Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PastaQuotes and Trovi problem


  • This topic is locked This topic is locked
12 replies to this topic

#1 85strat

85strat

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 15 September 2014 - 02:29 PM

I have run Malwarebytes Anti-Malware scanner because I have had an ongoing battle with Trovi and probable incurred more problems trying to be Mr. Fixit with ComboFix and Dr. Housecall. I still have the Trovi after running the MBAM and the Combofix. I have logs from both processes and require assistance from someone who knows (better than I) how to rectify this. 

 

example - PUP.Optional.PastaLeads and PUP.Optional.Trovi.A

 

the system experiences slowdowns (stutters) but runs fairly reliably for the most part.



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 15 September 2014 - 02:55 PM

Hello 85strat and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

---------------------------------------------------------------------------------------------------------

 

Please do the following.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

:hello:

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 15 September 2014 - 03:40 PM

As you have advised, I have run the scan and attached the resulting log.

 

  Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014

Ran by Jfre at 2014-09-15 16:26:06
Running from C:\Users\Jfre\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30380 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Ares 2.2.8 (HKLM-x32\...\Ares) (Version: 2.2.8-Build#3052 - Seekar Ltd)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{6CADC615-64C7-7366-A49A-342E8B7D3C9B}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0719.1349.22889 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help English (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help French (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help German (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0719.1348.22889 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0719.1349.22889 - ATI) Hidden
ccc-utility64 (Version: 2010.0719.1349.22889 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
ConvertXtoDVD 3.3.4.106e (HKLM-x32\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.3.4.106e - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2626 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.9.1106.1 - Vimicro)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 0.38.389.2 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
LG United Mobile Drivers (HKLM-x32\...\{B03954CC-E130-4E57-BC83-869978685902}) (Version: 3.3.0.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
Oasis2Service 1.0 (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.0 - DDNi)
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6184 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RegistryBooster (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1) (Version: 6.1.2.1 - Uniblue Systems Limited)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sid Meier's Alpha Centauri (HKLM-x32\...\Sid Meier's Alpha Centauri) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
UMPlayer 0.98 [Athlon] (HKLM-x32\...\UMPlayer) (Version: 0.98 - Ori Rejwan)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
VSO Media Player 1.2.2.450 (HKLM-x32\...\{59F1E8E6-60EC-4CC1-8C72-E0F38E585215}_is1) (Version: 1.2.2.450 - VSO Software)
Waterfall Chart Creator (HKLM-x32\...\Waterfall Chart Creator) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.4 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.4 - Corel Corporation)
WordPerfect Office X7 - Common Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Common Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM Content TBYB  (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - IPM TBYB (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Lightning Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Oxford (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Presentations Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Quattro Pro Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - Setup Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - System Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WordPerfect Files English (x32 Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WPD format Props x64 (Version: 17.0 - Corel Corporation) Hidden
WordPerfect Office X7 - WT (x32 Version: 17.0 -  Corel Corporation) Hidden
WordPerfect Office X7 (HKLM-x32\...\_{64A329FC-D1B2-4354-922D-21F7EC777E10}) (Version: 17.0.0.314 - Corel Corporation)
WordPerfect Office X7 (x32 Version: 17.0 - Corel Corporation) Hidden
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-284951326-781440196-1633126248-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
09-09-2014 13:49:55 Windows Update
11-09-2014 07:01:16 Windows Update
15-09-2014 00:47:27 avast! antivirus system restore point
15-09-2014 00:51:28 Restore Operation
15-09-2014 02:11:29 Windows Update
15-09-2014 07:01:12 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-05-19 00:32 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00E2C8F4-D848-4ABA-9736-B7588A7A996E} - System32\Tasks\{9FCA22FF-F41B-4223-802C-515AB1AF215B} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {0320B13E-B55A-4CF6-9735-57FE5B89D424} - System32\Tasks\{D0676FB9-E2FC-4321-A435-9D38097B387A} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {0792D84C-E2CD-4EE3-9B5F-D15AD6784901} - System32\Tasks\{6B3DB292-BFCA-4D9D-A093-2EFCCD566A7C} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {135F7125-D0BC-49AF-A3AD-08D2AE82C6F8} - System32\Tasks\{B1A4D349-A7AD-41FF-9D71-4EDCE4A682F3} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {18644ACB-0173-4DA5-8103-ED25FD31F432} - System32\Tasks\RegistryBooster Maintenance => C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe [2013-11-11] (Uniblue Systems Limited)
Task: {2305B5DE-3FDD-4FE0-8D01-9FF0E7CD7F89} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {30B983BB-33C3-4BED-A05A-C3FB26D3A2AE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {32C5F91C-071C-433D-80E9-564C3B6FAC2D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-08] (AVAST Software)
