Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast! Web Shield has blocked a harmful webpage or file


  • This topic is locked This topic is locked
15 replies to this topic

#1 tonata

tonata

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 08 August 2014 - 03:07 AM

Good Day
 
I have an Avast Premier antivirus
and recently this pop-up has been coming up frequently(actualy starting to be annoying now)
I have done a full scan and nothing seems to help.

I have attached the logs i ran with DDS

help would be apreciated,
thanx

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by user at 9:02:46 on 2014-08-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.1954.340 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Users\user\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe
Z:\quick\qm32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
Z:\winmain\wtm32.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/16&hid=10091473551558490353&lg=EN&cc=NA&unqvl=51
mStart Page = hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/16&hid=10091473551558490353&lg=EN&cc=NA&unqvl=51
BHO: ExstraCooUpoon: {077BA808-0BE7-DA68-1871-CB0DFB9C3C98} - c:\programdata\exstracooupoon\qnAYZzGjOY.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: DigiSavEr: {355A2769-34B0-3113-92AA-3441A34D9439} - c:\programdata\digisaver\QsIDIH3.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\windows\system32\config\systemprofile\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
uRun: [iKill] "c:\program files\arpantech\ikill\iKill.exe" -s
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "c:\users\user\appdata\roaming\utorrent\updates\3.4.2_32126.exe"  /MINIMIZED
uRun: [LiveSupport] "c:\program files\livesupport\LiveSupport.exe" /noshow /log
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\bulksm~1.lnk - c:\program files\bulksms messenger\Messenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{520102FB-5F85-45A8-9C3F-DFC47AB567CA} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\sn0310~1.boo
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\32qyhrte.default-1400068031109\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-7-30 270752]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-20 192352]
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys [2014-5-14 52920]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-7-30 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-4-26 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-4-26 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-29 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-4-26 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-3-24 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-7-29 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-7-30 106488]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\bluestacks\HD-Hypervisor-x86.sys [2013-5-13 63816]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\bluestacks\HD-LogRotatorService.exe [2013-5-13 384840]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\user\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2013-5-27 107520]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-7-31 242216]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-2 2666880]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt32.sys [2012-4-26 24664]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-4-26 41088]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\bluestacks\HD-Service.exe [2013-5-13 393032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-15 1343400]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-08-08 04:20:36 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{abe32bb8-71ff-42d4-9599-a8f1ce32d1f9}\offreg.dll
2014-08-05 07:37:33 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 07:13:40 -------- d-----w- c:\users\user\appdata\local\Adobe
2014-08-05 07:04:06 8217224 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{abe32bb8-71ff-42d4-9599-a8f1ce32d1f9}\mpengine.dll
2014-08-01 06:47:06 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 06:46:58 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 06:46:33 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 06:46:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-30 10:34:25 -------- d-----w- c:\programdata\2308189059
2014-07-30 10:31:09 1180529 ----a-w- c:\windows\unins000.exe
2014-07-30 10:00:18 -------- d-----w- c:\users\user\appdata\roaming\Anvsoft
2014-07-30 10:00:11 -------- d-----w- c:\program files\AnvSoft
2014-07-30 09:08:57 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-07-30 09:08:10 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-29 09:19:40 43152 ----a-w- c:\windows\avastSS.scr
2014-07-16 15:31:50 -------- d-sh--w- C:\found.000
2014-07-09 14:20:06 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-07-09 14:20:06 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-07-09 14:20:05 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-07-09 14:20:05 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-07-09 14:15:16 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-09 14:15:15 646144 ----a-w- c:\windows\system32\osk.exe
2014-07-09 14:15:15 399360 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-07-09 14:15:15 348672 ----a-w- c:\program files\common files\microsoft shared\ink\tiptsf.dll
2014-07-09 14:15:15 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 14:15:15 181760 ----a-w- c:\program files\common files\microsoft shared\ink\TabTip.exe
2014-07-09 14:15:15 104448 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-07-09 14:15:14 544768 ----a-w- c:\program files\common files\microsoft shared\ink\TipRes.dll
2014-07-09 14:15:03 509440 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 14:15:02 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 14:15:00 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-07-09 14:15:00 247808 ----a-w- c:\windows\system32\schannel.dll
2014-07-09 14:14:59 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-09 14:14:58 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-09 14:14:58 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-09 14:14:58 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-07-09 14:14:57 17408 ----a-w- c:\windows\system32\credssp.dll
2014-07-09 14:14:52 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 09:40:22 5659136 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2014-07-29 09:19:41 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-29 09:19:40 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-29 09:19:40 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-29 09:19:40 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-29 09:19:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-29 09:19:40 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-29 09:19:40 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 09:40:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 09:40:26 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06:10 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-05-16 07:53:18 341848 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2014-05-12 15:40:58 52920 ----a-w- c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
.
============= FINISH:  9:03:03.73 ===============
 

 

Attached File  Attach.txt   5.2KB   2 downloads


Edited by hamluis, 08 August 2014 - 08:54 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 09 August 2014 - 04:45 AM





Hello tonata

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tonata

tonata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 11 August 2014 - 01:58 AM

Thank you for the reply Gringo

 

I ran the scan...

