2014 00:23:33 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Installed Java 7 Update 600x80070005
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 8106.14 MB
Available physical RAM: 4743.97 MB
Total Pagefile: 16210.46 MB
Available Pagefile: 12200.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:654.69 GB) (Free:548.74 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 611CC4D2)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
 
==================== End Of Log ============================


#5 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 04 July 2014 - 02:47 PM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-04 08:06:05
-----------------------------
08:06:05.952    OS Version: Windows x64 6.1.7601 Service Pack 1
08:06:05.953    Number of processors: 8 586 0x2A07
08:06:05.953    ComputerName: NOBODY-PC  UserName: Nobody
08:06:07.670    Initialize success
08:06:07.670    VM: initialized successfully
08:06:07.675    VM: Intel CPU BiosDisabled 
08:06:12.341    VM: supported disk I/O iaStor.sys
08:10:11.521    AVAST engine defs: 14070400
08:12:26.430    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:12:26.438    Disk 0 Vendor: HITACHI_ JE4Z Size: 715404MB BusType: 3
08:12:26.563    Disk 0 MBR read successfully
08:12:26.572    Disk 0 MBR scan
08:12:26.585    Disk 0 Windows 7 default MBR code
08:12:26.595    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
08:12:26.600    Disk 0 default boot code
08:12:26.614    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       670402 MB offset 411648
08:12:26.622    Disk 0 Partition - 00     0F Extended LBA             29693 MB offset 1373394944
08:12:26.663    Disk 0 Partition 3 00     12  Compaq diag NTFS        15108 MB offset 1434206208
08:12:26.699    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29692 MB offset 1373396992
08:12:26.853    Disk 0 scanning C:\windows\system32\drivers
08:12:37.443    Service scanning
08:13:08.918    Modules scanning
08:13:08.932    Disk 0 trace - called modules:
08:13:09.011    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
08:13:09.025    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800964b790]
08:13:09.039    3 CLASSPNP.SYS[fffff88001b6343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b21050]
08:13:10.742    AVAST engine scan C:\windows
08:13:14.743    AVAST engine scan C:\windows\system32
08:16:31.310    AVAST engine scan C:\windows\system32\drivers
08:16:44.978    AVAST engine scan C:\Users\Nobody
08:23:58.902    File: C:\Users\Nobody\AppData\Local\Temp\54A0485C-BAB0-7891-9700-D83D98AE4364\Latest\MyBabylonTB.exe  **INFECTED** Win32:Adware-gen [Adw]
08:48:50.851    AVAST engine scan C:\ProgramData
08:50:47.477    Scan finished successfully
12:40:50.594    Disk 0 MBR has been saved successfully to "C:\Users\Nobody\Documents\Temporary Files\MBR.dat"
12:40:50.599    The log file has been saved successfully to "C:\Users\Nobody\Documents\Temporary Files\aswMBR.txt"


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 07 July 2014 - 02:11 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

suprasavings


Close the window.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 13 July 2014 - 08:49 PM

Thanks. I didn't receive an email notification for this topic, so it took a while. I'm going to try it and let you know how it goes.



#8 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 13 July 2014 - 09:10 PM

Fixlog.txt is attached.I'm afraid that Malwarebytes is going to disable web browsing again if I allow it to take action. I can probably reverse those actions right away if that is the case, but not sure whether I can reverse those actions after restarting the computer.

Attached Files



#9 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 13 July 2014 - 10:07 PM

OK. I did the scan. All the actions that I saw said "ignore once". I applied them. Here's the scan log. I have not restarted the computer.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/13/2014
Scan Time: 7:42:40 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.13.07
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nobody

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332388
Time Elapsed: 13 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 1
PUP.Optional.RocketTab.A, C:\FRST\Quarantine\C\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe.xBAD, 5596, No Action By User, [49c27f2081fa2b0b0ef1fa4fee123ac6]