Task: {34607D90-ADE8-40A1-99C0-CB75EFE35A8B} - System32\Tasks\DSite => C:\Users\Jfre\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6692A44B-9026-4B65-AB1A-7772ABB8B33B} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {70380631-9AB8-4614-8008-C115C8F915CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {70730D79-A256-48E9-8DFB-1E6590FC5FE4} - System32\Tasks\{BF7F2FEB-67A6-46D7-B4DE-01E14884066F} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {73C72F36-F012-4680-BB4A-24D65986FC10} - System32\Tasks\{68513219-9582-48B8-843A-FE1602B8768C} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {7526D5E1-C781-4472-A7FA-6EB14BFD56B9} - System32\Tasks\{59E23947-2830-43C6-A651-7B192416DBC7} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {789AFCA2-D40D-4ED3-B720-759235FF6CE1} - System32\Tasks\{7265EEAE-949E-4BCC-84B9-5E7812CE369D} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {8B01F8A0-AB40-4C4B-9FE4-0367BC4E029E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {93D81605-7A64-4157-93F7-7C8F5FC24B87} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-JFRE-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {95EE909E-66EE-4D10-BD36-69A4553FA068} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {967B1799-ED1A-4887-8219-522FC9A237E0} - System32\Tasks\{6DEBC9C0-0AA5-4CD0-B223-50C07D3448E4} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {972A5485-010E-409B-8502-311C5784F5AC} - System32\Tasks\{8A3DC156-CEF4-4E91-9CC9-B2D09CC96163} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {97497E71-EA3F-4D2C-8FCE-0A3EEAE8DB4C} - System32\Tasks\{3DB6F98F-435C-4DE2-8BEC-F8F12F6FB284} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2014-08-03] (Adobe Systems Incorporated)
Task: {9816BFC4-3320-4BA9-8291-B1B7CF39DEC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02] (Google Inc.)
Task: {A7E55857-7A2C-4461-9E43-614C597B901A} - \PastaQuotes No Task File <==== ATTENTION
Task: {A9957F5B-76E8-4EEF-81AF-0C42A163B08A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B772BA53-80F5-4263-9B37-3F5D276F757A} - System32\Tasks\{55D304AB-830F-4E16-90D1-B6A1BEC8F340} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {B82E61D0-2022-4ACA-8AA3-285FCFBF0F71} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B873F741-7D35-4650-BD67-F48A24B8DC59} - System32\Tasks\{3F81FB9F-98C7-4959-8285-887CDEC6FB74} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {BB7C401C-E40C-4E24-9437-A2A358B940A5} - System32\Tasks\{C52EF7DC-AB60-46FB-BAEC-38AED9825896} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {BC20D3C7-1E37-42B9-9233-E395CA35F792} - System32\Tasks\{D477315D-75AE-47C4-BAFD-65F1CB548DBB} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.111&amp;LastError=12002
Task: {C9817565-4906-4D4B-BFEA-9D8A51434A35} - System32\Tasks\{CB17A3C9-2D78-4980-A4D6-56DB4CB164EC} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {CB8C5376-AA00-437C-B526-E3C560BEEBB7} - System32\Tasks\{BC79F1AD-ACA9-411B-9375-344B4A801D88} => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2010-03-02] (CyberLink Corp.)
Task: {D3429CDD-B63A-4F01-8831-2648F2A956DC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DA519EC6-040E-4F0F-8E0A-BB3D605F96C0} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-05-27] () <==== ATTENTION
Task: {DE2C0309-F28D-4DA3-87E5-ED88EC4B29D4} - System32\Tasks\{B1D55DEE-BE06-4C6D-8AD0-205F1AE5B1FD} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {DE3BE240-9A3C-4A9A-8CF5-0670CB1B6290} - System32\Tasks\{2A84D7E6-A43E-423A-AA21-738680DD471A} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: {DF090A9B-AFB0-4E84-8FEA-085F0FF6D840} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E4656E7B-A7D3-43A0-9B4E-3F4E96230D63} - System32\Tasks\{7DB972BC-19C4-41C2-870F-2C58962D36A7} => C:\Program Files (x86)\Refworks\WriteNCite.exe
Task: {E8F17B73-9029-4E18-A7A5-E724FDCC4AEF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated)
Task: {EA742FDF-6374-4651-B22E-51F849708105} - System32\Tasks\{6A6A8CA0-8D11-4EDD-9FE1-4E4DF6B7464A} => C:\Program Files (x86)\Ares\Ares.exe [2014-03-28] (Seekar Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegistryBooster Maintenance.job => C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-04-25 04:13 - 2014-04-25 04:13 - 00249024 _____ () C:\Program Files\pcreg\pcreg.exe
2010-12-11 11:53 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-12-11 11:53 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2010-12-11 11:37 - 2009-12-18 22:53 - 00120224 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WMCEvent.dll
2014-07-08 23:35 - 2014-07-08 23:35 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-15 15:11 - 2014-09-15 15:11 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091501\algo.dll
2014-07-08 23:35 - 2014-07-08 23:35 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-15 15:08 - 2014-09-15 15:08 - 00043008 _____ () c:\users\jfre\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Jfre\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-15 05:05 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-15 05:05 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-15 05:05 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-15 05:05 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-15 05:05 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:72EAE23D
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Jfre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BYR_AGENT => C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: OnekeyStudio => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Jfre\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jfre\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
MSCONFIG\startupreg: uTorrent => "C:\Users\Jfre\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: YouCam Mirror Tray icon => "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 04:51:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/14/2014 09:28:16 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
 