_________________________________________________________

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by user (administrator) on USER-PC on 11-08-2014 07:52:30
Running from C:\Users\user\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Corporation) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
() \\utcserver\qtravserver\quick\qm32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-285515482-2427174763-81513029-1000\...\Run: [iKill] => C:\Program Files\ArpanTECH\iKill\iKill.exe [143360 2011-12-28] (ArpanTECH)
HKU\S-1-5-21-285515482-2427174763-81513029-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [65216 2009-11-08] (WordWeb Software)
HKU\S-1-5-21-285515482-2427174763-81513029-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-20] (Google Inc.)
HKU\S-1-5-21-285515482-2427174763-81513029-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-285515482-2427174763-81513029-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-285515482-2427174763-81513029-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-285515482-2427174763-81513029-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe [1322832 2014-07-03] (BitTorrent Inc.)
AppInit_DLLs: c:\progra~1\sn0310~1.boo => c:\progra~1\sn0310~1.boo File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BulkSMS Text Messenger.lnk
ShortcutTarget: BulkSMS Text Messenger.lnk -> C:\Program Files\BulkSMS Messenger\Messenger.exe (Celerity Systems (Pty) Ltd.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8BEEAA74653DCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {5CC799D6-5508-4BEA-AF5F-4204D6A7E76C} URL = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=701d3de20000000000008c89a56a823f&affilt=3&r=433
SearchScopes: HKCU - {5F90AC1E-301E-4FA4-B848-3157E6427B65} URL = http://www.mysearchresults.com/search?c=2402&t=01&q={searchTerms}
SearchScopes: HKCU - {6FC1CFB7-CDAB-4B6D-BFC0-D8DF876C7B2D} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14197&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FN&apn_dtid=TES002YYNA&apn_uid=4ca84049-5923-444e-aeaf-3ba1d4c250c5&apn_sauid=C2477ED9-C625-4213-8E32-C46504FBEB85
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {E2AF56A8-FB24-481E-B2A3-4E55426EC6D8} URL = http://search.softonic.com/INF00176/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=701d3de20000000000008c89a56a823f&r=783
SearchScopes: HKCU - {E4BBBB2C-AADD-401C-AC34-7A3623B5E108} URL = http://tuvaro.com/ws/?source=4c3f95e5&tbp=rbox&toolbarid=base&u=701d3de20000000000008c89a56a823f&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: RObbOSaVer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\Extensions\d_5lib@iiyjkc-.com [2014-05-21]
FF Extension: 50Couupionns - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\Extensions\ozixo@jmz-.org [2014-05-21]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-26]
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-03-05]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2012-04-27]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR StartupUrls: "hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/16&hid=10091473551558490353&lg=EN&cc=NA&unqvl=51"
CHR NewTab: "chrome-extension://oepeikenplfgfchjmldneibialmkmipj/newtab.html",
                "chrome-extension://afafbjghmenagnimfdnljbhakkohnhec/redirect.html"
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (50Couupionns) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\emjkdokchiaeplaclnbeopmjpbamflma [2014-05-21]
CHR Extension: (ClickClean) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-04-16]
CHR Extension: (GReaTSave4oU) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjdeobhfgeijjciccklieakoikdaecd [2014-04-23]
CHR Extension: (YoutubeAdblocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn [2014-04-16]
CHR Extension: (savve NEt) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc [2014-04-16]
CHR Extension: (BrotherSoft Extreme2 B1) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp [2013-11-20]
CHR Extension: (RObbOSaVer) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kalhbfpohgcchnoeheeafdnlgndebooi [2014-05-21]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-15]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (SNT) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj [2014-04-16]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-29]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-03-05]
CHR HKLM\...\Chrome\Extension: [jndeiekmdhemaggmkgljlpdeaomeplbp] - C:\Users\user\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx [2013-01-30]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2012-04-27]
CHR HKCU\...\Chrome\Extension: [jndeiekmdhemaggmkgljlpdeaomeplbp] - C:\Users\user\AppData\Local\CRE\jndeiekmdhemaggmkgljlpdeaomeplbp.crx [2013-01-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-30] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-29] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-29] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-29] ()
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [63816 2013-05-13] (BlueStack Systems)
R3 MBfilt; C:\Windows\System32\drivers\MBfilt32.sys [24664 2009-11-18] (Creative Technology Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 07:52 - 2014-08-11 07:53 - 00020399 _____ () C:\Users\user\Downloads\FRST.txt
2014-08-11 07:52 - 2014-08-11 07:52 - 00000000 ____D () C:\FRST
2014-08-11 07:51 - 2014-08-11 07:51 - 01091072 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-08-11 07:48 - 2014-08-11 07:48 - 00023824 _____ () C:\Users\user\Documents\BLEEP.txt
2014-08-08 17:33 - 2014-08-09 07:02 - 00000000 ____D () C:\Users\user\Downloads\The Hobbit The Desolation of Smaug (2013)
2014-08-08 13:02 - 2014-08-08 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 12:47 - 2014-08-08 12:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 11:43 - 2014-08-08 13:46 - 00000000 ____D () C:\Users\user\Downloads\Bad Words (2013)
2014-08-08 11:31 - 2014-08-08 13:49 - 00000000 ____D () C:\Users\user\Downloads\Star Trek Into Darkness (2013)
2014-08-08 11:26 - 2014-08-08 13:48 - 00000000 ____D () C:\Users\user\Downloads\The Amazing Spider Man 2 (2014) [1080p]
2014-08-08 09:03 - 2014-08-08 09:03 - 00019856 _____ () C:\Users\user\Documents\DDS.txt
2014-08-08 09:03 - 2014-08-08 09:03 - 00005327 _____ () C:\Users\user\Documents\Attach.txt
2014-08-08 08:57 - 2014-08-08 08:57 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-08-08 08:07 - 2014-08-08 08:10 - 00000000 ____D () C:\Users\user\Downloads\Jack Ryan Shadow Recruit [2014] HDRip XViD juggs[ETRG]
2014-08-08 07:48 - 2014-08-08 07:48 - 00038208 _____ (Elit -e - Company) C:\Users\user\Downloads\Into the Storm [DVDRip XviD].exe
2014-08-07 17:07 - 2014-08-07 17:07 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-07 16:18 - 2014-08-07 16:19 - 00022325 _____ () C:\Users\user\Documents\Copy of Copy of ebh (2).xlsx
2014-08-06 17:05 - 2014-08-06 17:06 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\user\Documents\rkill.exe
2014-08-05 08:37 - 2014-07-25 12:55 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-05 08:37 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 08:37 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-05 08:37 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-05 08:36 - 2014-08-05 08:37 - 00004139 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 08:32 - 2014-08-05 08:33 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-08-05 08:13 - 2014-08-05 08:13 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-08-04 16:43 - 2014-08-04 16:43 - 00042258 _____ () C:\Users\user\Documents\Book2.xlsx
2014-08-04 11:27 - 2014-08-04 11:27 - 00016987 _____ () C:\Users\user\Documents\ebh.xlsx
2014-08-04 10:26 - 2014-08-04 13:44 - 00013983 _____ () C:\Users\user\Documents\scorp2014.xlsx
2014-08-01 07:47 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 07:47 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 07:47 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 07:47 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 07:46 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 07:46 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 07:46 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 07:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 07:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 13:44 - 2014-07-31 13:44 - 00000000 _____ () C:\Users\user\Downloads\Keygen Installer__9167_il686870.exe
2014-07-31 13:42 - 2014-06-15 13:58 - 00000910 _____ () C:\Users\user\Downloads\Instruction.txt
2014-07-31 13:34 - 2014-07-31 13:34 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-31 13:33 - 2014-07-31 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-30 11:31 - 2014-07-30 11:30 - 01180529 _____ () C:\Windows\unins000.exe
2014-07-30 11:29 - 2014-07-30 11:31 - 00001730 _____ () C:\Windows\unins000.dat
2014-07-30 11:27 - 2014-04-18 13:35 - 00000000 ____D () C:\Users\user\Downloads\ZeNiX Crack
2014-07-30 11:27 - 2013-12-07 19:33 - 00000106 _____ () C:\Users\user\Downloads\On HAX.url
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\Users\user\Documents\Anvsoft
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Anvsoft
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\Program Files\AnvSoft
2014-07-30 10:44 - 2014-07-30 10:44 - 00000000 ____D () C:\Users\user\Documents\Optimizer Pro
2014-07-30 10:10 - 2014-07-30 10:10 - 00002061 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-07-30 10:10 - 2014-07-30 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-30 10:08 - 2014-07-30 10:08 - 00270752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-30 10:08 - 2014-07-30 10:08 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-30 09:25 - 2014-07-30 09:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 11:33 - 2014-07-29 11:40 - 28694720 _____ (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-V5.14.exe