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, No Action By User, [ad5ed5ca0576979f968e0586b05245bb],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, No Action By User, [ad5ed5ca0576979f968e0586b05245bb],
PUP.Optional.SearchQu, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, No Action By User, [36d5c6d99ae187aff691e37543bf31cf],
PUP.Optional.SearchQu, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, No Action By User, [36d5c6d99ae187aff691e37543bf31cf],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, No Action By User, [9972881794e716208354ec66f70bd32d],
PUP.Optional.PricePeep.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, No Action By User, [e922504f86f5e452beb5e1a97e841ce4],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, No Action By User, [34d7940b5f1cfc3a60c619ab29d938c8],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, No Action By User, [17f41a8580fb7eb868bd547f47bbbb45],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, No Action By User, [45c6e1be17649f9775b12e968b77718f],
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, No Action By User, [cd3e1c839cdfcd695ae6ab52ee15e818],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, No Action By User, [f6158817a8d3f2448b4c44b6f60d1be5],
PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowsersafeguardInstalled, No Action By User, [fe0d3c637407a88e543bb5084fb35ba5],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, No Action By User, [ec1fbbe4601b5adc5fa81dda798a0000],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, No Action By User, [68a3346b3b40e3534abc7087798a6e92],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, No Action By User, [ec1fa8f72b5064d26727d4371ee6e11f],
PUP.Optional.PricePeep.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, No Action By User, [8982dbc41c5f80b6b76152928a78857b],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, No Action By User, [33d8554a59222412f631dff46b97ce32],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, No Action By User, [22e9bee14f2c8caa46e44aad887be41c],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, No Action By User, [76951a85afcce4522bf7c40c1ce623dd],

Registry Values: 5
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Searchqu Toolbar, No Action By User, [36d5c6d99ae187aff691e37543bf31cf]
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, No Action By User, [ef1cf8a76c0f77bf691e4f09c1416b95],
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_captdownload.com|google_7zip-display-nz-336x280-captdownload-30395540664, No Action By User, [cd3e1c839cdfcd695ae6ab52ee15e818]
PUP.Optional.LessTabs.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|lesstabs@lesstabs.com, C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com, No Action By User, [37d44b541764e0560441715c9d65a25e]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0C2V2WtGtBtH1P1S1G1ItGtBtF0L, No Action By User, [22e9bee14f2c8caa46e44aad887be41c]

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\mt_ffx\Delta, No Action By User, [95765c4386f5a4921f54326c0ff35da3],
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\mt_ffx\Delta\delta, No Action By User, [95765c4386f5a4921f54326c0ff35da3],
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.16.16, No Action By User, [95765c4386f5a4921f54326c0ff35da3],

Files: 43
PUP.Optional.RocketTab.A, C:\FRST\Quarantine\C\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe.xBAD, No Action By User, [49c27f2081fa2b0b0ef1fa4fee123ac6],
PUP.Optional.Softonic, C:\Users\Nobody\AppData\Local\Temp\FoLeks0D.exe.part, No Action By User, [bf4c4659e299ad8918c9e823956c24dc],
PUP.Optional.Softonic, C:\Users\Nobody\AppData\Local\Temp\JyDB+9qj.exe.part, No Action By User, [16f5514e423966d0b22f3ccfa35ed12f],
PUP.Optional.Babylon.A, C:\Users\Nobody\AppData\Local\Temp\54A0485C-BAB0-7891-9700-D83D98AE4364\Latest\CrxInstaller.dll, No Action By User, [9f6c48571566a39398ac1f01da275da3],
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\54A0485C-BAB0-7891-9700-D83D98AE4364\Latest\MyBabylonTB.exe, No Action By User, [19f2e7b8d4a780b6a79eabcc78894cb4],
PUP.Optional.Babylon.A, C:\Users\Nobody\AppData\Local\Temp\54A0485C-BAB0-7891-9700-D83D98AE4364\Latest\Setup.exe, No Action By User, [14f72e71b9c288ae3f370717ab55f50b],
PUP.Optional.Spigot.A, C:\Users\Nobody\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe, No Action By User, [f01b8c13d4a73bfb43a61714738e847c],
PUP.Optional.Softonic.A, C:\Users\Nobody\Downloads\SoftonicDownloader_for_goldwave.exe, No Action By User, [9f6c247b354671c507389e89966b8d73],
PUP.Optional.Softonic.A, C:\Users\Nobody\Downloads\SoftonicDownloader_for_wave-mp3-editor.exe, No Action By User, [54b77b24403b8da969d6b5720ef3f709],
PUP.Optional.LiveSoftAction.A, C:\Users\Nobody\Downloads\SpeedFan provided through GetNow.exe, No Action By User, [0704b3ec087384b23364be641ee30cf4],
PUP.Optional.Bandoo, C:\Users\Nobody\Downloads\iLividSetup-r20-n-bc.exe, No Action By User, [5eadd4cbee8d7bbb459c39d752af30d0],
PUP.Optional.Searchqu.A, C:\Users\Nobody\AppData\Local\Temp\searchqutoolbar-manifest.xml, No Action By User, [a566f3acc8b33303f69f0ee9679ce11f],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\config.dat, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\makecert.exe, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll, No Action By User, [0cff6e31502be3533806ce2f966daf51],
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), No Action By User,[fa11514eec8fbf773c7af7d6cb3948b8]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), No Action By User,[709b1b84205bb97d288eede0de26ce32]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), No Action By User,[19f21a854536be78e0d603caf014946c]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), No Action By User,[32d97c23c7b4a591ad098a43a95bdf21]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), No Action By User,[67a43966ea91ff37bff709c4838159a7]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), No Action By User,[31da683787f430067442913c84807987]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), No Action By User,[60ab603f48332313bdf9ffce689c33cd]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "90e5dd1300000000000000ff05be5c7d");), No Action By User,[0ffc5649b5c6cf67bafc3f8e1de71ae6]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15836");), No Action By User,[32d9d5cab6c54cea02b47c51ed179c64]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), No Action By User,[05068a15f2892d09179f9b32bf45a25e]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), No Action By User,[3ecd0e91c6b5989e4a6c537a63a1867a]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), No Action By User,[709ba2fdc8b3e056ecca47862ed602fe]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), No Action By User,[0803900fd1aafa3c585e478663a14eb2]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), No Action By User,[ad5e108f166580b6f4c28b428e769b65]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), No Action By User,[eb20356a1467af878531616c758fc33d]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), No Action By User,[be4d3768314ac670ded85b7244c0e917]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), No Action By User,[de2d0e91fc7f3df96155a42916ee23dd]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.16.16");), No Action By User,[a269ebb4f08b2d094b6b0ebf669e6898]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.16.1611:43:20");), No Action By User,[ba5106990774af87b7ffab22f014d32d]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.16.16");), No Action By User,[3ecd3c63671445f1a90d6964d430a060]