Error: (09/14/2014 08:47:20 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.
 
Error: (09/13/2014 01:35:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/12/2014 07:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ONENOTE.EXE, version: 14.0.7107.5000, time stamp: 0x520ab270
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0xeac
Faulting application start time: 0xONENOTE.EXE0
Faulting application path: ONENOTE.EXE1
Faulting module path: ONENOTE.EXE2
Report Id: ONENOTE.EXE3
 
Error: (09/12/2014 05:27:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/11/2014 11:47:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wmplayer.exe version 12.0.7601.18150 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c28
 
Start Time: 01cfcdd77c9a6bc5
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Report Id: d7839567-39ca-11e4-91ef-1c7508590d6f
 
Error: (09/11/2014 05:03:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/06/2014 02:07:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/04/2014 01:05:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (09/15/2014 03:12:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/15/2014 03:06:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Oasis2Service service failed to start due to the following error: 
%%1053
 
Error: (09/15/2014 03:06:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Oasis2Service service to connect.
 
Error: (09/15/2014 02:55:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/15/2014 02:55:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/15/2014 02:55:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/15/2014 02:55:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/15/2014 02:55:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/15/2014 02:55:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/15/2014 02:55:13 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2014 04:51:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (09/14/2014 09:28:16 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070005
 
Error: (09/14/2014 08:47:20 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0xc0000022
 
Error: (09/13/2014 01:35:50 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (09/12/2014 07:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ONENOTE.EXE14.0.7107.5000520ab270ntdll.dll6.1.7601.18247521ea8e7c00000050002e3beeac01cfced9fdd5f3a1C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXEC:\windows\SysWOW64\ntdll.dll4180d126-3ad7-11e4-b08e-1c7508590d6f
 
Error: (09/12/2014 05:27:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (09/11/2014 11:47:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.7601.18150c2801cfcdd77c9a6bc516C:\Program Files (x86)\Windows Media Player\wmplayer.exed7839567-39ca-11e4-91ef-1c7508590d6f
 
Error: (09/11/2014 05:03:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (09/06/2014 02:07:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (09/04/2014 01:05:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-19 00:30:55.303
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-19 00:30:54.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-19 00:30:54.383
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-19 00:30:53.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-16 10:10:06.275
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-16 10:10:05.683
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-07 00:44:20.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-07 00:44:19.740
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ II P540 Dual-Core Processor
Percentage of memory in use: 47%
Total physical RAM: 4090.9 MB
Available physical RAM: 2140.1 MB
Total Pagefile: 8179.98 MB
Available Pagefile: 6024.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:42.02 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6C078518)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
==================== End Of Log ==========================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 15 September 2014 - 05:09 PM

Hi
 
Please send FRST.txt the Logfile


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 15 September 2014 - 08:05 PM