2014-07-29 10:19 - 2014-07-29 10:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-24 17:13 - 2014-07-25 12:46 - 00000000 ____D () C:\Program Files\Recuva
2014-07-24 17:13 - 2014-07-24 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-07-24 17:11 - 2014-07-24 17:12 - 04210920 _____ (Piriform Ltd) C:\Users\user\Downloads\rcsetup151.exe
2014-07-24 16:20 - 2014-07-24 17:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-16 16:31 - 2014-07-16 16:31 - 00000000 __SHD () C:\found.000
2014-07-15 12:54 - 2014-07-15 12:54 - 00467388 _____ () C:\Users\user\Documents\Book1.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 07:53 - 2014-08-11 07:52 - 00020399 _____ () C:\Users\user\Downloads\FRST.txt
2014-08-11 07:52 - 2014-08-11 07:52 - 00000000 ____D () C:\FRST
2014-08-11 07:52 - 2013-10-08 15:22 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-08-11 07:51 - 2014-08-11 07:51 - 01091072 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
2014-08-11 07:48 - 2014-08-11 07:48 - 00023824 _____ () C:\Users\user\Documents\BLEEP.txt
2014-08-11 07:45 - 2013-07-29 08:00 - 00032749 _____ () C:\Users\user\Documents\1Prop1.xlsx
2014-08-11 07:45 - 2013-07-29 07:58 - 01748479 _____ () C:\Users\user\Documents\1Wvb1.xlsx
2014-08-11 07:39 - 2012-04-27 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 07:08 - 2012-11-20 14:16 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000UA.job
2014-08-11 07:05 - 2013-07-15 15:34 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 03:00 - 2012-04-26 15:18 - 01856424 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 15:05 - 2013-07-15 15:34 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 09:08 - 2012-11-20 14:16 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000Core.job
2014-08-09 07:02 - 2014-08-08 17:33 - 00000000 ____D () C:\Users\user\Downloads\The Hobbit The Desolation of Smaug (2013)
2014-08-08 17:03 - 2012-04-27 14:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-08-08 16:28 - 2010-11-20 22:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 16:27 - 2009-07-14 05:39 - 00116132 _____ () C:\Windows\setupact.log
2014-08-08 14:12 - 2009-07-14 05:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 14:12 - 2009-07-14 05:34 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 13:49 - 2014-08-08 11:31 - 00000000 ____D () C:\Users\user\Downloads\Star Trek Into Darkness (2013)
2014-08-08 13:48 - 2014-08-08 11:26 - 00000000 ____D () C:\Users\user\Downloads\The Amazing Spider Man 2 (2014) [1080p]
2014-08-08 13:46 - 2014-08-08 11:43 - 00000000 ____D () C:\Users\user\Downloads\Bad Words (2013)
2014-08-08 13:44 - 2012-09-28 10:53 - 00001286 __RSH () C:\Users\user\ntuser.pol
2014-08-08 13:43 - 2010-11-20 22:48 - 00558426 _____ () C:\Windows\PFRO.log
2014-08-08 13:43 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 13:35 - 2013-01-30 14:54 - 00000000 ____D () C:\Users\user\AppData\Roaming\SearchProtect
2014-08-08 13:35 - 2013-01-30 14:54 - 00000000 ____D () C:\Program Files\SearchProtect
2014-08-08 13:34 - 2014-05-21 16:39 - 00000000 ____D () C:\ProgramData\DigiSavEr
2014-08-08 13:34 - 2014-04-23 08:32 - 00000000 ____D () C:\ProgramData\ExstraCooUpoon
2014-08-08 13:02 - 2014-08-08 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 12:51 - 2014-08-08 12:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-08 09:03 - 2014-08-08 09:03 - 00019856 _____ () C:\Users\user\Documents\DDS.txt
2014-08-08 09:03 - 2014-08-08 09:03 - 00005327 _____ () C:\Users\user\Documents\Attach.txt
2014-08-08 08:57 - 2014-08-08 08:57 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-08-08 08:52 - 2012-04-27 14:58 - 00000000 ___RD () C:\Program Files\Skype
2014-08-08 08:10 - 2014-08-08 08:07 - 00000000 ____D () C:\Users\user\Downloads\Jack Ryan Shadow Recruit [2014] HDRip XViD juggs[ETRG]
2014-08-08 07:48 - 2014-08-08 07:48 - 00038208 _____ (Elit -e - Company) C:\Users\user\Downloads\Into the Storm [DVDRip XviD].exe
2014-08-07 17:07 - 2014-08-07 17:07 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-07 17:07 - 2012-04-27 14:58 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 16:19 - 2014-08-07 16:18 - 00022325 _____ () C:\Users\user\Documents\Copy of Copy of ebh (2).xlsx
2014-08-07 12:18 - 2014-01-07 16:29 - 00011581 _____ () C:\Users\user\Documents\voucher.xlsx
2014-08-07 11:26 - 2012-04-27 08:26 - 00000000 ____D () C:\Temp
2014-08-07 08:26 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\AutoKMS
2014-08-07 08:22 - 2014-04-16 12:36 - 00000000 ____D () C:\ProgramData\SNT
2014-08-07 08:22 - 2014-04-16 12:29 - 00000000 ____D () C:\ProgramData\save  net
2014-08-06 17:06 - 2014-08-06 17:05 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\user\Documents\rkill.exe
2014-08-06 16:40 - 2014-04-16 12:53 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-08-05 08:45 - 2014-05-22 17:04 - 00130104 _____ () C:\Users\user\Documents\brwcreditorledger.xlsx
2014-08-05 08:37 - 2014-08-05 08:36 - 00004139 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-08-05 08:37 - 2013-11-13 07:14 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-05 08:37 - 2012-06-06 11:08 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-05 08:37 - 2012-05-31 21:06 - 00000000 ____D () C:\Program Files\Java
2014-08-05 08:33 - 2014-08-05 08:32 - 00918952 _____ (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2014-08-05 08:33 - 2013-11-28 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-08-05 08:33 - 2013-11-28 15:40 - 00000000 ____D () C:\Program Files\DivX
2014-08-05 08:33 - 2013-11-28 15:37 - 00000000 ____D () C:\ProgramData\DivX
2014-08-05 08:13 - 2014-08-05 08:13 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-08-05 08:13 - 2012-09-03 13:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-08-05 08:13 - 2012-04-26 16:12 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-04 16:43 - 2014-08-04 16:43 - 00042258 _____ () C:\Users\user\Documents\Book2.xlsx
2014-08-04 13:44 - 2014-08-04 10:26 - 00013983 _____ () C:\Users\user\Documents\scorp2014.xlsx
2014-08-04 12:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-08-04 11:27 - 2014-08-04 11:27 - 00016987 _____ () C:\Users\user\Documents\ebh.xlsx
2014-07-31 16:46 - 2012-05-22 13:26 - 00002323 _____ () C:\Users\user\Documents\tonata.lnk
2014-07-31 13:44 - 2014-07-31 13:44 - 00000000 _____ () C:\Users\user\Downloads\Keygen Installer__9167_il686870.exe
2014-07-31 13:34 - 2014-07-31 13:34 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-07-31 13:34 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-07-31 13:33 - 2014-07-31 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-30 11:32 - 2012-05-03 16:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 11:31 - 2014-07-30 11:29 - 00001730 _____ () C:\Windows\unins000.dat
2014-07-30 11:30 - 2014-07-30 11:31 - 01180529 _____ () C:\Windows\unins000.exe
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\Users\user\Documents\Anvsoft
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Anvsoft
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-07-30 11:00 - 2014-07-30 11:00 - 00000000 ____D () C:\Program Files\AnvSoft
2014-07-30 10:44 - 2014-07-30 10:44 - 00000000 ____D () C:\Users\user\Documents\Optimizer Pro
2014-07-30 10:10 - 2014-07-30 10:10 - 00002061 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-07-30 10:10 - 2014-07-30 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-30 10:09 - 2012-04-26 16:08 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-30 10:08 - 2014-07-30 10:08 - 00270752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-07-30 10:08 - 2014-07-30 10:08 - 00026136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-07-30 09:25 - 2014-07-30 09:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 17:30 - 2013-12-12 10:30 - 00000000 ____D () C:\Users\user\AppData\Local\genienext
2014-07-29 17:30 - 2013-11-26 15:07 - 00000000 ____D () C:\Program Files\Mobogenie
2014-07-29 11:40 - 2014-07-29 11:33 - 28694720 _____ (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-V5.14.exe
2014-07-29 10:19 - 2014-07-29 10:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-29 10:19 - 2014-05-29 21:12 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-29 10:19 - 2014-03-24 07:32 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-29 10:19 - 2013-03-20 07:17 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-29 10:19 - 2013-03-20 07:17 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-29 10:19 - 2012-04-26 16:08 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-29 10:19 - 2012-04-26 16:08 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-29 10:19 - 2012-04-26 16:08 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-29 10:19 - 2012-04-26 16:08 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-29 09:20 - 2013-10-07 08:38 - 00011827 _____ () C:\Users\user\ledger_2.xlsx
2014-07-29 09:20 - 2013-10-07 08:38 - 00000990 _____ () C:\Users\user\ledger_2.dbf
2014-07-29 09:20 - 2013-10-07 08:33 - 00011842 _____ () C:\Users\user\ledger.xlsx
2014-07-25 13:37 - 2012-10-18 14:32 - 00000000 ____D () C:\Users\user\Documents\GL Prop
2014-07-25 12:55 - 2014-08-05 08:37 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-25 12:49 - 2014-08-05 08:37 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-25 12:49 - 2014-08-05 08:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-25 12:49 - 2014-08-05 08:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-25 12:46 - 2014-07-24 17:13 - 00000000 ____D () C:\Program Files\Recuva
2014-07-24 17:13 - 2014-07-24 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-07-24 17:12 - 2014-07-24 17:11 - 04210920 _____ (Piriform Ltd) C:\Users\user\Downloads\rcsetup151.exe
2014-07-24 17:11 - 2014-07-24 16:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-23 07:51 - 2012-10-18 14:32 - 00000000 ____D () C:\Users\user\Documents\GL Online
2014-07-22 07:41 - 2009-07-14 05:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 16:31 - 2014-07-16 16:31 - 00000000 __SHD () C:\found.000
2014-07-15 12:54 - 2014-07-15 12:54 - 00467388 _____ () C:\Users\user\Documents\Book1.xlsx