Physical Sectors: 0
(No malicious items detected)


(end)



#10 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 13 July 2014 - 10:31 PM

Update: I had to restart the computer because BrowserSafeguard stopped working. After restart, I couldn't access any web pages. Then I changed the proxy settings in Chrome and it works now. Firefox also works. I just unchecked "use a proxy" in Chrome. Thanks. If there's another problem, I'll post either here or another thread. So far it's OK. Thought I would have to bring the computer to a shop.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 14 July 2014 - 10:01 AM

The found threats have to be removed.

Please rescan with MBAM and remove the thretas.

 

Post the log when finished.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 23 July 2014 - 01:14 AM

Hi,

 

Missed your latest reply. I just quarantined everything. Thanks. Log below:

 

 Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 7/22/2014
Scan Time: 10:37:36 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.23.01
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nobody
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339844
Time Elapsed: 14 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [836a1191a4d763d3f368850dd131c63a], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [836a1191a4d763d3f368850dd131c63a], 
PUP.Optional.Yontoo.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [faf3089a156691a5b659421872906a96], 
PUP.Optional.PricePeep.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}, Quarantined, [7a730a987ffc73c3604a97fa13efc739], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, Quarantined, [75788e1480fbbe78c0dc98395aa8ff01], 
PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [7a73c6dc9eddb0866bd231939c668e72], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [d617544edaa1d264158705cc03ff58a8], 
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, Quarantined, [eb02970bb2c95fd7722cc743f410e719], 
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [2dc03a68d7a4a78f11256f999c68c838], 
PUP.Optional.BrowserSafeGuard.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BrowsersafeguardInstalled, Quarantined, [ec011a881f5cda5c7e882e9d4fb302fe], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [cc211f8385f6fd39fe6ac63e2ed69967], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [af3eccd66417d6608bdcd23235cfde22], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [4aa3069ca6d5e155d70f5bbd6e967e82], 
PUP.Optional.PricePeep.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PricePeep, Quarantined, [58954b576912d36360103fb2b34f728e], 
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [9954950dbac1af87bad220c0c33ff010], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [01ec8c16f68550e66427d430ac5831cf], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [d815fea4601bf34311835687e31f728e], 
 
Registry Values: 5
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Quarantined, [9b52980ad7a4142205b9c59afb077d83], 
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Searchqu Toolbar, Quarantined, [9b52980ad7a4142205b9c59afb077d83]
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, google_captdownload.com|google_7zip-display-nz-336x280-captdownload-30395540664, Quarantined, [eb02970bb2c95fd7722cc743f410e719]
PUP.Optional.LessTabs.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|lesstabs@lesstabs.com, C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com, Quarantined, [628b4b57295279bda614c317ed15b050]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1804870422-2122964907-2388872723-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0C2V2WtGtBtH1P1S1G1ItGtBtF0L, Quarantined, [01ec8c16f68550e66427d430ac5831cf]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\mt_ffx\Delta, Quarantined, [35b83d658eedf145902ca30223dfbf41], 
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\mt_ffx\Delta\delta, Quarantined, [35b83d658eedf145902ca30223dfbf41], 
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.16.16, Quarantined, [35b83d658eedf145902ca30223dfbf41], 
 