Sorry - 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Jfre (administrator) on JFRE-PC on 15-09-2014 16:24:02
Running from C:\Users\Jfre\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\pcreg\pcreg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Seekar Ltd) C:\Program Files (x86)\Ares\Ares.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11448424 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2009-09-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-12-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE [166240 2014-03-14] (Corel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-284951326-781440196-1633126248-1000\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [2758656 2014-03-28] (Seekar Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C64D20CC-0BD4-492B-B0F9-BAFDC3080214} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US714&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {C64D20CC-0BD4-492B-B0F9-BAFDC3080214} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US714&p={SearchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} http://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\windows\system32\urlmon.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1210150.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lenovo.com/dueng,version=2.0 -> C:\windows\system32\lenovo\update\npdueng.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jfre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Jfre\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-01]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-22]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325291&octid=EB_ORIGINAL_CTID&ISID=M43713BE0-A59A-4875-BD80-F63B2B43D3AC&SearchSource=55&CUI=&UM=2&UP=SP64FB2FAD-0EBC-4EFF-9CAD-481023719784&SSPV="
CHR DefaultSearchKeyword: Default -> 7D83861F138866B6592F6F8378C4F935DD84D31EBE30952A296E0583B266F1D9
CHR DefaultSearchURL: Default -> 7A184B99749167D742970A91A9F295B83726A3571CC9D4635511344A0B80C8DD
CHR Profile: C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-03-31]
CHR Extension: (Duolingo) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-03-31]
CHR Extension: (Google Drive) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (White Noise) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejkjpdnomgodmagfmhojepjlajpoicip [2014-03-31]
CHR Extension: (Pandora) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-03-31]
CHR Extension: (avast! Online Security) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-31]
CHR Extension: (RealDownloader) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-28]
CHR Extension: (Flow Colors Bridges) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhgjgepioclaangaicgmecejjcebppik [2014-03-31]
CHR Extension: (Skype Click to Call) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-22]
CHR Extension: (Google Wallet) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Spotify Web Player Launcher) - C:\Users\Jfre\AppData\Local\Google\Chrome\User Data\Default\Extensions\oafegckanldnpojgnlfgloifiejbkgog [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-23] () [File not signed]
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-08] ()
S3 catchme; No ImagePath
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2013-04-22] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-02-14] (LG Electronics Inc.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [207232 2009-11-09] (Vimicro Corporation)
S3 wdmirror; No ImagePath
U3 BcmSqlStartupSvc; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 16:24 - 2014-09-15 16:24 - 00024779 _____ () C:\Users\Jfre\Downloads\FRST.txt
2014-09-15 16:22 - 2014-09-15 16:24 - 00000000 ____D () C:\FRST
2014-09-15 16:21 - 2014-09-15 16:21 - 02105856 _____ (Farbar) C:\Users\Jfre\Downloads\FRST64.exe
2014-09-15 16:21 - 2014-09-15 16:21 - 01097728 _____ (Farbar) C:\Users\Jfre\Downloads\FRST.exe
2014-09-15 15:04 - 2014-09-15 15:04 - 00000546 _____ () C:\windows\PFRO.log
2014-09-15 15:03 - 2014-09-15 15:03 - 00030211 _____ () C:\Users\Jfre\Documents\combofix scan 09152014.txt
2014-09-15 14:57 - 2014-09-15 14:57 - 00030211 _____ () C:\ComboFix.txt
2014-09-15 14:30 - 2014-09-15 14:30 - 05579386 ____R (Swearware) C:\Users\Jfre\Downloads\ComboFix.exe
2014-09-15 13:58 - 2014-09-15 13:58 - 00001531 _____ () C:\Users\Jfre\Documents\MBAM scan file 09152014.txt
2014-09-15 08:15 - 2014-09-15 08:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jfre\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-15 03:24 - 2014-08-17 00:00 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 03:24 - 2014-08-17 00:00 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 03:24 - 2014-08-16 23:59 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-15 03:24 - 2014-08-16 23:59 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 03:24 - 2014-08-16 23:58 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 03:24 - 2014-08-16 23:58 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-15 03:24 - 2014-08-16 23:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-15 03:24 - 2014-08-16 23:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-15 03:24 - 2014-08-16 03:25 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 03:24 - 2014-08-16 02:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-15 03:24 - 2014-08-16 02:34 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-09-15 03:24 - 2014-08-16 01:53 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-15 03:03 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-15 03:03 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-14 22:12 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-14 22:12 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-14 22:11 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-14 22:11 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-14 22:02 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-14 22:02 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-14 22:02 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-14 22:02 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-14 22:02 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-14 21:54 - 2014-09-14 21:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jfre\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-12 21:15 - 2014-09-14 20:38 - 00000000 ____D () C:\Users\Jfre\Documents\NYADTCP - Resources_files
2014-09-12 21:15 - 2014-09-12 21:15 - 00015194 _____ () C:\Users\Jfre\Documents\NYADTCP - Resources.htm
2014-09-11 23:50 - 2014-09-11 23:50 - 00003606 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Jfre
2014-09-11 20:38 - 2014-09-11 20:38 - 00335906 _____ () C:\Users\Jfre\Downloads\noname (4).eml
2014-09-11 20:38 - 2014-09-11 20:38 - 00292928 _____ () C:\Users\Jfre\Downloads\noname (3).eml
2014-09-11 19:55 - 2014-09-11 19:55 - 00360004 _____ () C:\Users\Jfre\Downloads\noname (2).eml
