Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP AntiSpyware


  • This topic is locked This topic is locked
18 replies to this topic

#1 snooze54

snooze54

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 25 August 2014 - 02:57 AM

I was told I had xp antispyware by the avast tech team but not how to remove it.

Tried your malwarbyte which did not seem to improve anything so have now moved onto to combofix.

I have attached the report and am open to your suggestions.Thanks, S

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 25 August 2014 - 05:52 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with SystemLook

Please download SystemLook from the link below and save it to your Desktop.
Download
 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    ::filefind
    browser.dll
    mshtml.dll
    lsass.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Edited by TB-Psychotic, 25 August 2014 - 05:53 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 snooze54

snooze54
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 25 August 2014 - 08:38 AM

Marius Hi,
Thanks for the rapid response.
Can I assume that from the info I sent earlier that you can confirm that there is a malware problem in my machine?
I followed your instructions and they were quite straightforward.
The Look scan completed very quickly (about 1 sec) and below is the content of the notepad file generated.
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 14:30 on 25/08/2014 by Simon
Administrator - Elevation successful
 
No Context: browser.dll
 
No Context: mshtml.dll
 
No Context: lsass.exe
 
-= EOF =-
 
 
What does this tell you if anything?
Thanks, Simon


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 26 August 2014 - 04:30 AM

No, it was my fault. I greatly apologize.

Please try it again with the following set of instructions (I´ve modified the script):

 

Scan with SystemLook

Please download SystemLook from the link below and save it to your Desktop.
Download
 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    browser.dll
    mshtml.dll
    lsass.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 snooze54

snooze54
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 26 August 2014 - 07:40 AM

Marius Hi,
Here is the second scan which seems to be more comprehensive and took about 5 minutes. Shame that 1 colon made such a difference!
Let me know what else to do.
What time zone are you in? Just trying to understand when to expect a response.
Thanks, Simon
 
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 13:32 on 26/08/2014 by Simon
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "browser.dll"
C:\Windows\System32\browser.dll --a---- 136704 bytes [00:53 16/08/2012] [22:13 04/07/2012] 05F5A0D14A2EE1D8255C2AA0E9E8E694
C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll --a---- 136192 bytes [03:24 21/11/2010] [03:24 21/11/2010] 8EF0D5C41EC907751B8429162B1239ED
C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll --a---- 136704 bytes [00:53 16/08/2012] [22:13 04/07/2012] 05F5A0D14A2EE1D8255C2AA0E9E8E694
C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll --a---- 136704 bytes [00:53 16/08/2012] [22:06 04/07/2012] 156768ABAE1DAF29BA0B0C05C21FEF09
 