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Users\Thomas Imbili\easyFile-employer.exe
C:\Users\user\easyFile-employer.exe


Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\6_Offer_6.exe
C:\Users\user\AppData\Local\Temp\88123uninstall.exe
C:\Users\user\AppData\Local\Temp\AdobeAIRInstaller.exe
C:\Users\user\AppData\Local\Temp\AskSLib.dll
C:\Users\user\AppData\Local\Temp\BackupSetup.exe
C:\Users\user\AppData\Local\Temp\Checkupdate.exe
C:\Users\user\AppData\Local\Temp\CountInstallation.exe
C:\Users\user\AppData\Local\Temp\Dllinst.dll
C:\Users\user\AppData\Local\Temp\doxillionsetup.exe
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnz6xf_.dll
C:\Users\user\AppData\Local\Temp\easyFile-employer.exe
C:\Users\user\AppData\Local\Temp\ffdshow.exe
C:\Users\user\AppData\Local\Temp\ffmpeg15.exe
C:\Users\user\AppData\Local\Temp\flacdec2.exe
C:\Users\user\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\user\AppData\Local\Temp\Foxit Updater.exe
C:\Users\user\AppData\Local\Temp\gcapi_dll.dll
C:\Users\user\AppData\Local\Temp\gtapi_signed.dll
C:\Users\user\AppData\Local\Temp\htmlayout.dll
C:\Users\user\AppData\Local\Temp\installhelper.dll
C:\Users\user\AppData\Local\Temp\jre-6u34-windows-i586.exe
C:\Users\user\AppData\Local\Temp\jre-6u6-windows-i586-p.exe
C:\Users\user\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\user\AppData\Local\Temp\lowproc.exe
C:\Users\user\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\user\AppData\Local\Temp\mp3el.exe
C:\Users\user\AppData\Local\Temp\msvcr90.dll
C:\Users\user\AppData\Local\Temp\OptimizerPro.exe
C:\Users\user\AppData\Local\Temp\PartnerInstaller_smtyc.exe
C:\Users\user\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\user\AppData\Local\Temp\pixsetup.exe
C:\Users\user\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\user\AppData\Local\Temp\prismsetup.exe
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\sqlite3.exe
C:\Users\user\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\user\AppData\Local\Temp\stubhelper.dll
C:\Users\user\AppData\Local\Temp\tbBrot.dll
C:\Users\user\AppData\Local\Temp\uninst1.exe
C:\Users\user\AppData\Local\Temp\uninstall1059621.exe
C:\Users\user\AppData\Local\Temp\uttB0B5.tmp.exe
C:\Users\user\AppData\Local\Temp\vcredist_x86.exe
C:\Users\user\AppData\Local\Temp\wpsetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 00:38

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by user at 2014-08-11 07:53:31
Running from C:\Users\user\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Auto Gordian Knot 2.55 (HKLM\...\AutoGK) (Version: 2.55 - len0x)
Avast License by ZeNiX [2014-03-14] (HKLM\...\Avast_2050_ZeNiX [2014-03-14]_is1) (Version:  - )
avast! Premier (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
BulkSMS Desktop Messenger (HKLM\...\{0A9D5986-527F-4DEB-B8D0-1AD740072687}) (Version: 5.3.2 - Celerity Systems (Pty) Ltd)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
CanoScan LiDE 90 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DHL Connect (HKLM\...\DHL Connect) (Version:  - )
DHL Connect v3.3 (HKLM\...\DHL Connect v3.3) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
e@syFile-employer (HKLM\...\easyFileEmployer.0612E4541602589CA8807A3EA214FDF182FEF49D.1) (Version: 6.5.1 - South African Revenue Service)
e@syFile-employer (Version: 6.5.1 - South African Revenue Service) Hidden
Elevated Installer (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - FreeCodecPack)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Free MKV to AVI Converter (HKLM\...\{E262A0A7-F5E9-4532-9C23-E88755886510}) (Version: 2.1.0.0 - http://freedomsoftwarecompany.com/)
Freemake Video Converter version 4.1.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Garmin Express (HKLM\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Talk Plugin (HKLM\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - FreeCodecPack)
iKill (HKLM\...\{F830BBC2-9E28-4645-A366-78DCE8B23084}) (Version: 4.1.0 - ArpanTECH)
Image Resizer for Windows (HKLM\...\{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}) (Version: 3.0.4442.6002 - Brice Lambson)
Image Resizer for Windows (Version: 3.0.4442.6002 - Brice Lambson) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2401 - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jays Snipping Tool (HKCU\...\e891758400ca417b) (Version: 1.0.0.12 - Missoula Software)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero 9 Essentials (HKLM\...\{daa1925d-a298-4698-b0fd-347e8f58cc45}) (Version:  - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.4.10.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
PDF To JPG Converter 2.0.2 (HKLM\...\PDF To JPG Converter_is1) (Version:  - PDF To JPG Converter)
PDFMate Free PDF Merger 1.0.8 (HKLM\...\PDFMate Free PDF Merger_is1) (Version:  - pdfmate.com)
Prism Video File Converter (HKLM\...\Prism) (Version:  - NCH Software)
QuickTrav PDF (HKLM\...\QuickTrav PDF) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6343 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
save  net (HKLM\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1718 - saVe, neett) <==== ATTENTION
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SNT (HKLM\...\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}) (Version: 4.1.0.1734 - SNT) <==== ATTENTION
Striata Reader (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.15-1 - Striata Communication Solutions)
Switch Sound File Converter (HKLM\...\Switch) (Version:  - NCH Software)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.12979 - TeamViewer)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
USBShortcutRecover (HKLM\...\{AACFE8D8-78E3-497A-898A-72A23B780E92}) (Version: 1.2.0 - Indasy)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WordWeb (HKLM\...\WordWeb) (Version: 6 - WordWeb Software)
XviD MPEG4 Video Codec (remove only) (HKLM\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.124\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-285515482-2427174763-81513029-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