Files: 42
PUP.Optional.Softonic, C:\Users\Nobody\AppData\Local\Temp\FoLeks0D.exe.part, Quarantined, [1cd1bae8b3c86ec863bb977680815da3], 
PUP.Optional.Softonic, C:\Users\Nobody\AppData\Local\Temp\JyDB+9qj.exe.part, Quarantined, [38b5a002314aff37ac7259b43bc69b65], 
PUP.Optional.Babylon.A, C:\Users\Nobody\AppData\Local\Temp\54A0485C-BAB0-7891-9700-D83D98AE4364\Latest\CrxInstaller.dll, Quarantined, [b439950dfd7e6acca3de39e86f9253ad], 
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Local\Temp\54A0485C-BAB0-7891-9700-D83D98AE4364\Latest\MyBabylonTB.exe, Quarantined, [7d708d1534470c2ab0d7bdbb3bc6f40c], 
PUP.Optional.Babylon.A, C:\Users\Nobody\AppData\Local\Temp\54A0485C-BAB0-7891-9700-D83D98AE4364\Latest\Setup.exe, Quarantined, [915ccbd76714d363d5a336e837c9ef11], 
PUP.Optional.Spigot.A, C:\Users\Nobody\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe, Quarantined, [905db0f2a6d546f0c85e61cce61b58a8], 
PUP.Optional.Softonic.A, C:\Users\Nobody\Downloads\SoftonicDownloader_for_goldwave.exe, Quarantined, [e409237f44378bab28547bad09f80cf4], 
PUP.Optional.Softonic.A, C:\Users\Nobody\Downloads\SoftonicDownloader_for_wave-mp3-editor.exe, Quarantined, [faf3742e85f62f076a1238f0010022de], 
PUP.Optional.LiveSoftAction.A, C:\Users\Nobody\Downloads\SpeedFan provided through GetNow.exe, Quarantined, [9d5072307b004fe71aba69ba36cb21df], 
PUP.Optional.Bandoo, C:\Users\Nobody\Downloads\iLividSetup-r20-n-bc.exe, Quarantined, [c7261f838bf062d41fff47cb40c119e7], 
PUP.Optional.Searchqu.A, C:\Users\Nobody\AppData\Local\Temp\searchqutoolbar-manifest.xml, Quarantined, [08e5ced4bfbc023423d38f75ca3a7789], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\config.dat, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\makecert.exe, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.BrowserSafeGuard.A, C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll, Quarantined, [7d709a082d4e72c4c9d3f119f80c6799], 
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), Replaced,[e00d2280fd7e56e056f83da1a95b59a7]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), Replaced,[32bb574b2c4fa5913717637b54b0649c]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Replaced,[d11c00a21d5eae884c02d20c32d2ec14]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), Replaced,[a8456e3425561323fa54449aec1840c0]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), Replaced,[b9344d556b107cbae16d26b8b351be42]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), Replaced,[3cb1dfc36615e5519eb0e5f951b31fe1]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), Replaced,[8667f9a9b0cbf73f4d0116c8f3119b65]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "90e5dd1300000000000000ff05be5c7d");), Replaced,[c726dfc3accfd363aba316c819eb12ee]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15836");), Replaced,[dc11fea4aad16ccae16d6c72996b4cb4]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), Replaced,[9e4f633f9ae13afc45091fbf996b7090]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), Replaced,[18d5bde5f982ad89a4aa39a59e669f61]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), Replaced,[43aaf9a9f98288ae73db548a16ee5ca4]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), Replaced,[15d82280aad1132386c84e9007fda957]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), Replaced,[da131c8604773105d7775b83dc280cf4]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), Replaced,[6f7e3c66215aa29452fcffdfa85c7d83]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), Replaced,[2ebf5250146787af331bf1ed699b45bb]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), Replaced,[d31a2c766d0e2214ba948b53b0543bc5]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.16.16");), Replaced,[dc119d05f388d5618cc213cb0ef625db]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.16.1611:43:20");), Replaced,[39b4a8fa6417b87edd719d4134d011ef]
PUP.Optional.Delta.A, C:\Users\Nobody\AppData\Roaming\Mozilla\Firefox\Profiles\9cqm1nl9.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.16.16");), Replaced,[d716d9c9502bab8b64eaf2ec976d4bb5]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 tomvd

tomvd
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 23 July 2014 - 05:54 PM

Here's a new problem. The volume of audio on the computer today is 25% what it was before. Could it be related to any of these quarantines? Thanks. 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 05 August 2014 - 03:42 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 08 September 2014 - 09:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users