Searching for "mshtml.dll"
C:\Windows\System32\mshtml.dll --a---- 23645696 bytes [19:07 13/08/2014] [14:52 25/07/2014] ECA387DCD57F683C52171C766CF400F0
C:\Windows\SysWOW64\mshtml.dll --a---- 17524224 bytes [19:07 13/08/2014] [13:51 25/07/2014] 8453DDF167CE2986AA4AB04BC6824925
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16686_none_91176c1892a04cff\mshtml.dll --a---- 19246592 bytes [02:59 08/10/2013] [02:59 08/10/2013] CC4AE7E2ECAEE7612B3C0D3AB302375C
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16721_none_91070c5892ad50c1\mshtml.dll --a---- 19252224 bytes [08:29 11/10/2013] [22:54 22/09/2013] F026C6F104758D0EB215B017016FAE27
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20831_none_7a2f961aac5be5be\mshtml.dll --a---- 19494912 bytes [08:29 11/10/2013] [23:23 22/09/2013] 9958430CE5BFC43D693D6138C31788CC
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll --a---- 23212032 bytes [04:36 14/11/2013] [04:36 14/11/2013] D233E1A32CE6AF918C9DE1BC44AFEB2A
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16476_none_f59f54ac3732f833\mshtml.dll --a---- 23183360 bytes [14:04 14/12/2013] [11:54 26/11/2013] 16B0A65F52531B769B891DC251ECC6C0
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16518_none_f58e55743740af5c\mshtml.dll --a---- 23170048 bytes [14:21 12/02/2014] [12:16 06/02/2014] D016F5092E4FFC41147E8555A71D2DDE
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_f58ff536373f154c\mshtml.dll --a---- 23133696 bytes [04:05 13/03/2014] [06:05 01/03/2014] 4E0709D9BB951AD1C22E4FF519B90839
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_f5876fe837454a4a\mshtml.dll --a---- 23134208 bytes [08:39 11/04/2014] [01:16 31/03/2014] C3E3EFD320D0000BE6F9CDB00CD6086F
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll --a---- 23549440 bytes [02:04 12/04/2014] [10:21 06/03/2014] 37D0FB9E5E8EDA40B66FC3FB3D660261
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll --a---- 23547904 bytes [02:00 03/05/2014] [14:01 29/04/2014] A98DA2EC1E56CF52C682D072F77D9874
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll --a---- 23544320 bytes [02:13 22/05/2014] [04:40 06/05/2014] 797E2E5C309AFF76990D5B7AF457EACA
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll --a---- 23414784 bytes [02:50 12/06/2014] [10:21 30/05/2014] 56803B20D168C1B740D12CE0BE4588F5
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll --a---- 23464448 bytes [14:12 12/07/2014] [01:39 19/06/2014] FEC19C351EF1B2C998A85D1BFD765675
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll --a---- 23645696 bytes [19:07 13/08/2014] [14:52 25/07/2014] ECA387DCD57F683C52171C766CF400F0
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll --a---- 8988160 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1C8B787BAA52DEAD1A6FEC1502D652F0
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_87e150ddf4cd3dc7\mshtml.dll --a---- 17773056 bytes [15:48 29/01/2012] [15:48 29/01/2012] 82682BA2DF50B94CD798B8315B3F7896
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_87d981cff4d2a5bd\mshtml.dll --a---- 17782272 bytes [15:57 29/01/2012] [15:57 29/01/2012] B721EFCC393D76390A319A8A30B1B654
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll --a---- 17790976 bytes [18:49 20/04/2012] [07:34 28/02/2012] D785A16A6F03F76CB862F28C9F8C9672
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_87d0b277f4d8f45c\mshtml.dll --a---- 17807360 bytes [00:35 14/06/2012] [02:47 18/05/2012] DE469470D93DEB4A1A81EDE72B848198
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll --a---- 17807360 bytes [02:00 12/07/2012] [12:49 02/06/2012] 89C4B3BF66D3C2F3D83F9DEDF1B218D6
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_87d2b30bf4d7270a\mshtml.dll --a---- 17809920 bytes [02:05 16/08/2012] [04:55 29/06/2012] 8415F4792D7BC07BE328DF56FE32045A
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_87bfe0cff4e67843\mshtml.dll --a---- 17810944 bytes [02:03 25/09/2012] [11:15 24/08/2012] F244DA6DD2C365ABAFD076222C22C2BE
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_87c4e241f4e1f6f6\mshtml.dll --a---- 17811968 bytes [03:02 19/11/2012] [12:19 08/10/2012] 6D4F838E72EEEB3D6FB16A5A45632560
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16457_none_87c6e2d5f4e029a4\mshtml.dll --a---- 17811968 bytes [03:01 13/12/2012] [07:06 14/11/2012] CFF3C4ABDCC5356B0674743BDF0FB674
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_87b9120bf4eaf990\mshtml.dll --a---- 17812992 bytes [03:00 15/02/2013] [01:48 09/01/2013] 14DEB733ACB08A71CC0783ED02FF1F8D
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16470_none_87aa40f7f4f6b025\mshtml.dll --a---- 17815040 bytes [03:02 14/03/2013] [07:31 02/02/2013] 460723A080D6F22E56D45BC8C1F15B2A
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16476_none_87b042b3f4f1482f\mshtml.dll --a---- 17817088 bytes [02:00 18/04/2013] [06:57 22/02/2013] 1154FEFC73880A2EF44295EF0DBDC59F
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16483_none_87a271e9f4fc181b\mshtml.dll --a---- 17818624 bytes [02:01 16/05/2013] [01:51 05/04/2013] F63D8615292792D36EDF24913636685D
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16484_none_87a37233f4fb3172\mshtml.dll --a---- 17818624 bytes [02:02 16/05/2013] [21:36 05/05/2013] 7212340908E00AD2F28E58EA04CEB852
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16490_none_8794a11ff506e807\mshtml.dll --a---- 17824768 bytes [02:11 13/06/2013] [04:05 17/05/2013] A820869140978CCAF33CF7770EEE19F5
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16496_none_879aa2dbf5018011\mshtml.dll --a---- 17829376 bytes [14:35 10/07/2013] [06:15 29/05/2013] 34426D52FBA4F3E31739DB840D2601AD
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16502_none_87f7f2e5f4bc1c63\mshtml.dll --a---- 17830400 bytes [02:00 14/08/2013] [03:54 25/07/2013] 7D9371E3C8CF927D0A2A1D9E1161C324
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16506_none_87fbf40df4b881bf\mshtml.dll --a---- 17833472 bytes [03:27 16/09/2013] [14:17 31/07/2013] DA908B28F07804BD648756B8FFAE9305
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20534_none_88631e9b0df04587\mshtml.dll --a---- 17782272 bytes [15:57 29/01/2012] [15:57 29/01/2012] 79184CDA49EF6A445FF152EC58C7EB5D
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll --a---- 17790976 bytes [18:49 20/04/2012] [03:54 28/02/2012] 97BB8C752A400556A4FF2E1AAFA0A138
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_884a7de50e033164\mshtml.dll --a---- 17807360 bytes [00:35 14/06/2012] [01:35 18/05/2012] BE1E4779329040ED334651CD877C416D
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll --a---- 17807360 bytes [02:00 12/07/2012] [11:45 02/06/2012] 0C26F50D6C347CE294C84347E6FAEAA8
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_884d7ec30e007d69\mshtml.dll --a---- 17809920 bytes [02:05 16/08/2012] [02:39 29/06/2012] C4DE0E2B31F60ACB15E6B4154E26298A
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_88507fa10dfdc96e\mshtml.dll --a---- 17810944 bytes [02:03 25/09/2012] [10:40 24/08/2012] 522A528C296A9AEF3F0C289FF7093315
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_8840ae430e0a66ac\mshtml.dll --a---- 17812992 bytes [03:02 19/11/2012] [10:58 08/10/2012] 1FB8062D4C3A4C7B8ECA7BBD1E743000
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20565_none_8843af210e07b2b1\mshtml.dll --a---- 17811968 bytes [03:01 13/12/2012] [04:57 14/11/2012] 5024CACD183E4C0FCCDE6DB8A38EEC7B
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20573_none_8836dea10e119bf4\mshtml.dll --a---- 17814528 bytes [03:00 15/02/2013] [00:46 09/01/2013] B6C5BC6D4E1D79CB8DF107112A9F37CB
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20580_none_88290dd70e1c6be0\mshtml.dll --a---- 17815040 bytes [03:02 14/03/2013] [08:04 02/02/2013] 1CD82D510D370CB04BB6BD1C660AA96F
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20586_none_882f0f930e1703ea\mshtml.dll --a---- 17817600 bytes [02:00 18/04/2013] [07:12 22/02/2013] 0E860BF2BCDDD94202A6AB9A10EE95EB
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20593_none_88213ec90e21d3d6\mshtml.dll --a---- 17818624 bytes [02:01 16/05/2013] [00:33 05/04/2013] 43FEF944FF64BE0354A5C129C98EB13D
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20594_none_88223f130e20ed2d\mshtml.dll --a---- 17819136 bytes [02:02 16/05/2013] [22:35 05/05/2013] E139A28843F52F383D414BF0AAEF6CE4
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20600_none_887f8f1d0ddb897f\mshtml.dll --a---- 17824768 bytes [02:11 13/06/2013] [01:37 17/05/2013] CD451FEE119B7557633039CA39290331
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20606_none_888590d90dd62189\mshtml.dll --a---- 17831424 bytes [14:35 10/07/2013] [05:48 29/05/2013] 04EFE9DFE4F0318DED06B47479026706
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20613_none_8877c00f0de0f175\mshtml.dll --a---- 17832960 bytes [02:00 14/08/2013] [03:55 25/07/2013] EEC97B8A669093E4797ECD0B56DFEC51
C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20617_none_887bc1370ddd56d1\mshtml.dll --a---- 17834496 bytes [03:27 16/09/2013] [12:55 31/07/2013] 8D29405AC33ED98ADE0DF26151FF7C89
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16686_none_9b6c166ac7010efa\mshtml.dll --a---- 14332928 bytes [02:59 08/10/2013] [02:59 08/10/2013] 5D2D7E7850CE963C2F401D4DEE7BB32A
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16721_none_9b5bb6aac70e12bc\mshtml.dll --a---- 14335488 bytes [08:29 11/10/2013] [23:27 22/09/2013] A7221924181C8EB92B64C5A2D888BEA5
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20831_none_8484406ce0bca7b9\mshtml.dll --a---- 14364672 bytes [08:29 11/10/2013] [23:36 22/09/2013] 9D6D52AED095BC8C9023AA739E978EAC
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll --a---- 17142784 bytes [04:36 14/11/2013] [04:36 14/11/2013] F9F114B2A6F876C92D317A755494F233
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16476_none_fff3fefe6b93ba2e\mshtml.dll --a---- 17112576 bytes [14:04 14/12/2013] [10:11 26/11/2013] BFAFE990C4A191E83843362B5AC64A9B
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16518_none_ffe2ffc66ba17157\mshtml.dll --a---- 17103872 bytes [14:21 12/02/2014] [10:38 06/02/2014] C863E5A2417DF0F2A31ED32C3B2CB23F
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll --a---- 17074688 bytes [04:05 13/03/2014] [04:30 01/03/2014] 70462E0A4E293FC80620AB945D8A59BB
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_ffdc1a3a6ba60c45\mshtml.dll --a---- 17073152 bytes [08:39 11/04/2014] [23:57 30/03/2014] CCF19C82F6145E4A467F7CB9AF82026C
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll --a---- 17387008 bytes [02:04 12/04/2014] [09:19 06/03/2014] EA85144F35EDE6EE25C484D4242FF2C8
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll --a---- 17384448 bytes [02:00 03/05/2014] [12:48 29/04/2014] 5869FBC754578A59C8C8635B99DB79DE
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll --a---- 17382912 bytes [02:13 22/05/2014] [03:25 06/05/2014] EB5347F6149D3FF25F4D609A21A3BD67
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll --a---- 17271296 bytes [02:50 12/06/2014] [09:18 30/05/2014] D5ECBB3BFDC73A59440D9CA79AB3A342
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll --a---- 17276416 bytes [14:12 12/07/2014] [00:16 19/06/2014] DFA59840BB1220AFD261FDAE83543959
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll --a---- 17524224 bytes [19:07 13/08/2014] [13:51 25/07/2014] 8453DDF167CE2986AA4AB04BC6824925
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll --a---- 5977600 bytes [03:25 21/11/2010] [03:25 21/11/2010] C50799F0D47DFB9774F721521B6C41D5
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_9235fb30292dffc2\mshtml.dll --a---- 12268544 bytes [15:48 29/01/2012] [15:48 29/01/2012] 4DEF8126CABAA6CDC12103CD74C6A919
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_922e2c22293367b8\mshtml.dll --a---- 12273664 bytes [15:57 29/01/2012] [15:57 29/01/2012] E6D5C7E4AAC0C682169AA5021386EFF3
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll --a---- 12281856 bytes [18:49 20/04/2012] [01:52 28/02/2012] F82BF2CB075B49E9FAB5FF213C45C020
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_92255cca2939b657\mshtml.dll --a---- 12314624 bytes [00:35 14/06/2012] [23:11 17/05/2012] 9FB58F71104107D44540AF1195F7A14D
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll --a---- 12314624 bytes [02:00 12/07/2012] [09:07 02/06/2012] 6820A9E91AFF7CB3A510360D8CCD9BDD
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_92275d5e2937e905\mshtml.dll --a---- 12317184 bytes [02:05 16/08/2012] [00:52 29/06/2012] 5E8E869E1342308752A37A2C90CCA79D
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16450_none_92148b2229473a3e\mshtml.dll --a---- 12319744 bytes [02:03 25/09/2012] [07:27 24/08/2012] BB197F54A8F69EEA8356B7F70E6D3A20
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16455_none_92198c942942b8f1\mshtml.dll --a---- 12320768 bytes [03:02 19/11/2012] [08:28 08/10/2012] 8D1BB1E5A033E8817EF94A9047630165
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16457_none_921b8d282940eb9f\mshtml.dll --a---- 12320256 bytes [03:01 13/12/2012] [02:48 14/11/2012] 07F649CD36F266BBE33B814FA678AA43
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16464_none_920dbc5e294bbb8b\mshtml.dll --a---- 12321280 bytes [03:00 15/02/2013] [22:23 08/01/2013] C97434C851C4821BD92D2831FDF1ECBE
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16470_none_91feeb4a29577220\mshtml.dll --a---- 12321792 bytes [03:02 14/03/2013] [04:09 02/02/2013] 263963D93A3CA8F685EFA5966F1E6581
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16476_none_9204ed0629520a2a\mshtml.dll --a---- 12324352 bytes [02:00 18/04/2013] [04:05 22/02/2013] 658EBC74BD38D16805648C4775F7FA82
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16483_none_91f71c3c295cda16\mshtml.dll --a---- 12324864 bytes [02:01 16/05/2013] [22:23 04/04/2013] 79B0D843B26BEA808EA89BA2D8A026F2
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16484_none_91f81c86295bf36d\mshtml.dll --a---- 12324864 bytes [02:02 16/05/2013] [19:25 05/05/2013] 26F30066B9FA78C97A0E92803D496211
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16490_none_91e94b722967aa02\mshtml.dll --a---- 12329984 bytes [02:11 13/06/2013] [23:08 16/05/2013] A6F5B25905CD01AE714990E02C7205A5
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16496_none_91ef4d2e2962420c\mshtml.dll --a---- 12333568 bytes [14:35 10/07/2013] [01:56 29/05/2013] 7BD6A6DFA75B665FA8F21BB21E59EC11
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16502_none_924c9d38291cde5e\mshtml.dll --a---- 12334080 bytes [02:00 14/08/2013] [02:40 25/07/2013] 7161E761E81356C8EF6383CB1AE41B8D
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16506_none_92509e60291943ba\mshtml.dll --a---- 12335104 bytes [03:27 16/09/2013] [10:30 31/07/2013] 6DB41C70A74B420A0ADC55A9862DDAD9
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20534_none_92b7c8ed42510782\mshtml.dll --a---- 12273664 bytes [15:57 29/01/2012] [15:57 29/01/2012] F2966190D2C20C585A730F9C0B3C7373
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll --a---- 12281856 bytes [18:49 20/04/2012] [01:21 28/02/2012] B9E083B14B1994F1255983F2DF31C7DF
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_929f28374263f35f\mshtml.dll --a---- 12314624 bytes [00:35 14/06/2012] [22:53 17/05/2012] 761D9111F5A2619CB5060661D36FBFFF
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll --a---- 12314624 bytes [02:00 12/07/2012] [08:48 02/06/2012] 1ABF770552EA9D4FE90F654468FAF4CE
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_92a2291542613f64\mshtml.dll --a---- 12317184 bytes [02:05 16/08/2012] [23:11 28/06/2012] AEC51857AEC2F5CE4520366240AFC671
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20557_none_92a529f3425e8b69\mshtml.dll --a---- 12319744 bytes [02:03 25/09/2012] [07:43 24/08/2012] 975D1EA99A0FE8104B72440995B3C20B
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20562_none_92955895426b28a7\mshtml.dll --a---- 12321280 bytes [03:02 19/11/2012] [08:12 08/10/2012] F7B251DA2FA89933771289793DCAA08B
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20565_none_92985973426874ac\mshtml.dll --a---- 12321280 bytes [03:02 13/12/2012] [02:14 14/11/2012] 8021EF27048F9ECE5286EA8C8EED23B8
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20573_none_928b88f342725def\mshtml.dll --a---- 12322304 bytes [03:00 15/02/2013] [21:17 08/01/2013] B6AD225B3BCC07332FBB2C2824315534
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20580_none_927db829427d2ddb\mshtml.dll --a---- 12322304 bytes [03:02 14/03/2013] [04:15 02/02/2013] 88C27474E61271B49677F22CEE76FB3E
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20586_none_9283b9e54277c5e5\mshtml.dll --a---- 12324864 bytes [02:00 18/04/2013] [04:06 22/02/2013] 474D43D76E2A33FEE21C6F4BB7C4A3B7
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20593_none_9275e91b428295d1\mshtml.dll --a---- 12325376 bytes [02:01 16/05/2013] [21:33 04/04/2013] 4EBF337D1F52EA9202072348BA41CA95
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20594_none_9276e9654281af28\mshtml.dll --a---- 12325888 bytes [02:02 16/05/2013] [20:26 05/05/2013] 1152DE9D7FE16EC92A12165D1CBE8406
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20600_none_92d4396f423c4b7a\mshtml.dll --a---- 12330496 bytes [02:11 13/06/2013] [22:08 16/05/2013] 097654708FE5F07278A1E36D9F78CA94
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20606_none_92da3b2b4236e384\mshtml.dll --a---- 12335104 bytes [14:35 10/07/2013] [03:23 29/05/2013] 4ACB8A0EA4A1BEAA4FA92680BB71C542
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20613_none_92cc6a614241b370\mshtml.dll --a---- 12334080 bytes [02:00 14/08/2013] [02:45 25/07/2013] 0E2B5CB2193B6B0057F7D8B3FE02777E
C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20617_none_92d06b89423e18cc\mshtml.dll --a---- 12335616 bytes [03:27 16/09/2013] [10:03 31/07/2013] DCC51F3466767C3B418E23F5A467D6E5
 