08-08-2014 13:10:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05C9A645-E68E-4BC2-998F-99B399412CEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {082E636B-A2BA-4C93-9BAC-9D10726C9A12} - System32\Tasks\NCH Software\PrismReminder => C:\Program Files\NCH Software\Prism\Prism.exe [2013-04-30] (NCH Software)
Task: {0C608B22-6ECD-4C63-8405-3E22E94B3BA4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-285515482-2427174763-81513029-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {13FB2A4E-6FDF-4BB9-8557-70E8779B459A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-29] (AVAST Software)
Task: {20F4E94B-ACA3-4773-B3DA-33B9A3AA70AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {2EAB0A8C-ACAE-426B-8953-8C1580DB3C43} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {5598BF62-D330-463A-A5CC-0E2E28E90ED2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {59F92D0C-8381-4C10-98F4-A2EF5EF1999E} - System32\Tasks\NCH Software\PrismDowngrade => C:\Program Files\NCH Software\Prism\prism.exe [2013-04-30] (NCH Software)
Task: {91642832-CBFA-48C1-A625-FA516134C482} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {942B0279-5A34-4D96-A948-CFE15380543C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.)
Task: {A3E0B544-D5E7-4721-876A-B0D2E844D0EC} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-03] (MediaCodec.Org)
Task: {B0D2840E-5124-490C-B2B9-8073EA08C6BC} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {DE902E03-22B5-4528-9B31-CDEB4B91F4DB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-285515482-2427174763-81513029-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-30 11:31 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2014-07-29 10:19 - 2014-07-29 10:19 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-08 11:27 - 2014-08-08 11:27 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080800\algo.dll
2014-08-10 21:07 - 2014-08-10 21:07 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081001\algo.dll
2012-04-27 12:22 - 2006-02-21 05:42 - 00086016 _____ () C:\Windows\System32\custmon2k.dll
2008-12-22 07:14 - 2007-05-17 20:33 - 00139264 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\hpzpi072.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-26 15:23 - 2011-05-21 18:32 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-07-29 10:19 - 2014-07-29 10:19 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-30 11:31 - 2014-03-14 08:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\version.DLL
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-04-27 16:49 - 2012-02-18 20:58 - 02213120 ____N () C:\Windows\wweb32.dll
2012-04-27 16:49 - 2012-02-08 20:11 - 00021040 ____N () C:\Program Files\WordWeb\WUCNT.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-10 01:05 - 2010-01-10 01:05 - 01040736 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-01-10 18:37 - 2010-01-10 18:37 - 00058208 _____ () C:\Program Files\Microsoft Office\Office14\1033\UmOutlookStrings.dll
2010-01-21 01:47 - 2010-01-21 01:47 - 00122720 _____ () C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL
2010-05-08 19:32 - 2006-03-08 13:21 - 00555008 _____ () Z:\quick\qm32.exe
2014-07-30 09:25 - 2014-07-30 09:25 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 01:44:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2014 01:44:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/07/2014 05:05:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 05:05:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/07/2014 08:51:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 08:51:39 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/05/2014 04:40:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 04:39:11 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/05/2014 07:58:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 07:57:46 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (08/08/2014 01:44:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/08/2014 01:44:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (08/08/2014 01:44:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (08/07/2014 05:05:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/07/2014 08:51:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/06/2014 05:07:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DefaultTabUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/05/2014 04:39:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/05/2014 04:38:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:04:02 on ‎05/‎08/‎2014 was unexpected.

Error: (08/05/2014 07:57:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (08/04/2014 00:53:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.


Microsoft Office Sessions:
=========================
Error: (08/08/2014 01:44:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2014 01:44:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/07/2014 05:05:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 05:05:42 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/07/2014 08:51:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/07/2014 08:51:39 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/05/2014 04:40:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 04:39:11 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/05/2014 07:58:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/05/2014 07:57:46 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 1953.95 MB
Available physical RAM: 429.39 MB
Total Pagefile: 3907.91 MB
Available Pagefile: 1535.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:403.69 GB) NTFS
Drive z: () (Network) (Total:465.76 GB) (Free:283.23 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 157FA939)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 11 August 2014 - 06:42 AM



Hello tonata

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tonata

tonata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 11 August 2014 - 08:59 AM

Hi Grinco

 

Thank you, all seem to be working just fine now

 

Here are the reports

 

________________________________

# AdwCleaner v3.304 - Report created 11/08/2014 at 14:31:13
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DigiSaver
Folder Deleted : C:\ProgramData\DriverCure
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\SNT
Folder Deleted : C:\ProgramData\SuperbApp
Folder Deleted : C:\ProgramData\save  net
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SNT
Folder Deleted : C:\Program Files\webget
Folder Deleted : C:\Program Files\YourFileDownloader
Folder Deleted : C:\Program Files\save  net
Folder Deleted : C:\users\user\AppData\Local\Conduit
Folder Deleted : C:\users\user\AppData\Local\genienext
Folder Deleted : C:\users\user\AppData\Local\globalUpdate
Folder Deleted : C:\users\user\AppData\Local\Ilivid Player
Folder Deleted : C:\users\user\AppData\Local\Mobogenie
Folder Deleted : C:\users\user\AppData\Local\Popajar
Folder Deleted : C:\users\user\AppData\Local\torch
Folder Deleted : C:\users\user\AppData\Local\Temp\AskSearch
Folder Deleted : C:\users\user\AppData\Local\Temp\OCS
Folder Deleted : C:\users\user\AppData\Local\Temp\tuvaro
Folder Deleted : C:\users\user\AppData\Local\Temp\webget
Folder Deleted : C:\users\user\AppData\LocalLow\Conduit
Folder Deleted : C:\users\user\AppData\LocalLow\tuvaro
Folder Deleted : C:\users\user\AppData\Roaming\Babylon
Folder Deleted : C:\users\user\AppData\Roaming\NCH Software
Folder Deleted : C:\users\user\AppData\Roaming\PerformerSoft
Folder Deleted : C:\users\user\AppData\Roaming\SearchProtect
Folder Deleted : C:\users\user\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\users\user\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\users\user\Documents\Optimizer Pro
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp
File Deleted : C:\users\user\daemonprocess.txt
File Deleted : C:\users\user\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\users\user\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\users\user\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : DTReg
Task Deleted : YourFile Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\5c6df8db768b943
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281348
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Unitech LLC
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Unitech LLC
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\prefs.js ]

Line Deleted : user_pref("extensions.yaetQhi4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.zazt8bM9QP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=377&r=2014/04/16&hid=10091473551558490353&lg=EN&cc=NA&unqvl=51
Deleted [Startup_urls] : hxxp://websearch.amaizingsearches.info/?pid=377&r=2014/04/16&hid=10091473551558490353&lg=EN&cc=NA&unqvl=51
Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deleted [Extension] : dbpebffoameokfhnaaedmefjncfboino
Deleted [Extension] : jndeiekmdhemaggmkgljlpdeaomeplbp

*************************

AdwCleaner[R0].txt - [12104 octets] - [11/08/2014 14:17:45]
AdwCleaner[S0].txt - [12242 octets] - [11/08/2014 14:31:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12303 octets] ##########
 

_____________________________________________________

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by user on 11/08/2014 at 14:44:40.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-285515482-2427174763-81513029-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F90AC1E-301E-4FA4-B848-3157E6427B65}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6FC1CFB7-CDAB-4B6D-BFC0-D8DF876C7B2D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E2AF56A8-FB24-481E-B2A3-4E55426EC6D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4BBBB2C-AADD-401C-AC34-7A3623B5E108}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\user\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Program Files\fighters"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\32qyhrte.default-1400068031109\prefs.js

user_pref("extensions.yaetQhi4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>
user_pref("extensions.zazt8bM9QP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\"
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\32qyhrte.default-1400068031109\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/08/2014 at 14:47:12.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 11 August 2014 - 12:25 PM