2014-09-11 19:53 - 2014-09-11 19:54 - 00426186 _____ () C:\Users\Jfre\Downloads\noname (1).eml
2014-09-11 19:52 - 2014-09-11 19:52 - 00293968 _____ () C:\Users\Jfre\Downloads\noname.eml
2014-09-11 16:41 - 2014-09-12 16:47 - 00334535 _____ () C:\Users\Jfre\AppData\Local\census.cache
2014-09-11 16:41 - 2014-09-12 16:46 - 00184563 _____ () C:\Users\Jfre\AppData\Local\ars.cache
2014-09-11 16:33 - 2014-09-11 16:33 - 00000000 ____D () C:\Users\Jfre\Doctor Web
2014-09-11 16:31 - 2014-09-14 13:34 - 00000010 _____ () C:\Users\Jfre\AppData\Local\sponge.last.runtime.cache
2014-09-11 16:23 - 2014-09-11 16:23 - 00000036 _____ () C:\Users\Jfre\AppData\Local\housecall.guid.cache
2014-09-11 16:16 - 2014-09-14 20:38 - 00000000 ____D () C:\Users\Jfre\Downloads\Autoruns
2014-09-11 15:58 - 2014-09-11 15:58 - 00511306 _____ () C:\Users\Jfre\Downloads\Autoruns.zip
2014-09-08 00:25 - 2014-09-08 00:25 - 00000381 _____ () C:\Users\Jfre\Downloads\Kubera, Barbara (1).vcf
2014-09-07 01:02 - 2014-09-15 15:05 - 00000336 _____ () C:\windows\setupact.log
2014-09-07 01:02 - 2014-09-07 01:02 - 00000000 _____ () C:\windows\setuperr.log
2014-08-31 22:15 - 2014-08-31 22:16 - 00000000 ____D () C:\Users\Jfre\AppData\Local\{E03B1B82-1B24-4963-9BE0-C1658060162B}
2014-08-28 23:18 - 2014-08-28 23:18 - 04901352 _____ (Piriform Ltd) C:\Users\Jfre\Downloads\ccsetup417.exe
2014-08-28 06:33 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 06:33 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 06:33 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 20:33 - 2014-09-15 15:08 - 00000000 ___RD () C:\Users\Jfre\Dropbox
2014-08-27 20:33 - 2014-08-27 20:56 - 00001013 _____ () C:\Users\Jfre\Desktop\Dropbox.lnk
2014-08-27 19:30 - 2014-08-27 19:30 - 87241738 _____ () C:\Users\Jfre\Downloads\Rant In E-Minor.zip
2014-08-23 23:00 - 2014-08-23 23:00 - 00000295 _____ () C:\windows\EReg072.dat
2014-08-23 23:00 - 2014-08-23 23:00 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-23 23:00 - 2014-08-23 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2014-08-23 19:34 - 2014-08-23 19:32 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-23 19:32 - 2014-08-23 19:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-23 19:32 - 2014-08-23 19:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-23 19:32 - 2014-08-23 19:32 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-23 19:27 - 2014-08-23 19:27 - 00918440 _____ (Oracle Corporation) C:\Users\Jfre\Downloads\chromeinstall-7u67.exe
2014-08-21 17:11 - 2014-09-15 15:06 - 00003222 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-08-18 23:27 - 2014-08-18 23:27 - 00150344 _____ () C:\Users\Jfre\Downloads\UMPlayerSetup (2).exe
2014-08-17 00:00 - 2014-08-17 00:00 - 02321064 _____ () C:\Users\Jfre\Downloads\56559_submitter_file2__DSC3174.NEF
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 16:24 - 2014-09-15 16:24 - 00024779 _____ () C:\Users\Jfre\Downloads\FRST.txt
2014-09-15 16:24 - 2014-09-15 16:22 - 00000000 ____D () C:\FRST
2014-09-15 16:21 - 2014-09-15 16:21 - 02105856 _____ (Farbar) C:\Users\Jfre\Downloads\FRST64.exe
2014-09-15 16:21 - 2014-09-15 16:21 - 01097728 _____ (Farbar) C:\Users\Jfre\Downloads\FRST.exe
2014-09-15 16:14 - 2012-07-17 01:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 16:04 - 2011-10-02 16:35 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 16:00 - 2013-11-29 12:12 - 00000292 _____ () C:\windows\Tasks\RegistryBooster Maintenance.job
2014-09-15 15:45 - 2009-07-14 01:13 - 00850454 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-15 15:17 - 2014-06-04 20:19 - 01678972 _____ () C:\windows\WindowsUpdate.log
2014-09-15 15:17 - 2009-07-14 00:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:17 - 2009-07-14 00:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:08 - 2014-08-27 20:33 - 00000000 ___RD () C:\Users\Jfre\Dropbox
2014-09-15 15:08 - 2014-04-30 09:45 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Dropbox
2014-09-15 15:07 - 2013-04-22 17:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-15 15:06 - 2014-08-21 17:11 - 00003222 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-15 15:06 - 2013-10-09 21:50 - 00003358 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-15 15:06 - 2011-10-02 16:35 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 15:05 - 2014-09-07 01:02 - 00000336 _____ () C:\windows\setupact.log
2014-09-15 15:05 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 15:04 - 2014-09-15 15:04 - 00000546 _____ () C:\windows\PFRO.log
2014-09-15 15:03 - 2014-09-15 15:03 - 00030211 _____ () C:\Users\Jfre\Documents\combofix scan 09152014.txt
2014-09-15 14:57 - 2014-09-15 14:57 - 00030211 _____ () C:\ComboFix.txt
2014-09-15 14:57 - 2014-05-07 00:29 - 00000000 ____D () C:\Qoobox
2014-09-15 14:52 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-09-15 14:30 - 2014-09-15 14:30 - 05579386 ____R (Swearware) C:\Users\Jfre\Downloads\ComboFix.exe
2014-09-15 14:26 - 2014-04-09 14:32 - 00003200 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-15 14:26 - 2014-03-26 17:02 - 00003336 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-284951326-781440196-1633126248-1000
2014-09-15 13:58 - 2014-09-15 13:58 - 00001531 _____ () C:\Users\Jfre\Documents\MBAM scan file 09152014.txt
2014-09-15 08:18 - 2014-05-19 20:36 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 08:17 - 2014-05-19 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 08:17 - 2014-05-19 20:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 08:16 - 2014-09-15 08:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jfre\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-15 08:12 - 2011-02-03 13:53 - 00000000 ____D () C:\Users\Jfre\AppData\Local\Ares
2014-09-15 03:51 - 2009-07-29 03:00 - 00000000 ____D () C:\windows\Panther
2014-09-15 03:23 - 2011-01-24 10:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 03:19 - 2011-01-23 17:18 - 00843068 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-15 03:17 - 2013-08-15 03:01 - 00000000 ____D () C:\windows\system32\MRT
2014-09-15 03:05 - 2011-01-28 13:35 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-15 00:42 - 2012-07-10 16:37 - 00000000 ____D () C:\Users\Jfre\.umplayer
2014-09-14 23:15 - 2012-07-17 01:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-14 23:15 - 2012-03-31 12:02 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-14 23:15 - 2011-05-18 20:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-14 21:55 - 2014-09-14 21:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jfre\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 21:22 - 2014-06-04 20:28 - 00000000 ____D () C:\Users\Jfre\Documents\Corel User Files
2014-09-14 21:22 - 2014-05-16 11:07 - 00000000 ____D () C:\ProgramData\Protexis