Searching for "lsass.exe"
C:\Windows\System32\lsass.exe --a---- 31232 bytes [10:24 15/05/2014] [02:19 12/04/2014] 204F3F58212B3E422C90BD9691A2DF28
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe --a---- 31232 bytes [23:20 13/07/2009] [01:39 14/07/2009] 0793F40B9B8A1BDD266296409DBD91EA
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe --a---- 31232 bytes [18:31 20/04/2012] [06:33 17/11/2011] C118A82CD78818C29AB228366EBF81C3
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe --a---- 31232 bytes [18:31 20/04/2012] [06:33 17/11/2011] C118A82CD78818C29AB228366EBF81C3
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe --a---- 31232 bytes [18:31 20/04/2012] [06:33 17/11/2011] C118A82CD78818C29AB228366EBF81C3
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe --a---- 30720 bytes [05:09 14/11/2013] [01:03 25/09/2013] 4D71227301DD8D09097B9E4CC6527E5A
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe --a---- 31232 bytes [10:24 15/05/2014] [02:19 12/04/2014] 204F3F58212B3E422C90BD9691A2DF28
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe --a---- 31232 bytes [14:12 12/07/2014] [08:07 30/05/2014] F23812F9F7B130854E4BC0389F7C688C
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe --a---- 31232 bytes [10:24 15/05/2014] [02:19 12/04/2014] 204F3F58212B3E422C90BD9691A2DF28
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe --a---- 31232 bytes [18:31 20/04/2012] [06:20 17/11/2011] 0A10B74FBB437FF9A23F1D5DE4446A83
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe --a---- 31232 bytes [04:56 11/07/2012] [07:51 04/06/2012] 79C908CAA6F43021EB05F4C733A927D1
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe --a---- 31232 bytes [03:49 05/11/2012] [17:43 24/08/2012] 77119F1F9B492B260030C34F9BE327FA
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe --a---- 30720 bytes [05:09 14/11/2013] [01:08 25/09/2013] F021DAFB1F87616FCEBA159C2ED7042F
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe --a---- 31232 bytes [10:24 15/05/2014] [02:31 12/04/2014] 6598EBC4D209318EBD81F76833ECBEDB
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe --a---- 31232 bytes [14:12 12/07/2014] [08:00 30/05/2014] 04F6C08B30C599D301CE8530A6F6A703
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe --a---- 31232 bytes [10:24 15/05/2014] [02:31 12/04/2014] 6598EBC4D209318EBD81F76833ECBEDB
 
-= EOF =-


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 27 August 2014 - 02:33 AM

GMT +1...

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 snooze54

snooze54
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 27 August 2014 - 03:56 AM

Marius Hi,

Have run this scan and results are below.