Hello tonata

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tonata

tonata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 12 August 2014 - 03:09 AM

Hi Gringo

I did not encounter any problems

Thank you

_______________________________

 

ComboFix 14-08-12.01 - user 12/08/2014   8:51.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.1954.1199 [GMT 1:00]
Running from: c:\users\user\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sonja Botma\Application Data\alot
c:\documents and settings\Thomas Imbili\Application Data\alot
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\Thomas Imbili\easyFile-employer.exe
c:\users\Thomas Imbili\System
c:\users\Thomas Imbili\System\win_qs8.jqx
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\user\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\user\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\background.html
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\content.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\lsdb.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\manifest.json
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\145\Sgy82jcFn.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\background.html
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\content.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\lsdb.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\manifest.json
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigclfapikmpnmljmhhgchnommlogmbn\1.0\wHx5tQT.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\AZcpBH7TegPs.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\background.html
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\content.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\lsdb.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiemcnlhleimgogbpmaloaidcpkfaghc\5.14\manifest.json
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\background.html
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\content.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\lsdb.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\manifest.json
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\newtab.html
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oepeikenplfgfchjmldneibialmkmipj\2.1\QBpLxmSB1.js
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ghgabhipcejejjmhhchfonmamedcbeod_0.localstorage-journal
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ghgabhipcejejjmhhchfonmamedcbeod_0.localstorage
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iigclfapikmpnmljmhhgchnommlogmbn_0.localstorage-journal
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iigclfapikmpnmljmhhgchnommlogmbn_0.localstorage
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jiemcnlhleimgogbpmaloaidcpkfaghc_0.localstorage-journal
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jiemcnlhleimgogbpmaloaidcpkfaghc_0.localstorage
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oepeikenplfgfchjmldneibialmkmipj_0.localstorage-journal
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oepeikenplfgfchjmldneibialmkmipj_0.localstorage
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Jotzey_iels
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\d_5lib@iiyjkc-.com
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\d_5lib@iiyjkc-.com\bootstrap.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\d_5lib@iiyjkc-.com\chrome.manifest
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\d_5lib@iiyjkc-.com\content\bg.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\d_5lib@iiyjkc-.com\install.rdf
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\ozixo@jmz-.org
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\ozixo@jmz-.org\bootstrap.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\ozixo@jmz-.org\chrome.manifest
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\ozixo@jmz-.org\content\bg.js
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\extensions\ozixo@jmz-.org\install.rdf
c:\users\user\easyFile-employer.exe
c:\windows\system32\logs
c:\windows\system32\settings.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-12 to 2014-08-12  )))))))))))))))))))))))))))))))
.
.
2014-08-12 08:02 . 2014-08-12 08:05    --------    d-----w-    c:\users\user\AppData\Local\temp
2014-08-12 08:02 . 2014-08-12 08:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-12 08:02 . 2014-08-12 08:02    --------    d-----w-    c:\documents and settings\Thomas Imbili\Local Settings\Application Data\temp
2014-08-11 13:44 . 2014-08-11 13:44    --------    d-----w-    c:\windows\ERUNT
2014-08-11 13:19 . 2010-08-30 07:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-08-11 13:17 . 2014-08-11 13:31    --------    d-----w-    C:\AdwCleaner
2014-08-11 06:52 . 2014-08-11 06:54    --------    d-----w-    C:\FRST
2014-08-09 01:43 . 2014-08-12 02:11    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CD1A5C1-C37F-4DEA-93F8-9E4EC1BB0C7F}\offreg.dll
2014-08-08 13:11 . 2014-07-02 03:11    8217224    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CD1A5C1-C37F-4DEA-93F8-9E4EC1BB0C7F}\mpengine.dll
2014-08-08 12:02 . 2014-08-08 12:02    --------    d-----w-    c:\programdata\Malwarebytes
2014-08-07 16:07 . 2014-08-07 16:07    --------    d-----w-    c:\program files\Common Files\Skype
2014-08-05 07:37 . 2014-07-25 11:55    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 07:13 . 2014-08-05 07:13    --------    d-----w-    c:\users\user\AppData\Local\Adobe
2014-08-01 06:47 . 2014-05-14 16:23    45536    ----a-w-    c:\windows\system32\wups2.dll
2014-08-01 06:47 . 2014-05-14 16:23    54240    ----a-w-    c:\windows\system32\wuauclt.exe
2014-08-01 06:47 . 2014-05-14 16:17    2425856    ----a-w-    c:\windows\system32\wucltux.dll
2014-08-01 06:47 . 2014-05-14 16:23    1973728    ----a-w-    c:\windows\system32\wuaueng.dll
2014-08-01 06:46 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\system32\wups.dll
2014-08-01 06:46 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\system32\wudriver.dll
2014-08-01 06:46 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\system32\wuapi.dll
2014-08-01 06:46 . 2014-05-14 08:23    179656    ----a-w-    c:\windows\system32\wuwebv.dll
2014-08-01 06:46 . 2014-05-14 08:17    33792    ----a-w-    c:\windows\system32\wuapp.exe
2014-07-31 12:34 . 2014-07-31 12:34    --------    d-----w-    c:\users\Public\Foxit Software
2014-07-30 10:31 . 2014-07-30 10:30    1180529    ----a-w-    c:\windows\unins000.exe
2014-07-30 10:00 . 2014-07-30 10:00    --------    d-----w-    c:\users\user\AppData\Roaming\Anvsoft
2014-07-30 10:00 . 2014-07-30 10:00    --------    d-----w-    c:\program files\AnvSoft
2014-07-30 09:08 . 2014-07-30 09:08    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-07-30 09:08 . 2014-07-30 09:08    270752    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-29 09:19 . 2014-07-29 09:19    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-24 16:13 . 2014-07-25 11:46    --------    d-----w-    c:\program files\Recuva
2014-07-16 15:31 . 2014-07-16 15:31    --------    d-----w-    C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-30 09:09 . 2012-04-26 15:08    414520    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-29 09:19 . 2014-03-24 06:32    71944    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-07-29 09:19 . 2014-05-29 20:12    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-29 09:19 . 2013-03-20 06:17    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-29 09:19 . 2013-03-20 06:17    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-29 09:19 . 2012-04-26 15:08    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-07-29 09:19 . 2012-04-26 15:08    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-07-29 09:19 . 2012-04-26 15:08    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-29 09:19 . 2012-04-26 15:08    276432    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-09 09:40 . 2012-04-27 14:08    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 09:40 . 2012-04-27 14:08    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-09 09:40 . 2014-07-09 09:40    5659136    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-06-18 23:56 . 2014-07-09 14:23    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-18 23:56 . 2014-07-09 14:23    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38 . 2014-07-09 14:23    455168    ----a-w-    c:\windows\system32\vbscript.dll
2014-06-18 23:37 . 2014-07-09 14:23    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-06-18 23:36 . 2014-07-09 14:23    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 14:23    62464    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23 . 2014-07-09 14:23    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-06-18 23:23 . 2014-07-09 14:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22 . 2014-07-09 14:23    592896    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-06-18 23:16 . 2014-07-09 14:23    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06 . 2014-07-09 14:23    32256    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52 . 2014-07-09 14:23    4254720    ----a-w-    c:\windows\system32\jscript9.dll
2014-06-18 22:46 . 2014-07-09 14:23    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 14:23    1964544    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-06-18 22:13 . 2014-07-09 14:23    1791488    ----a-w-    c:\windows\system32\wininet.dll
2014-06-18 01:51 . 2014-07-09 14:15    646144    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 00:52 . 2014-07-09 14:15    2350080    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 09:44 . 2014-07-09 14:15    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 14:14    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 14:14    172032    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 14:14    65536    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 14:15    247808    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 14:14    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 14:14    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 14:15    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 14:14    17408    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 14:15    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-05-16 07:53 . 2014-05-16 07:53    341848    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-29 09:19    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [2011-12-28 143360]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-12-30 1095000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"uTorrent"="c:\users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe" [2014-07-03 1322832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-25 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-25 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-25 176408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-30 4085896]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\documents and settings\Sonja Botma\Start Menu\Programs\Startup\
Copy of map.bat [2008-2-26 154]
.
c:\documents and settings\Thomas Imbili\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2012-4-27 65216]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BulkSMS Text Messenger.lnk - c:\program files\BulkSMS Messenger\Messenger.exe [2012-5-19 7957488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2013-05-13 12:21    601928    ----a-w-    c:\program files\BlueStacks\HD-Agent.exe
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-07-30 270752]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-07-30 26136]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-29 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-30 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-29 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-29 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-29 71944]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-07-30 106488]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-05-13 63816]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-05-13 384840]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [2014-06-17 242216]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt32.sys [2009-11-18 24664]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 12:09    1077576    ----a-w-    c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 09:40]
.
2014-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-15 14:33]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-15 14:33]
.
2014-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20 13:16]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20 13:16]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
c:\documents and settings\Sonja Botma\Start Menu\Programs\Startup\Active SMART.lnk - c:\program files\Active SMART\ActiveSMART.exe
AddRemove-ffdshow_is1 - c:\program files\ffdshow\uninstall.exe
AddRemove-Prism - c:\program files\NCH Software\Prism\prism.exe
AddRemove-Switch - c:\program files\NCH Software\Switch\switch.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
AddRemove-uTorrent - c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-12  09:07:25
ComboFix-quarantined-files.txt  2014-08-12 08:07
.
Pre-Run: 443,168,075,776 bytes free
Post-Run: 446,808,879,104 bytes free
.
- - End Of File - - 28351DC46D7074519CB750515122D6BA
A36C5E4F47E84449FF07ED3517B43A31
 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 12 August 2014 - 07:40 AM