2014-09-14 21:22 - 2013-11-22 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-14 21:22 - 2013-06-19 22:18 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-14 21:22 - 2013-04-22 09:44 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-09-14 21:22 - 2012-10-29 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-14 21:22 - 2012-07-20 11:46 - 00000000 ____D () C:\Users\Jfre\Documents\Microsoft Office Professional 2013 with Serial
2014-09-14 21:22 - 2011-11-24 11:19 - 00000000 ____D () C:\windows\system32\Macromed
2014-09-14 21:22 - 2011-05-29 23:03 - 00000000 ____D () C:\ProgramData\Real
2014-09-14 21:22 - 2011-03-01 12:27 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-14 21:22 - 2011-03-01 12:27 - 00000000 ____D () C:\Users\Jfre
2014-09-14 21:22 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-14 21:22 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-09-14 21:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-14 20:59 - 2013-04-22 17:35 - 00001926 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-14 20:41 - 2012-08-24 20:54 - 00000000 ____D () C:\Users\Mcx1-JFRE-PC
2014-09-14 20:38 - 2014-09-12 21:15 - 00000000 ____D () C:\Users\Jfre\Documents\NYADTCP - Resources_files
2014-09-14 20:38 - 2014-09-11 16:16 - 00000000 ____D () C:\Users\Jfre\Downloads\Autoruns
2014-09-14 20:25 - 2014-05-16 11:03 - 00000000 ____D () C:\Users\Public\Documents\WordPerfect Office
2014-09-14 13:34 - 2014-09-11 16:31 - 00000010 _____ () C:\Users\Jfre\AppData\Local\sponge.last.runtime.cache
2014-09-12 21:15 - 2014-09-12 21:15 - 00015194 _____ () C:\Users\Jfre\Documents\NYADTCP - Resources.htm
2014-09-12 16:47 - 2014-09-11 16:41 - 00334535 _____ () C:\Users\Jfre\AppData\Local\census.cache
2014-09-12 16:46 - 2014-09-11 16:41 - 00184563 _____ () C:\Users\Jfre\AppData\Local\ars.cache
2014-09-11 23:50 - 2014-09-11 23:50 - 00003606 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Jfre
2014-09-11 20:41 - 2011-04-03 23:53 - 00000000 ____D () C:\Users\Jfre\Documents\Outlook Files
2014-09-11 20:38 - 2014-09-11 20:38 - 00335906 _____ () C:\Users\Jfre\Downloads\noname (4).eml
2014-09-11 20:38 - 2014-09-11 20:38 - 00292928 _____ () C:\Users\Jfre\Downloads\noname (3).eml
2014-09-11 19:55 - 2014-09-11 19:55 - 00360004 _____ () C:\Users\Jfre\Downloads\noname (2).eml
2014-09-11 19:54 - 2014-09-11 19:53 - 00426186 _____ () C:\Users\Jfre\Downloads\noname (1).eml
2014-09-11 19:52 - 2014-09-11 19:52 - 00293968 _____ () C:\Users\Jfre\Downloads\noname.eml
2014-09-11 19:37 - 2013-01-05 15:22 - 00000000 ____D () C:\Users\Jfre\Documents\ConvertXtoDVD
2014-09-11 16:33 - 2014-09-11 16:33 - 00000000 ____D () C:\Users\Jfre\Doctor Web
2014-09-11 16:23 - 2014-09-11 16:23 - 00000036 _____ () C:\Users\Jfre\AppData\Local\housecall.guid.cache
2014-09-11 15:58 - 2014-09-11 15:58 - 00511306 _____ () C:\Users\Jfre\Downloads\Autoruns.zip
2014-09-08 00:25 - 2014-09-08 00:25 - 00000381 _____ () C:\Users\Jfre\Downloads\Kubera, Barbara (1).vcf
2014-09-08 00:23 - 2014-05-16 11:07 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Corel
2014-09-07 18:25 - 2011-03-01 12:27 - 00001118 _____ () C:\Users\Jfre\Desktop\Cyberlink Power2Go.lnk
2014-09-07 03:18 - 2011-08-21 20:31 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Vso
2014-09-07 01:02 - 2014-09-07 01:02 - 00000000 _____ () C:\windows\setuperr.log
2014-09-05 19:55 - 2014-06-09 20:58 - 00000671 _____ () C:\Users\Jfre\AppData\Roaming\vso_ts_preview.xml
2014-09-01 11:58 - 2011-03-31 12:06 - 00000000 ____D () C:\windows\Minidump
2014-08-31 22:16 - 2014-08-31 22:15 - 00000000 ____D () C:\Users\Jfre\AppData\Local\{E03B1B82-1B24-4963-9BE0-C1658060162B}
2014-08-29 03:22 - 2009-07-14 00:45 - 00479856 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 00:41 - 2013-05-18 17:21 - 00000000 ____D () C:\ProgramData\VSO
2014-08-28 23:20 - 2011-08-25 15:22 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-28 23:20 - 2011-08-25 15:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-28 23:18 - 2014-08-28 23:18 - 04901352 _____ (Piriform Ltd) C:\Users\Jfre\Downloads\ccsetup417.exe
2014-08-27 20:56 - 2014-08-27 20:33 - 00001013 _____ () C:\Users\Jfre\Desktop\Dropbox.lnk
2014-08-27 20:56 - 2014-04-30 09:47 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-27 19:30 - 2014-08-27 19:30 - 87241738 _____ () C:\Users\Jfre\Downloads\Rant In E-Minor.zip
2014-08-25 06:53 - 2011-05-14 10:29 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 23:00 - 2014-08-23 23:00 - 00000295 _____ () C:\windows\EReg072.dat
2014-08-23 23:00 - 2014-08-23 23:00 - 00000000 ____D () C:\Users\Jfre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-23 23:00 - 2014-08-23 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
2014-08-23 19:34 - 2013-09-15 17:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-23 19:32 - 2014-08-23 19:34 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-23 19:32 - 2014-08-23 19:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-23 19:32 - 2014-08-23 19:32 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-23 19:32 - 2014-08-23 19:32 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-23 19:27 - 2014-08-23 19:27 - 00918440 _____ (Oracle Corporation) C:\Users\Jfre\Downloads\chromeinstall-7u67.exe
2014-08-22 22:07 - 2014-08-28 06:33 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-28 06:33 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-28 06:33 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-18 23:29 - 2012-07-10 16:40 - 00000000 ____D () C:\Users\Jfre\AppData\Local\MPlayer
2014-08-18 23:28 - 2012-07-10 16:36 - 00000000 ____D () C:\Program Files (x86)\UMPlayer
2014-08-18 23:27 - 2014-08-18 23:27 - 00150344 _____ () C:\Users\Jfre\Downloads\UMPlayerSetup (2).exe
2014-08-17 00:00 - 2014-09-15 03:24 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-17 00:00 - 2014-09-15 03:24 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-17 00:00 - 2014-08-17 00:00 - 02321064 _____ () C:\Users\Jfre\Downloads\56559_submitter_file2__DSC3174.NEF
2014-08-16 23:59 - 2014-09-15 03:24 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-16 23:59 - 2014-09-15 03:24 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-16 23:59 - 2014-09-15 03:24 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-16 23:59 - 2014-09-15 03:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-16 23:59 - 2014-09-15 03:24 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-16 23:58 - 2014-09-15 03:24 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-16 23:58 - 2014-09-15 03:24 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-16 23:57 - 2014-09-15 03:24 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-16 23:57 - 2014-09-15 03:24 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-16 14:14 - 2012-10-16 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-16 03:25 - 2014-09-15 03:24 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-16 02:43 - 2014-09-15 03:24 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-16 02:34 - 2014-09-15 03:24 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-08-16 01:53 - 2014-09-15 03:24 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
 