Any reason why this could not be run yesterday, and is there anything else I can run tonight?:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Simon (administrator) on SIMONTHINK on 27-08-2014 09:47:32
Running from C:\Users\Simon\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Dell) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Dell) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dropbox, Inc.) C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\...\Run: [SonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1240720 2013-01-05] (Dell)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2013-08-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-31] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-714014653-3220400583-2234839086-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-714014653-3220400583-2234839086-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sasnative64
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: gateway.zscaler.net:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/digiTRACC/Login.aspx?ReturnUrl=%2fdigiTRACC%2fDefault.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {E2402DA7-C166-4E5B-9B30-4833228478D6} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A012GB1&p={SearchTerms}
SearchScopes: HKCU - {E2402DA7-C166-4E5B-9B30-4833228478D6} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=A012GB1&p={SearchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {6DC46AC0-7EC9-44EB-8CF7-5371B2008904} http://speedtest.jsinfo.net/misc/SpeedTE.dll
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://205.134.224.123/NELX.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ASProxy.dll [359960] (Astrill)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ASProxy.dll [359960] (Astrill)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ASProxy.dll [359960] (Astrill)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ASProxy.dll [359960] (Astrill)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ASProxy.dll [359960] (Astrill)
Winsock: Catalog9-x64 01 C:\Windows\system32\ASProxy64.dll [475672] (Astrill)
Winsock: Catalog9-x64 02 C:\Windows\system32\ASProxy64.dll [475672] (Astrill)
Winsock: Catalog9-x64 03 C:\Windows\system32\ASProxy64.dll [475672] (Astrill)
Winsock: Catalog9-x64 04 C:\Windows\system32\ASProxy64.dll [475672] (Astrill)
Winsock: Catalog9-x64 15 C:\Windows\system32\ASProxy64.dll [475672] (Astrill)
Tcpip\Parameters: [DhcpNameServer] 192.168.7.1
Tcpip\..\Interfaces\{AAC23F7C-70F7-4502-A8BC-8E35236D2C5C}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Simon\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2012-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2014-01-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-26]
 