Hello tonata

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tonata

tonata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 12 August 2014 - 08:49 AM

No other problems experienced.

PC is running just fine

 

Thank you

 

____________________________-

 

ComboFix 14-08-12.01 - user 12/08/2014  14:28:47.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.1954.1044 [GMT 1:00]
Running from: c:\users\user\Downloads\ComboFix.exe
Command switches used :: c:\users\user\Documents\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-12 to 2014-08-12  )))))))))))))))))))))))))))))))
.
.
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\users\user\AppData\Local\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\users\wangjihua\AppData\Local\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\documents and settings\Thomas Imbili\Local Settings\Application Data\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\documents and settings\Sonja Botma\Local Settings\Application Data\temp
2014-08-12 13:38 . 2014-08-12 13:38    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\temp
2014-08-11 13:44 . 2014-08-11 13:44    --------    d-----w-    c:\windows\ERUNT
2014-08-11 13:19 . 2010-08-30 07:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-08-11 13:17 . 2014-08-11 13:31    --------    d-----w-    C:\AdwCleaner
2014-08-11 06:52 . 2014-08-11 06:54    --------    d-----w-    C:\FRST
2014-08-09 01:43 . 2014-08-12 02:11    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CD1A5C1-C37F-4DEA-93F8-9E4EC1BB0C7F}\offreg.dll
2014-08-08 13:11 . 2014-07-02 03:11    8217224    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CD1A5C1-C37F-4DEA-93F8-9E4EC1BB0C7F}\mpengine.dll
2014-08-08 12:02 . 2014-08-08 12:02    --------    d-----w-    c:\programdata\Malwarebytes
2014-08-07 16:07 . 2014-08-07 16:07    --------    d-----w-    c:\program files\Common Files\Skype
2014-08-05 07:37 . 2014-07-25 11:55    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 07:13 . 2014-08-05 07:13    --------    d-----w-    c:\users\user\AppData\Local\Adobe
2014-08-01 06:47 . 2014-05-14 16:23    45536    ----a-w-    c:\windows\system32\wups2.dll
2014-08-01 06:47 . 2014-05-14 16:23    54240    ----a-w-    c:\windows\system32\wuauclt.exe
2014-08-01 06:47 . 2014-05-14 16:17    2425856    ----a-w-    c:\windows\system32\wucltux.dll
2014-08-01 06:47 . 2014-05-14 16:23    1973728    ----a-w-    c:\windows\system32\wuaueng.dll
2014-08-01 06:46 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\system32\wups.dll
2014-08-01 06:46 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\system32\wudriver.dll
2014-08-01 06:46 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\system32\wuapi.dll
2014-08-01 06:46 . 2014-05-14 08:23    179656    ----a-w-    c:\windows\system32\wuwebv.dll
2014-08-01 06:46 . 2014-05-14 08:17    33792    ----a-w-    c:\windows\system32\wuapp.exe
2014-07-31 12:34 . 2014-07-31 12:34    --------    d-----w-    c:\users\Public\Foxit Software
2014-07-30 10:31 . 2014-07-30 10:30    1180529    ----a-w-    c:\windows\unins000.exe
2014-07-30 10:00 . 2014-07-30 10:00    --------    d-----w-    c:\users\user\AppData\Roaming\Anvsoft
2014-07-30 10:00 . 2014-07-30 10:00    --------    d-----w-    c:\program files\AnvSoft
2014-07-30 09:08 . 2014-07-30 09:08    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-07-30 09:08 . 2014-07-30 09:08    270752    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
2014-07-29 09:19 . 2014-07-29 09:19    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-24 16:13 . 2014-07-25 11:46    --------    d-----w-    c:\program files\Recuva
2014-07-16 15:31 . 2014-07-16 15:31    --------    d-----w-    C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-30 09:09 . 2012-04-26 15:08    414520    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-29 09:19 . 2014-03-24 06:32    71944    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-07-29 09:19 . 2014-05-29 20:12    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-29 09:19 . 2013-03-20 06:17    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-29 09:19 . 2013-03-20 06:17    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-29 09:19 . 2012-04-26 15:08    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-07-29 09:19 . 2012-04-26 15:08    779536    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-07-29 09:19 . 2012-04-26 15:08    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-29 09:19 . 2012-04-26 15:08    276432    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-09 09:40 . 2012-04-27 14:08    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 09:40 . 2012-04-27 14:08    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-09 09:40 . 2014-07-09 09:40    5659136    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-06-18 23:56 . 2014-07-09 14:23    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-06-18 23:56 . 2014-07-09 14:23    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38 . 2014-07-09 14:23    455168    ----a-w-    c:\windows\system32\vbscript.dll
2014-06-18 23:37 . 2014-07-09 14:23    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-06-18 23:36 . 2014-07-09 14:23    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-09 14:23    62464    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23 . 2014-07-09 14:23    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-06-18 23:23 . 2014-07-09 14:23    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22 . 2014-07-09 14:23    592896    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-06-18 23:16 . 2014-07-09 14:23    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 23:06 . 2014-07-09 14:23    32256    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52 . 2014-07-09 14:23    4254720    ----a-w-    c:\windows\system32\jscript9.dll
2014-06-18 22:46 . 2014-07-09 14:23    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-09 14:23    1964544    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-06-18 22:13 . 2014-07-09 14:23    1791488    ----a-w-    c:\windows\system32\wininet.dll
2014-06-18 01:51 . 2014-07-09 14:15    646144    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 00:52 . 2014-07-09 14:15    2350080    ----a-w-    c:\windows\system32\win32k.sys
2014-06-06 09:44 . 2014-07-09 14:15    509440    ----a-w-    c:\windows\system32\qedit.dll
2014-06-05 14:26 . 2014-07-09 14:14    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-05-30 07:52 . 2014-07-09 14:14    172032    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 07:52 . 2014-07-09 14:14    65536    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 14:15    247808    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 07:52 . 2014-07-09 14:14    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 14:14    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 14:15    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 07:52 . 2014-07-09 14:14    17408    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 06:36 . 2014-07-09 14:15    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-05-16 07:53 . 2014-05-16 07:53    341848    ----a-w-    c:\windows\system32\DivXControlPanelApplet.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-29 09:19    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\user\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKill"="c:\program files\ArpanTECH\iKill\iKill.exe" [2011-12-28 143360]
"WordWeb"="c:\program files\WordWeb\wweb32.exe" [2009-11-08 65216]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-12-30 1095000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"uTorrent"="c:\users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe" [2014-07-03 1322832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-28 10029672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-25 143640]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-25 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-25 176408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-30 4085896]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\documents and settings\Sonja Botma\Start Menu\Programs\Startup\
Copy of map.bat [2008-2-26 154]
.
c:\documents and settings\Thomas Imbili\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2012-4-27 65216]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BulkSMS Text Messenger.lnk - c:\program files\BulkSMS Messenger\Messenger.exe [2012-5-19 7957488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2013-05-13 12:21    601928    ----a-w-    c:\program files\BlueStacks\HD-Agent.exe
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-15 1343400]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-07-30 270752]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-07-30 26136]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-29 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-30 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-29 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-29 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-29 71944]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2014-07-30 106488]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-05-13 63816]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-05-13 384840]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [2014-06-17 242216]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-30 250712]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt32.sys [2009-11-18 24664]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 12:09    1077576    ----a-w-    c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 09:40]
.
2014-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-15 14:33]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-15 14:33]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20 13:16]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-285515482-2427174763-81513029-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20 13:16]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\32qyhrte.default-1400068031109\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-12  14:40:02
ComboFix-quarantined-files.txt  2014-08-12 13:40
ComboFix2.txt  2014-08-12 08:07
.
Pre-Run: 449,184,837,632 bytes free
Post-Run: 448,945,172,480 bytes free
.
- - End Of File - - F140C47F706D37D5E82F0B9F7BAD9D6C
A36C5E4F47E84449FF07ED3517B43A31
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 13 August 2014 - 06:26 AM


Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
  • Programs to remove

    • µTorrent
      Defaulttab
      McAfee Security Scan Plus
      Search Protect by conduit



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

Install Malwarebytes Antimalware

1.Download Malwarebytes Anti-Malware 2.0 at Malwarebytes
2.After downloading, double-click the downloaded file to get started.
3.Choose Yes if the User Account Control dialog appears.
4.The installation wizard will now appear to guide you through the upgrade process.
5.Click on Next.
6.Review and accept the license agreement, then click Next.
7.Review the latest changes made to Malwarebytes Anti-Malware, then click Next.
8.Choose where to install Malwarebytes Anti-Malware, then click Next.
9.Choose whether or not to have a Start Menu entry and its name, then click Next.
10.Choose if you want a desktop icon, then click Next.
11.Review your installation choices, then click Install.
12.The wizard will begin to install the files.
13.After upgrading, you will have the option to enable a free trial of Malwarebytes Anti-Malware Premium.

To see a video on how to do this - https://helpdesk.malwarebytes.org/entries/44648553

Now lets run a scan

1.On the Dashboard, click the 'Update Now >>' link
2.After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
3.If an update is available, click the Update Now button.
4.A Threat Scan will begin.
5.When the scan is complete, if there have been detections, click "Quarantine all" to allow MBAM to clean what was detected.
6.In most cases, a restart will be required.
7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.




Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 17 August 2014 - 06:07 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tonata

tonata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 18 August 2014 - 08:57 AM

Sory i was out of town and did not have access to my pc

 

___________________________________
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:54:44, on 18/08/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Z:\quick\qm32.exe
C:\Users\user\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Windows\system32\taskeng.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iKill] "C:\Program Files\ArpanTECH\iKill\iKill.exe" -s
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe"  /MINIMIZED
O4 - Startup: BulkSMS Text Messenger.lnk = C:\Program Files\BulkSMS Messenger\Messenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 7532 bytes
 

____________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/08/2014
Scan Time: 14:26:11
Logfile: Mal_scan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289928
Time Elapsed: 4 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 18 August 2014 - 03:14 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [iKill] "C:\Program Files\ArpanTECH\iKill\iKill.exe" -s
      O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
      O4 - HKCU\..\Run: [uTorrent] "C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe" /MINIMIZED


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tonata

tonata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:59 AM

Posted 19 August 2014 - 03:14 AM

C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\prism.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Prism\prismsetup_v1.95.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Switch\switch.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Switch\switchsetup_v4.47.exe.vir    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Temp\OCS\ocs_v71a.exe.vir    a variant of Win32/DownloadSponsor.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Temp\OCS\Downloads\3676090eded622c6bec547ed78bdf6d1\ac1dd209cbcc5e5d1c6e28598e8cbbe8\freemake-video-converter.exe.vir    Win32/OpenCandy potentially unsafe application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Temp\tuvaro\tuvaro\1.8.17.3\tuvaro4ffx.exe.vir    Win32/Toolbar.Montiera.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Temp\tuvaro\tuvaro\1.8.17.3\tuvaro4ie.exe.vir    Win32/Toolbar.Montiera.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\SearchProtect\bin\AU\SPUpdater.exe.vir    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Documents and Settings\Thomas Imbili\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\user\Documents\setup_free_pdf_merger.exe    Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\user\Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\user\Downloads\Into the Storm [DVDRip XviD].exe    a variant of Win32/4Shared.X potentially unwanted application
C:\Documents and Settings\user\Downloads\rcsetup151.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Thomas Imbili\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\user\Documents\setup_free_pdf_merger.exe    Win32/OpenCandy potentially unsafe application
C:\Users\user\Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\user\Downloads\rcsetup151.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:59 AM

Posted 19 August 2014 - 06:01 AM


Hello tonata

There are some minor things in your online scan that should be removed.


delete files
  • Copy all text in the code box (below)...to Notepad.
    @echo off
    rd /s /q "C:\AdwCleaner\"
    del /f /s /q "C:\Documents and Settings\Thomas Imbili\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe"
    del /f /s /q "C:\Documents and Settings\user\Documents\setup_free_pdf_merger.exe"
    del /f /s /q "C:\Documents and Settings\user\Downloads\ccsetup404.exe"
    del /f /s /q "C:\Documents and Settings\user\Downloads\Into the Storm [DVDRip XviD].exe"
    del /f /s /q "C:\Documents and Settings\user\Downloads\rcsetup151.exe"
    del /f /s /q "C:\Users\Thomas Imbili\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.6.windows.exe"
    del /f /s /q "C:\Users\user\Documents\setup_free_pdf_merger.exe"
    del /f /s /q "C:\Users\user\Downloads\ccsetup404.exe"
    del /f /s /q "C:\Users\user\Downloads\rcsetup151.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.
The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:
  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.
  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png
:Remove the rest of our tools:

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.
  • Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

    CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

    Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.
  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus
:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java


The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internetHere is some more reading for you from some of my collegesquoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users