Some content of TEMP:
====================
C:\Users\Jfre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 01:59


#6 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 16 September 2014 - 04:32 AM

Hi 85strat,

 

Please uninstall some programs:

  • Please open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

Uniblue
RegistryBooster
Ares
Yahoo! Toolbar
McAfee Security Scan

  • Reboot your computer.

-------------------------------------------------------------------------------------------------------------------------------------------------

 

Going over your logs I noticed that you have Ares installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Ares, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

 

-------------------------------------

 

Step 1:

 

Run FRST fixlist

 

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

start
C:\Program Files\pcreg\pcreg.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C64D20CC-0BD4-492B-B0F9-BAFDC3080214} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US714&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {98255D1A-9267-440B-9040-283CF94E6CBA} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110312,6901,0,8,0
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {C64D20CC-0BD4-492B-B0F9-BAFDC3080214} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US714&p={SearchTerms}
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
DPF: HKLM-x32 {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} http://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Plugin-x32: @lenovo.com/dueng,version=2.0 -> C:\windows\system32\lenovo\update\npdueng.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325291&octid=EB_ORIGINAL_CTID&ISID=M43713BE0-A59A-4875-BD80-F63B2B43D3AC&SearchSource=55&CUI=&UM=2&UP=SP64FB2FAD-0EBC-4EFF-9CAD-481023719784&SSPV="
CHR DefaultSearchKeyword: Default -> 7D83861F138866B6592F6F8378C4F935DD84D31EBE30952A296E0583B266F1D9
CHR DefaultSearchURL: Default -> 7A184B99749167D742970A91A9F295B83726A3571CC9D4635511344A0B80C8DD
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 catchme; No ImagePath
 C:\Users\Jfre\Downloads\UMPlayerSetup (2).exe
C:\windows\EReg072.dat
C:\ProgramData\McAfee Security Scan
C:\Users\Jfre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll
Task: {18644ACB-0173-4DA5-8103-ED25FD31F432} - System32\Tasks\RegistryBooster Maintenance => C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe [2013-11-11] (Uniblue Systems Limited)
Task: {34607D90-ADE8-40A1-99C0-CB75EFE35A8B} - System32\Tasks\DSite => C:\Users\Jfre\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A7E55857-7A2C-4461-9E43-614C597B901A} - \PastaQuotes No Task File <==== ATTENTION
Task: {DA519EC6-040E-4F0F-8E0A-BB3D605F96C0} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-05-27] () <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegistryBooster Maintenance.job => C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
2014-09-15 15:08 - 2014-09-15 15:08 - 00043008 _____ () c:\users\jfre\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll
AlternateDataStreams: C:\ProgramData\Temp:72EAE23D
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname.eml:OECustomProperty
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

Step 2:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

 

Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

 

How is the system and browsers running now?  PastaQuotes and Trovi problem ?

 

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 16 September 2014 - 10:33 AM

Thank you for your assistance! the loading is still a bit sluggish and opening things isn't as fast as I'm used to, but it's an improvement from what it was. If there are any further suggestions that you can make I would appreciate that. 

 

Here are the logs from what I did today:

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by Jfre at 2014-09-16 09:20:44 Run:1
Running from C:\Users\Jfre\Downloads\FSRT
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Program Files\pcreg\pcreg.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C64D20CC-0BD4-492B-B0F9-BAFDC3080214} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US714&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=157&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {C64D20CC-0BD4-492B-B0F9-BAFDC3080214} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US714&p={SearchTerms}
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
DPF: HKLM-x32 {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} http://consumersupport.lenovo.com/us/en/SmartDownloading/cab/npdueng.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
FF Plugin-x32: @lenovo.com/dueng,version=2.0 -> C:\windows\system32\lenovo\update\npdueng.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325291&octid=EB_ORIGINAL_CTID&ISID=M43713BE0-A59A-4875-BD80-F63B2B43D3AC&SearchSource=55&CUI=&UM=2&UP=SP64FB2FAD-0EBC-4EFF-9CAD-481023719784&SSPV="
CHR DefaultSearchKeyword: Default -> 7D83861F138866B6592F6F8378C4F935DD84D31EBE30952A296E0583B266F1D9
CHR DefaultSearchURL: Default -> 7A184B99749167D742970A91A9F295B83726A3571CC9D4635511344A0B80C8DD
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 catchme; No ImagePath
 C:\Users\Jfre\Downloads\UMPlayerSetup (2).exe
C:\windows\EReg072.dat
C:\ProgramData\McAfee Security Scan
C:\Users\Jfre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll
Task: {18644ACB-0173-4DA5-8103-ED25FD31F432} - System32\Tasks\RegistryBooster Maintenance => C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe [2013-11-11] (Uniblue Systems Limited)
Task: {34607D90-ADE8-40A1-99C0-CB75EFE35A8B} - System32\Tasks\DSite => C:\Users\Jfre\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A7E55857-7A2C-4461-9E43-614C597B901A} - \PastaQuotes No Task File <==== ATTENTION
Task: {DA519EC6-040E-4F0F-8E0A-BB3D605F96C0} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe [2014-05-27] () <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegistryBooster Maintenance.job => C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
2014-09-15 15:08 - 2014-09-15 15:08 - 00043008 _____ () c:\users\jfre\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll
AlternateDataStreams: C:\ProgramData\Temp:72EAE23D
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Jfre\Downloads\noname.eml:OECustomProperty
end
*****************
 
C:\Program Files\pcreg\pcreg.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{98255D1A-9267-440B-9040-283CF94E6CBA}" => Key deleted successfully.
"HKCR\CLSID\{98255D1A-9267-440B-9040-283CF94E6CBA}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C64D20CC-0BD4-492B-B0F9-BAFDC3080214}" => Key deleted successfully.
"HKCR\CLSID\{C64D20CC-0BD4-492B-B0F9-BAFDC3080214}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => value deleted successfully.
"HKCR\CLSID\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\gopher" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{79eac9e4-baf9-11ce-8c82-00aa004ba90b}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@lenovo.com/dueng,version=2.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
McComponentHostService => Service not found.
catchme => Service deleted successfully.
C:\Users\Jfre\Downloads\UMPlayerSetup (2).exe => Moved successfully.
C:\windows\EReg072.dat => Moved successfully.
"C:\ProgramData\McAfee Security Scan" => File/Directory not found.
"C:\Users\Jfre\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18644ACB-0173-4DA5-8103-ED25FD31F432}" => Key not found.
C:\Windows\System32\Tasks\RegistryBooster Maintenance not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryBooster Maintenance" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34607D90-ADE8-40A1-99C0-CB75EFE35A8B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34607D90-ADE8-40A1-99C0-CB75EFE35A8B}" => Key deleted successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7E55857-7A2C-4461-9E43-614C597B901A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7E55857-7A2C-4461-9E43-614C597B901A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA519EC6-040E-4F0F-8E0A-BB3D605F96C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA519EC6-040E-4F0F-8E0A-BB3D605F96C0}" => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\windows\Tasks\RegistryBooster Maintenance.job not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"c:\users\jfre\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp33mfqy.dll" => File/Directory not found.
C:\ProgramData\Temp => ":72EAE23D" ADS removed successfully.
C:\Users\Jfre\Downloads\noname (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Jfre\Downloads\noname (2).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Jfre\Downloads\noname (3).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Jfre\Downloads\noname (4).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Jfre\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
 