Chrome: 
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "hxxp://www.bbc.com/"
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-11]
CHR Extension: (Google Drive) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-11]
CHR Extension: (Google Search) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-11]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-02-07]
CHR Extension: (Logitech Flow Scroll) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi [2014-01-26]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-11]
CHR Extension: (Google Wallet) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-11]
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2014-01-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2014-07-14]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed]
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434016 2014-05-22] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [2121752 2014-05-22] (Astrill)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-26] (AVAST Software)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-08-31] (Lenovo.)
R2 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
R3 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] (Microsoft Corporation) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-07-25] (Microsoft Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [30184 2013-08-08] ()
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation) [File not signed]
R3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [553616 2013-01-05] (Dell)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-02] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-02-04] ()
R3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
R2 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-28] (Microsoft Corporation) [File not signed]
S3 ose64; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] (Microsoft Corporation) [File not signed]
S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2014-05-17] (Astrill) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-26] ()
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation)
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-07-06] (Microsoft Corporation) [File not signed]
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation)
R3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed]
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120420.002\ENG64.SYS [117880 2012-04-20] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120420.002\EX64.SYS [2048632 2012-04-20] (Symantec Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [25600 2008-08-28] (Nokia) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] (Microsoft Corporation) [File not signed]
S2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-26] (REDC) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-29] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-02] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-27] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-12] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 09:47 - 2014-08-27 09:48 - 00034628 _____ () C:\Users\Simon\Downloads\FRST.txt
2014-08-27 09:46 - 2014-08-27 09:47 - 00000000 ____D () C:\FRST
2014-08-27 09:43 - 2014-08-27 09:44 - 02103296 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2014-08-27 08:50 - 2014-08-27 08:50 - 00000368 _____ () C:\Users\Simon\Desktop\TRACC Reader.appref-ms
2014-08-27 08:50 - 2014-08-27 08:50 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Competitive Capabilities International
2014-08-27 08:00 - 2014-08-27 08:01 - 00002184 _____ () C:\Users\Simon\Downloads\TRACC.Windows.Reader.application
2014-08-27 07:48 - 2014-08-27 08:53 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Astrill
2014-08-27 07:48 - 2014-08-27 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill
2014-08-27 07:48 - 2014-08-27 07:48 - 00000000 ____D () C:\Program Files (x86)\Astrill
2014-08-26 13:29 - 2014-08-26 13:29 - 00165376 _____ () C:\Users\Simon\Downloads\SystemLook_x64 (1).exe
2014-08-26 10:44 - 2014-08-26 10:44 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-08-26 10:24 - 2014-08-26 10:41 - 37782816 _____ (Foxit Corporation ) C:\Users\Simon\Downloads\FoxitReader623.815_prom_enu_Setup.exe
2014-08-26 10:02 - 2014-08-26 10:02 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\AVAST Software
2014-08-26 10:01 - 2014-08-26 10:01 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-26 10:01 - 2014-08-26 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-26 10:00 - 2014-08-27 09:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-26 10:00 - 2014-08-26 10:01 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-26 10:00 - 2014-08-26 10:00 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-26 10:00 - 2014-08-26 10:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-26 09:52 - 2014-08-26 09:53 - 04862664 _____ (AVAST Software) C:\Users\Simon\Downloads\avast_free_antivirus_setup_online (1).exe
2014-08-25 14:40 - 2014-08-26 13:35 - 00000000 ____D () C:\Users\Simon\Desktop\Malware Solution
2014-08-25 14:30 - 2014-08-26 13:35 - 00052716 _____ () C:\Users\Simon\Downloads\SystemLook.txt
2014-08-25 14:28 - 2014-08-25 14:29 - 00165376 _____ () C:\Users\Simon\Downloads\SystemLook_x64.exe
2014-08-25 08:37 - 2014-08-25 08:37 - 00099030 _____ () C:\ComboFix.txt
2014-08-25 08:11 - 2014-08-25 08:37 - 00000000 ____D () C:\Qoobox
2014-08-25 08:11 - 2014-08-25 08:37 - 00000000 ____D () C:\ComboFix
2014-08-25 08:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-25 08:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-25 08:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-25 08:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-25 08:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-25 08:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-25 08:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-25 08:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-25 08:10 - 2014-08-25 08:30 - 00000000 ____D () C:\Windows\erdnt
2014-08-25 08:00 - 2014-08-25 08:02 - 05572212 ____R (Swearware) C:\Users\Simon\Downloads\ComboFix.exe
2014-08-25 05:16 - 2014-08-25 05:16 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Simon\Downloads\rkill.com
2014-08-25 01:31 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 01:31 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 01:31 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 01:31 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 01:31 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 01:31 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 01:31 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 01:31 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 01:31 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 01:31 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 01:31 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 01:31 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 01:31 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 01:31 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-24 05:48 - 2014-08-26 01:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 05:48 - 2014-08-24 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 05:48 - 2014-08-24 05:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 05:48 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 05:48 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 05:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 05:44 - 2014-08-24 05:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-24 05:06 - 2014-08-25 06:00 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-24 04:57 - 2014-08-25 07:14 - 04161299 _____ () C:\Users\Simon\Downloads\tdsskiller123.zip
2014-08-22 05:28 - 2014-08-22 05:28 - 00000000 ____D () C:\Users\Simon\AppData\Local\Adobe
2014-08-21 02:28 - 2014-08-21 02:37 - 00000150 _____ () C:\Users\Simon\Downloads\Support.ini
2014-08-21 02:27 - 2014-08-26 09:17 - 00000000 ____D () C:\Users\Simon\Downloads\Avast
2014-08-19 04:08 - 2014-08-26 09:56 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-19 03:47 - 2014-08-19 03:50 - 91906368 _____ (AVAST Software) C:\Users\Simon\Downloads\avast_free_antivirus_setup.exe
2014-08-19 03:07 - 2014-08-19 03:07 - 00001154 _____ () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Dell SonicWALL NetExtender.lnk
2014-08-18 12:33 - 2014-08-18 12:34 - 13829304 _____ (Microsoft Corporation) C:\Users\Simon\Downloads\mseinstall (1).exe
2014-08-17 08:07 - 2014-08-17 08:07 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-17 08:05 - 2014-08-17 08:06 - 01921728 _____ () C:\Users\Simon\Downloads\winrar-x64-511b1.exe
2014-08-14 10:28 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 10:28 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 10:28 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 10:28 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 10:28 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 10:28 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 10:27 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 10:27 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:12 - 2014-08-14 10:13 - 01025496 _____ () C:\Windows\Minidump\081414-73538-01.dmp
2014-08-13 20:07 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 20:07 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 20:07 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 20:07 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 20:07 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 20:07 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 20:07 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 20:07 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 20:07 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 20:07 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 20:07 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 20:07 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 20:07 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 20:07 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 20:07 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 20:07 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 20:07 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 20:07 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 20:07 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 20:07 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 20:07 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 20:07 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 20:07 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 20:07 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 20:07 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 20:07 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 20:07 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 20:07 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 20:07 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 20:07 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 20:07 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 20:07 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 20:07 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 20:07 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 20:07 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 20:07 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 20:07 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 20:07 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 20:07 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 20:07 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 20:07 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 20:07 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 20:07 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 20:07 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 20:07 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 20:07 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 20:07 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 20:07 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 20:07 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 20:07 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 20:07 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 20:07 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 20:07 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 20:07 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 20:07 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 20:07 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 17:22 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 17:22 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 17:22 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 17:22 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 17:22 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 17:22 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 17:22 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 17:22 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 17:22 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 17:22 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 17:22 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 17:22 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 17:15 - 2014-07-16 04:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 17:15 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 17:15 - 2014-07-16 03:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 17:15 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 17:15 - 2014-07-16 03:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 17:15 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 17:15 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 17:15 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 17:15 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 17:15 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 17:15 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 17:15 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 17:15 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 17:14 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 17:14 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 17:14 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 17:14 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 17:13 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 17:13 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 09:19 - 2014-08-13 09:19 - 01077144 _____ () C:\Windows\Minidump\081314-28095-01.dmp
2014-08-13 02:41 - 2014-08-13 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-12 17:37 - 2014-08-26 11:59 - 01761740 _____ () C:\Windows\PFRO.log
2014-08-12 16:13 - 2014-08-12 16:16 - 04862664 _____ (AVAST Software) C:\Users\Simon\Downloads\avast_free_antivirus_setup_online.exe
2014-08-12 16:01 - 2014-08-14 10:11 - 926706620 _____ () C:\Windows\MEMORY.DMP
2014-08-12 16:01 - 2014-08-12 16:01 - 00999792 _____ () C:\Windows\Minidump\081214-29936-01.dmp
2014-08-12 03:27 - 2014-08-27 09:32 - 00006552 _____ () C:\Windows\setupact.log
2014-08-12 03:27 - 2014-08-12 03:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 20:57 - 2014-08-12 02:54 - 00003992 _____ () C:\Windows\DPINST.LOG
2014-08-11 20:57 - 2014-08-11 20:57 - 00001296 _____ () C:\Windows\Synaptics.log
2014-08-09 19:50 - 2014-08-09 19:51 - 03680544 _____ (Astrill ) C:\Users\Simon\Downloads\astrill-setup-win.exe
2014-08-07 18:57 - 2014-08-26 10:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-07 18:57 - 2014-08-26 10:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-07 18:57 - 2014-08-07 18:57 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-07 18:57 - 2014-08-07 18:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-07 18:57 - 2014-08-07 18:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-07 18:42 - 2014-08-07 18:42 - 00918440 _____ (Oracle Corporation) C:\Users\Simon\Downloads\chromeinstall-7u67 (1).exe
2014-08-07 18:26 - 2014-08-07 18:26 - 00918440 _____ (Oracle Corporation) C:\Users\Simon\Downloads\chromeinstall-7u67.exe
2014-08-07 18:21 - 2014-08-07 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 18:20 - 2014-08-07 18:21 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-01 23:04 - 2014-08-01 23:04 - 01618215 _____ () C:\Users\Simon\Downloads\15bodylanguageblunders-140707011652-phpapp01.pptx
2014-08-01 22:53 - 2014-08-01 22:53 - 00884554 _____ () C:\Users\Simon\Downloads\25ntkkeyperformanceindicators-140729020920-phpapp01.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 09:48 - 2014-08-27 09:47 - 00034628 _____ () C:\Users\Simon\Downloads\FRST.txt
2014-08-27 09:48 - 2012-04-23 12:20 - 00000000 ____D () C:\Users\Simon\Documents\Outlook Files
2014-08-27 09:47 - 2014-08-27 09:46 - 00000000 ____D () C:\FRST
2014-08-27 09:44 - 2014-08-27 09:43 - 02103296 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2014-08-27 09:43 - 2009-07-14 05:45 - 00031616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 09:43 - 2009-07-14 05:45 - 00031616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 09:38 - 2012-05-18 19:29 - 00000000 ____D () C:\Users\Simon\AppData\Local\Deployment
2014-08-27 09:37 - 2013-08-16 04:32 - 00000000 ___RD () C:\Users\Simon\Dropbox
2014-08-27 09:37 - 2013-08-16 04:29 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Dropbox
2014-08-27 09:36 - 2012-01-29 17:04 - 01102258 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 09:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-08-27 09:35 - 2014-08-26 10:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-27 09:33 - 2013-03-11 03:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 09:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 09:33 - 2009-07-14 05:45 - 00423688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 09:32 - 2014-08-12 03:27 - 00006552 _____ () C:\Windows\setupact.log
2014-08-27 09:12 - 2013-03-11 03:58 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 09:08 - 2013-01-29 17:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 08:53 - 2014-08-27 07:48 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Astrill
2014-08-27 08:53 - 2013-02-08 06:07 - 00004860 _____ () C:\Windows\SysWOW64\ASProxy.ini
2014-08-27 08:53 - 2013-02-08 06:07 - 00003004 _____ () C:\Windows\SysWOW64\ASProxyOff.ini
2014-08-27 08:53 - 2013-02-08 06:07 - 00003004 _____ () C:\Windows\system32\ASProxyOff.ini
2014-08-27 08:50 - 2014-08-27 08:50 - 00000368 _____ () C:\Users\Simon\Desktop\TRACC Reader.appref-ms
2014-08-27 08:50 - 2014-08-27 08:50 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Competitive Capabilities International
2014-08-27 08:27 - 2012-04-23 10:16 - 00000000 ____D () C:\Temp
2014-08-27 08:01 - 2014-08-27 08:00 - 00002184 _____ () C:\Users\Simon\Downloads\TRACC.Windows.Reader.application
2014-08-27 08:01 - 2012-05-18 19:29 - 00000000 ____D () C:\Users\Simon\AppData\Local\Apps\2.0
2014-08-27 07:48 - 2014-08-27 07:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill
2014-08-27 07:48 - 2014-08-27 07:48 - 00000000 ____D () C:\Program Files (x86)\Astrill
2014-08-27 06:44 - 2012-04-20 18:54 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-27 00:54 - 2013-12-05 15:11 - 00000468 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-08-26 13:35 - 2014-08-25 14:40 - 00000000 ____D () C:\Users\Simon\Desktop\Malware Solution
2014-08-26 13:35 - 2014-08-25 14:30 - 00052716 _____ () C:\Users\Simon\Downloads\SystemLook.txt
2014-08-26 13:29 - 2014-08-26 13:29 - 00165376 _____ () C:\Users\Simon\Downloads\SystemLook_x64 (1).exe
2014-08-26 12:26 - 2012-04-20 18:54 - 00003496 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-26 12:26 - 2012-04-20 18:54 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-26 11:59 - 2014-08-12 17:37 - 01761740 _____ () C:\Windows\PFRO.log
2014-08-26 10:44 - 2014-08-26 10:44 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-08-26 10:41 - 2014-08-26 10:24 - 37782816 _____ (Foxit Corporation ) C:\Users\Simon\Downloads\FoxitReader623.815_prom_enu_Setup.exe
2014-08-26 10:33 - 2014-08-07 18:57 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-26 10:32 - 2014-08-07 18:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-26 10:32 - 2013-10-16 14:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-26 10:21 - 2013-01-29 17:59 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-26 10:21 - 2013-01-29 17:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-26 10:21 - 2013-01-29 17:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-26 10:02 - 2014-08-26 10:02 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\AVAST Software
2014-08-26 10:01 - 2014-08-26 10:01 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-26 10:01 - 2014-08-26 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-26 10:01 - 2014-08-26 10:00 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-26 10:00 - 2014-08-26 10:00 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-26 10:00 - 2014-08-26 10:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-26 10:00 - 2014-08-26 10:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-26 09:56 - 2014-08-19 04:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-26 09:53 - 2014-08-26 09:52 - 04862664 _____ (AVAST Software) C:\Users\Simon\Downloads\avast_free_antivirus_setup_online (1).exe
2014-08-26 09:25 - 2012-01-29 17:19 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-26 09:17 - 2014-08-21 02:27 - 00000000 ____D () C:\Users\Simon\Downloads\Avast
2014-08-26 09:01 - 2012-04-20 19:08 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Skype
2014-08-26 08:01 - 2012-04-23 10:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-26 01:53 - 2014-08-24 05:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 14:29 - 2014-08-25 14:28 - 00165376 _____ () C:\Users\Simon\Downloads\SystemLook_x64.exe
2014-08-25 11:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 09:03 - 2013-01-29 17:41 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-25 08:37 - 2014-08-25 08:37 - 00099030 _____ () C:\ComboFix.txt
2014-08-25 08:37 - 2014-08-25 08:11 - 00000000 ____D () C:\Qoobox
2014-08-25 08:37 - 2014-08-25 08:11 - 00000000 ____D () C:\ComboFix
2014-08-25 08:30 - 2014-08-25 08:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-25 08:25 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-25 08:02 - 2014-08-25 08:00 - 05572212 ____R (Swearware) C:\Users\Simon\Downloads\ComboFix.exe
2014-08-25 07:29 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 07:14 - 2014-08-24 04:57 - 04161299 _____ () C:\Users\Simon\Downloads\tdsskiller123.zip
2014-08-25 06:00 - 2014-08-24 05:06 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-25 05:16 - 2014-08-25 05:16 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Simon\Downloads\rkill.com
2014-08-25 03:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-24 06:45 - 2014-02-06 09:03 - 00000000 ____D () C:\Windows\pss
2014-08-24 06:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2014-08-24 06:19 - 2014-01-08 02:00 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Systweak
2014-08-24 06:19 - 2014-01-08 02:00 - 00000000 ____D () C:\ProgramData\systweak
2014-08-24 06:19 - 2013-11-14 05:16 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\DigitalSite
2014-08-24 06:19 - 2012-08-20 04:30 - 00000000 ____D () C:\Users\Simon\AppData\Local\CRE
2014-08-24 05:48 - 2014-08-24 05:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 05:48 - 2014-08-24 05:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 05:48 - 2013-01-29 15:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 05:46 - 2014-08-24 05:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-22 05:35 - 2012-05-21 14:00 - 00000000 ____D () C:\ldiag
2014-08-22 05:28 - 2014-08-22 05:28 - 00000000 ____D () C:\Users\Simon\AppData\Local\Adobe
2014-08-21 02:37 - 2014-08-21 02:28 - 00000150 _____ () C:\Users\Simon\Downloads\Support.ini
2014-08-21 02:27 - 2012-04-23 15:47 - 00000000 ____D () C:\Log
2014-08-19 03:50 - 2014-08-19 03:47 - 91906368 _____ (AVAST Software) C:\Users\Simon\Downloads\avast_free_antivirus_setup.exe
2014-08-19 03:11 - 2012-05-03 12:31 - 00000000 ____D () C:\Users\DefaultAppPool
2014-08-19 03:07 - 2014-08-19 03:07 - 00001154 _____ () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Dell SonicWALL NetExtender.lnk
2014-08-19 03:07 - 2013-05-16 01:59 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell SonicWALL NetExtender
2014-08-18 15:49 - 2014-05-22 14:44 - 00000000 ___RD () C:\Users\Simon\Google Drive
2014-08-18 12:37 - 2013-01-29 17:41 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-18 12:34 - 2014-08-18 12:33 - 13829304 _____ (Microsoft Corporation) C:\Users\Simon\Downloads\mseinstall (1).exe
2014-08-18 11:29 - 2013-04-18 12:53 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-17 10:51 - 2012-05-10 12:31 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-17 09:22 - 2014-05-22 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-17 08:07 - 2014-08-17 08:07 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-17 08:07 - 2012-05-10 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-17 08:06 - 2014-08-17 08:05 - 01921728 _____ () C:\Users\Simon\Downloads\winrar-x64-511b1.exe
2014-08-14 23:58 - 2013-08-16 04:29 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 12:43 - 2014-05-22 09:45 - 00000000 ___RD () C:\Users\Simon\Virtual Machines
2014-08-14 12:43 - 2012-04-20 18:53 - 00000000 ____D () C:\Users\Simon
2014-08-14 12:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 10:37 - 2013-07-15 09:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 10:37 - 2012-04-20 19:43 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 10:27 - 2009-07-14 06:13 - 00910722 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-14 10:13 - 2014-08-14 10:12 - 01025496 _____ () C:\Windows\Minidump\081414-73538-01.dmp
2014-08-14 10:12 - 2013-04-05 14:16 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 10:11 - 2014-08-12 16:01 - 926706620 _____ () C:\Windows\MEMORY.DMP
2014-08-14 03:01 - 2014-05-07 14:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 09:19 - 2014-08-13 09:19 - 01077144 _____ () C:\Windows\Minidump\081314-28095-01.dmp
2014-08-13 02:42 - 2014-07-02 18:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-13 02:41 - 2014-08-13 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-13 02:41 - 2014-07-02 18:51 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-13 02:41 - 2014-07-02 18:50 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-13 02:41 - 2014-07-02 18:50 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-12 16:16 - 2014-08-12 16:13 - 04862664 _____ (AVAST Software) C:\Users\Simon\Downloads\avast_free_antivirus_setup_online.exe
2014-08-12 16:16 - 2012-04-20 19:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-12 16:01 - 2014-08-12 16:01 - 00999792 _____ () C:\Windows\Minidump\081214-29936-01.dmp
2014-08-12 16:01 - 2012-04-20 18:54 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-12 06:28 - 2012-04-20 18:54 - 00004236 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-12 03:27 - 2014-08-12 03:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-12 02:54 - 2014-08-11 20:57 - 00003992 _____ () C:\Windows\DPINST.LOG
2014-08-11 20:57 - 2014-08-11 20:57 - 00001296 _____ () C:\Windows\Synaptics.log
2014-08-11 15:25 - 2012-04-20 19:08 - 00000000 ____D () C:\ProgramData\Skype
2014-08-09 19:51 - 2014-08-09 19:50 - 03680544 _____ (Astrill ) C:\Users\Simon\Downloads\astrill-setup-win.exe
2014-08-07 18:57 - 2014-08-07 18:57 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-07 18:57 - 2014-08-07 18:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-07 18:57 - 2014-08-07 18:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-07 18:42 - 2014-08-07 18:42 - 00918440 _____ (Oracle Corporation) C:\Users\Simon\Downloads\chromeinstall-7u67 (1).exe
2014-08-07 18:26 - 2014-08-07 18:26 - 00918440 _____ (Oracle Corporation) C:\Users\Simon\Downloads\chromeinstall-7u67.exe
2014-08-07 18:21 - 2014-08-07 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-07 18:21 - 2014-08-07 18:20 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-07 03:06 - 2014-08-13 17:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-13 17:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-05 09:13 - 2012-04-20 21:32 - 00000000 ____D () C:\Users\Simon\Documents\Docs14
2014-08-04 19:46 - 2013-12-23 14:01 - 00001656 _____ () C:\Windows\system32\ASOROSet.bin
2014-08-04 19:46 - 2009-07-14 03:34 - 93323264 _____ () C:\Windows\system32\config\software.bak
2014-08-04 19:46 - 2009-07-14 03:34 - 22282240 _____ () C:\Windows\system32\config\system.bak
2014-08-04 19:46 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-08-04 19:42 - 2009-07-14 03:34 - 00094208 _____ () C:\Windows\system32\config\sam.bak
2014-08-01 23:04 - 2014-08-01 23:04 - 01618215 _____ () C:\Users\Simon\Downloads\15bodylanguageblunders-140707011652-phpapp01.pptx
2014-08-01 22:53 - 2014-08-01 22:53 - 00884554 _____ () C:\Users\Simon\Downloads\25ntkkeyperformanceindicators-140729020920-phpapp01.pptx
2014-08-01 00:41 - 2014-08-13 20:07 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 00:16 - 2014-08-13 20:07 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 
Files to move or delete:
====================
C:\ProgramData\pclunst.exe
 
 
Some content of TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp87825z.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 12:35
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Simon at 2014-08-27 09:49:09
Running from C:\Users\Simon\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden
BBC iPlayer Downloads (HKLM-x32\...\{E7C9165A-50C1-40E4-B11F-41FC1553D7FD}) (Version: 1.7.3 - BBC)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J265W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3823EC5A-1CA4-42CA-9D5B-F94ABD65410D}) (Version:  - Microsoft)
Dell SonicWALL NetExtender (HKLM-x32\...\{EF06A6A8-6B81-4A09-8223-789953972FFF}) (Version: 6.0.191 - Dell)
digiTRACC Web Application (HKLM-x32\...\{1A6A94FB-6519-4CAD-814C-2700F2A04B8A}) (Version: 5.3.0 - Alchemy Software Solutions (Pty) Ltd.)
DigiTRACC4ClientTools (HKLM-x32\...\{7E45EEE9-031A-455B-965D-BD7AA4C4223C}) (Version: 1.9.1 - Alchemy Software Solutions (Pty) Ltd.)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.3.815 - Foxit Corporation)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{B73D2BF9-2C82-40A4-AFA8-32CE2E501640}) (Version: 2.2.002.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0007 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
MicroDicom 0.7.1 (HKLM-x32\...\MicroDicom) (Version: 0.7.1 - MicroDicom)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.2039 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Windows Debugging Symbols (HKLM-x32\...\{68ADAEAA-DABD-45C1-9CC2-F995407549CD}) (Version: 7601 - Microsoft)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.50.00 - )
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PC Connectivity Solution (HKLM-x32\...\{A2AA4204-C05A-4013-888A-AD153139297F}) (Version: 11.5.29.0 - Nokia)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 1.8.6.6744 - Medixant)
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RICOH Media Driver v2.25.17.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.25.17.01 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.18051 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.1500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.)
TRACC Windows Reader (HKCU\...\21a1d8f2ab67ac64) (Version: 1.0.0.142 - Competitive Capabilities International)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Zip Extractor (HKCU\...\DigitalSite) (Version:  - ) <==== ATTENTION
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\8058FF31D7C7F4818DC176DAF53CD379968C86E4) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Lenovo 1.62.00.00 (01/19/2011 1.62.00.00) (HKLM\...\D01A7EE241898C810674C69EB908D655D149BE77) (Version: 01/19/2011 1.62.00.00 - Lenovo)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)
WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
Youtube Downloader HD v. 2.9.9.10 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-714014653-3220400583-2234839086-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
21-08-2014 02:00:40 Windows Update
21-08-2014 02:52:00 Windows Update
23-08-2014 02:00:13 Windows Update
24-08-2014 02:00:18 Windows Update
24-08-2014 03:32:54 Windows Update
25-08-2014 00:30:17 Windows Update
25-08-2014 02:00:41 Windows Update
25-08-2014 08:26:13 Windows Update
26-08-2014 02:00:17 Windows Update
26-08-2014 08:02:13 avast! antivirus system restore point
26-08-2014 08:55:54 avast! antivirus system restore point
26-08-2014 09:48:17 Windows Update
27-08-2014 02:00:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-08-25 08:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01BE6182-B9A0-4AF6-947E-51994D887DE4} - System32\Tasks\{3885DCCC-C7EB-46CF-B953-4047FD991885} => Chrome.exe http://ui.skype.com/ui/0/5.0.0.152.375/en/go/help.faq.installer?LastError=1603
Task: {11D828F1-BBDF-43A8-AF80-178D72F662D4} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {19585CDE-4EFB-4533-A970-F980D4A19A2D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {206B520C-8AF5-4D82-857F-AD5377161124} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {2E8783D7-D8C7-456A-A5BD-BED2AD38122A} - System32\Tasks\{F8EAD242-A6D4-48D0-9FA8-705B29E89E16} => Chrome.exe http://ui.skype.com/ui/0/5.0.0.152.375/en/go/help.faq.installer?LastError=1603
Task: {301470C1-27A0-4E35-A49C-C99BD9D9E5CD} - System32\Tasks\4699 => Wscript.exe C:\Users\Simon\AppData\Local\Temp\launchie.vbs //B
Task: {33AE40C2-6733-4092-A243-39F0C1B61BF8} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {3BC63CE7-7A8E-42F4-ACD8-F6EE1C7EA9E0} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {430519DA-A020-4B8B-A51B-14F44A0309ED} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {489CAE44-16F6-452B-9A42-9BCE2F59DBD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-26] (AVAST Software)
Task: {4B463167-AC47-4D4E-AE93-BC979BE6D6AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.)
Task: {4C740AC9-3B3A-4621-AF7B-E0F75BBE489E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {5A3E321A-0AA6-4CC9-B200-915315C0FA10} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {5B100C97-456B-43EE-B224-D053E1C0F7A4} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {6F84F013-2630-4044-B793-28DB9607AAFA} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-02-04] ()
Task: {7CFB9075-6FA9-41A1-B271-F4E32F5C6C03} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {7E92BFFB-140E-4CBD-81AA-AE41CCF0C8DA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe
Task: {90A98BE6-8892-454D-A7B9-D750392D085D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {93BB59CE-C0E3-48EB-A74E-547F013E7B36} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe
Task: {9C38C1B9-EC5C-4533-9DEB-2A205994C7AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9FDE84C5-7960-48A9-8A85-5DA822714669} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-08-08] ()
Task: {A904D7C6-4B88-4E16-B3B8-176FEC018BEB} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {AA62A83B-FC09-40D9-B7A1-481A47754CB4} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {AC6322F0-F102-4650-8CBB-2CC916275CBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11] (Google Inc.)
Task: {C3C2E212-ABDA-409A-A621-1E13F50C8B6D} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {C832EA0C-E6B5-448B-84D2-548CF78552DD} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-08-08] (Lenovo)
Task: {ED1462A0-B53E-4225-AA15-9747DBB9AED1} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for SimonThink.Simon => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {ED88F0A0-A18F-4A48-AB96-4332F6E67BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-26] (Adobe Systems Incorporated)
Task: {F1ADF176-A1F4-4397-BC56-F6FE61C844E7} - System32\Tasks\0 => Iexplore.exe 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-07-28 05:07 - 2011-07-28 05:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-01-29 17:15 - 2011-08-31 19:03 - 00045568 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-01-29 17:12 - 2011-08-18 02:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-26 10:00 - 2014-08-26 10:00 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-27 00:55 - 2014-08-27 00:55 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082601\algo.dll
2014-08-27 09:35 - 2014-08-27 09:35 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082700\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-29 17:17 - 2010-04-06 18:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2012-01-29 17:17 - 2010-04-06 18:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2014-08-27 09:37 - 2014-08-27 09:37 - 00043008 _____ () c:\users\simon\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp87825z.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Simon\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-26 10:00 - 2014-08-26 10:00 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-17 09:48 - 2014-08-07 04:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-17 09:48 - 2014-08-07 04:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-17 09:48 - 2014-08-07 04:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-17 09:52 - 2014-08-07 04:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-17 09:48 - 2014-08-07 04:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2683706C
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: BingDesktopUpdate => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2014 09:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 09:34:24 AM) (Source: MSSQLSERVER) (EventID: 17055) (User: )
Description: 19012 :
SuperSocket Info: Bind failed on TCP port 1433.
 
Error: (08/27/2014 09:34:24 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
Error: (08/27/2014 09:34:24 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(ASProxy over [MSAFD Tcpip [TCP/IPv6]]) : Error 0.
 
Error: (08/27/2014 07:38:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 07:37:32 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
Error: (08/27/2014 07:04:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 07:03:36 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
Error: (08/27/2014 06:47:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 06:46:48 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
 
 
System errors:
=============
Error: (08/27/2014 09:35:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error: 
%%3
 
Error: (08/27/2014 09:35:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/27/2014 09:35:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdxc service failed to start due to the following error: 
%%577
 
Error: (08/27/2014 08:27:59 AM) (Source: HTTP) (EventID: 15006) (User: )
Description: \Device\Http\ReqQueueC:\inetpub\logs\LogFiles\W3SVC1\u_ex140827.log
 
Error: (08/27/2014 07:38:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error: 
%%3
 
Error: (08/27/2014 07:38:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/27/2014 07:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdxc service failed to start due to the following error: 
%%577
 
Error: (08/27/2014 07:04:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error: 
%%3
 
Error: (08/27/2014 07:04:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/27/2014 07:04:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The risdxc service failed to start due to the following error: 
%%577
 
 
Microsoft Office Sessions:
=========================
Error: (08/27/2014 09:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 09:34:24 AM) (Source: MSSQLSERVER) (EventID: 17055) (User: )
Description: 19012SuperSocket Info: Bind failed on TCP port 1433.
 
Error: (08/27/2014 09:34:24 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
Error: (08/27/2014 09:34:24 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(ASProxy over [MSAFD Tcpip [TCP/IPv6]]) : Error 0
 
Error: (08/27/2014 07:38:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 07:37:32 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
Error: (08/27/2014 07:04:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 07:03:36 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
Error: (08/27/2014 06:47:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2014 06:46:48 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-27 09:41:21.229
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asvpndrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 09:41:21.135
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\asvpndrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 09:35:39.223
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 09:35:39.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 07:38:30.324
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 07:38:30.230
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 07:04:35.194
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 07:04:35.085
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 06:47:04.216
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-27 06:47:04.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 8075.23 MB
Available physical RAM: 5397.7 MB
Total Pagefile: 16148.65 MB
Available Pagefile: 13338.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:296.62 GB) (Free:142.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C1FAA093)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 28 August 2014 - 05:50 AM

There is no reason but sometimes I´m not able to reply immediately.

 

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Update for Zip Extractor
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 snooze54

snooze54
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 28 August 2014 - 08:05 PM

Marius Hi,

Dunno if my previous reply went thru so trying again:

 

Revo cannot find the Update for Zip Extractor, nor is it listed under the the programmes in control panel.

Can you provide an alternative remover please - would be more efficient to provide both links at the same time?

 

Thanks, Simon

 

 

 

 

Have run the fix:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014

Ran by Simon at 2014-08-29 01:17:06 Run:1
Running from C:\Users\Simon\Downloads\Malware removal
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:2683706C
Task: {301470C1-27A0-4E35-A49C-C99BD9D9E5CD} - System32\Tasks\4699 => Wscript.exe C:\Users\Simon\AppData\Local\Temp\launchie.vbs //B
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
C:\Users\Simon\AppData\Local\Temp\launchie.vbs
C:\ProgramData\pclunst.exe
2014-08-24 06:19 - 2014-01-08 02:00 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Systweak
2014-08-24 06:19 - 2014-01-08 02:00 - 00000000 ____D () C:\ProgramData\systweak
2014-08-24 06:19 - 2013-11-14 05:16 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\DigitalSite
2014-08-24 06:19 - 2012-08-20 04:30 - 00000000 ____D () C:\Users\Simon\AppData\Local\CRE
 
EmptyTemp:
*****************
 
C:\ProgramData\TEMP => ":2683706C" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{301470C1-27A0-4E35-A49C-C99BD9D9E5CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{301470C1-27A0-4E35-A49C-C99BD9D9E5CD}" => Key deleted successfully.
C:\Windows\System32\Tasks\4699 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4699" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\Users\Simon\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
C:\ProgramData\pclunst.exe => Moved successfully.
C:\Users\Simon\AppData\Roaming\Systweak => Moved successfully.
C:\ProgramData\systweak => Moved successfully.
C:\Users\Simon\AppData\Roaming\DigitalSite => Moved successfully.
C:\Users\Simon\AppData\Local\CRE => Moved successfully.
EmptyTemp: => Removed 1010.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
antimalware scan shows no threats found
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 29/08/2014
Scan Time: 01:38:28
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.28.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Simon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 472729
Time Elapsed: 15 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 29 August 2014 - 04:37 AM

Looks good! :)

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 snooze54

snooze54
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 29 August 2014 - 09:30 AM

Marius Hi,
Here is the result of the latest scan with the threats listed:
 
C:\FRST\Quarantine\C\ProgramData\pclunst.exe.xBAD probably a variant of Win32/PCCleaners potentially unwanted application
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Simon\Downloads\android-recovery.exe Android/Exploit.PSN.A trojan
C:\Users\Simon\Downloads\FoxitReader602.0413_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Simon\Downloads\PCDiagnosisProSetup.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\Users\Simon\Downloads\REGSERVO_Pro_Installer.exe probably a variant of Win32/AdWare.ErrorEND.A application
C:\Users\Simon\Downloads\Unlocker1.9.2.exe Win32/DownWare.L potentially unwanted application
C:\Users\Simon\Downloads\winzipsystemutilitiessuite-WZSS13.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\Users\Simon\Downloads\winzipsystemutilitiessuite.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\Users\Simon\Downloads\wzsus18.exe a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application
C:\Users\Simon\Downloads\wzsysutil1.exe Win32/AdvancedSystemProtector.A potentially unwanted application
C:\Users\Simon\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy potentially unsafe application
 
 
if there are more scans to perform can you please give me the next 2 or 3 scans altogether as this is taking a long time to do 1 thing at a time.
Appreciate what you are doing but you can see from my side that this is very tedious and plenty of room for improvement, which btw is my job!
 
thanks, Simon


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 01 September 2014 - 06:41 AM

These files aren´t malware but contain security risks.

I´d delete them immediately - your choice.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 snooze54

snooze54
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 01 September 2014 - 09:30 AM

Marius Hi,

Here are the results of the scans and I have deleted the files mentioned above in the previous scan:

 

1. AdwCleaner:

 

# AdwCleaner v3.308 - Report created 01/09/2014 at 14:18:11
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Simon - SIMONTHINK
# Running from : C:\Users\Simon\Downloads\adwcleaner_3.308.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\Tarma Installer
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Simon\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Simon\AppData\Local\Conduit
Folder Deleted : C:\Users\Simon\AppData\Local\PackageAware
Folder Deleted : C:\Users\Simon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Simon\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Simon\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Simon\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Simon\AppData\Roaming\speedypc software
Folder Deleted : C:\Users\Simon\AppData\Roaming\YourFileDownloader
File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : paretologic registration3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_imindmap_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_imindmap_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [6711 octets] - [01/09/2014 14:15:43]
AdwCleaner[S0].txt - [6347 octets] - [01/09/2014 14:18:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6407 octets] ##########
 
 
2. Junkware Removal Tool
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Simon on 01/09/2014 at 14:45:14.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{26FB9893-847C-440F-B2BC-BF4143D9FD04}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{59F3F1BF-C7AC-4C80-84F7-DE31ED74DF07}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{82F8C434-897B-400B-BEE7-E4ACDE8F084B}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{89A4F0E2-CB49-42C0-A173-8F373AF558E4}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{90695676-D750-4BE9-87A0-C540A0438304}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{BD835B75-8836-406D-920A-9DCC1B789474}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{CD7C0208-2463-4603-931B-7759D61482FC}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{DF938A39-EDBC-4B9E-880B-AC89585451EC}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{E8C02930-BCF1-4EFF-8EF7-4BF8254B6DD8}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{E91B3DCE-CA4F-4E07-AB20-565ACD27395C}
Successfully deleted: [Empty Folder] C:\Users\Simon\appdata\local\{EF7E5E42-BE9E-4D5E-8628-89139D972A24}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/09/2014 at 14:51:21.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
3. Security Check
 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java 8 Update 20  
 Adobe Flash Player 14.0.0.179  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 Simon Downloads Malware removal SecurityCheck.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
Now we are nearing the end and there appears to be too many unwanted programmes as well as the malware at the beginning. Too many virus removal/pc cleanup tools which been deleted in various forms but left bits of their software in my machine - would that be a layman's summary of what has happened here?
 
So, with an objective view, which is the best combination of preventive programmes to use?
The options seem to be:
1. MalwareBytes for the nasty stuff and Windows Security Essentials for the daily virus prevention.
2. MalwareBytes and Avast without Grime Fighter
 
Are there others I should consider?
Thanks, Simon


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 AM

Posted 08 September 2014 - 05:10 AM

Your system is clean now! :)

 

We´ll remove the remainings now:

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 snooze54

snooze54
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 AM

Posted 08 September 2014 - 08:19 AM

Marius Hi,
Results of the last scan:
 
# DelFix v10.8 - Logfile created 08/09/2014 at 14:07:52
# Updated 29/07/2014 by Xplode
# Username : Simon - SIMONTHINK
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\TDSSKiller_Quarantine
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #890 [ComboFix created restore point | 09/08/2014 13:06:23]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
 
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users