==== End of Fixlog ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jfre on Tue 09/16/2014 at 10:15:09.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\asktoolbar_StubInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1540_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1540_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\asktoolbar_StubInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1540_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\YontooSetup-DropDownDeals-SilentInstaller-1540_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1[1]_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pchealthboost"
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{03589C9F-B538-4E72-9E60-0580C456C06C}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{05599A11-502B-4FB3-AD9D-F2D49AEDAB2A}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{05FF7479-A612-487E-BB28-BB2F36C56D4D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{06BF44F2-56F2-42F7-AD3A-625675F982FA}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{075EC5D8-DA74-4707-B43A-74AD405666D7}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{0789F2DC-1CFC-450C-AD66-F91068F3357D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{07D5ADF7-55EC-4D6B-83A6-F206CB2DFABE}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{08251A48-BF2A-4F64-B93A-F463055F9DEF}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{08BAF932-1CBB-4A6A-A3D3-0D6F89305A44}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{0A8CBA4D-D162-40E9-ADD4-50E03B4248CF}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{0C0A19D8-3C65-44CD-A860-B91C59AC02D1}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{0C3C1505-1846-4F12-9770-C54BDD75D63A}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{0C89580A-7DEB-4919-BE1A-24D8F2E447F8}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{0D30C64F-43D1-46FA-9F6F-B4ECB80B106D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{0E773EEB-87FA-4AF3-AE31-DC1C13675583}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{10E5A1BB-8F66-438E-A871-EA2CE7A17281}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{10EAC35D-C1ED-4924-A57B-4E9B1410366C}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{1176A2C7-40C0-4697-807A-27F1E18471D9}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{1256C2D8-BA14-4A8F-BDC3-12FC705280A3}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{16A639E5-D085-4F42-BABF-0CF97BAB7941}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{1859B164-7B14-4E35-880C-5C0D151C0054}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{1BEC9D98-73D5-4C7D-A2DA-74DD5FBD284B}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{21B64AB1-2949-4551-8D62-447D7D7BA88D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{2318B176-B763-4C29-AA3B-6F3E7217A58C}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{235F7A55-5482-434E-B24A-5E273462FC24}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{2C5E28B9-DB15-4D3C-A020-034AAC96ABEA}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{2D8E3887-D324-446E-B076-320606379E72}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{30F324EE-8620-4C05-8F03-14295E734D89}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{31E75850-5869-406C-A35B-F34E4DD72A3D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{343F4B0D-B0C2-4F21-B9F9-13412ECA0601}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{3531108F-57CE-4D03-AE52-708154F0FA13}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{37BB75CA-0519-46F0-8B0A-5A7BD5017608}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{383AEB92-634F-4E0C-8DC8-AEE6FDC7B46D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{3879125E-60A2-43E9-9A10-2A100E23E9E8}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{389863FD-4E16-4186-90B6-F9127CC0094C}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{39548BB8-7BAD-4333-A976-C773590722FB}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{39F4C2BD-96DC-4652-96D9-586BDA7DAF1E}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{3A549FA3-0586-4291-80E7-F266C8B0B3F2}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{3BF5CEF2-9C12-4A8C-942C-1B72C76F471D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{3D842680-FC3C-4FBA-9B3F-9C118455BB59}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{3F629E7B-6EC5-4711-BC64-61AAF84A1E06}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{4280A69D-2297-41E1-9F85-E11164897055}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{442B7638-6C66-4CD0-9F1D-19EB97F265E8}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{462705C2-67A4-42D9-8D3A-2C68BCB3C60F}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{468A455D-985D-4CC0-ADDF-4B1E70401565}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{46A6CA4A-3FAE-451A-B258-0D2EDB2FB10E}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{47E9A88D-6928-49AB-98AA-F367BA9B4058}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{4850D325-7048-46A5-BF65-7CEF27A98BAB}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{48B44995-BDF2-4825-B234-FE2E2C90DA68}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{4947D2D6-C0FA-48ED-A70D-7731335D9C98}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{4BE49C2B-5614-4A4D-A8D4-C9679F583EBE}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{4C3DB3F2-3DAC-4AFF-998B-2D9DB2CEB172}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{4CBA9220-0876-4165-9733-1000FD1F0F59}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{528D2282-F3A4-454D-B278-711910E6AAF5}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{52F78684-404C-49B1-843A-65607BE97613}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{53593921-9A9D-49CB-8459-A71BC6C80FC7}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{55B07F6E-8C0C-489A-8811-CA71D4936CE3}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{56880C26-3D8E-4EB2-8097-5501456FC431}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{5782938E-E2AF-4875-9848-0521B079F182}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{5BC9EAAC-9B2D-41B7-A6C5-F74B0FBC0A22}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{5CCDD3B4-C3B7-40B2-8183-AF8F0A95A414}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{5D89BD07-EA7D-46B5-AE28-AA3169C58C8E}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{5DCDA256-98D0-470F-A0C2-785F1F6E6FB3}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{5DD04400-CCCF-4094-B756-E8FDE58C4CC8}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{5DF51A98-20EC-4D25-8A00-C6208E737749}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{622F23AE-1E3B-4057-84B5-083605E54332}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{638B2FCB-6F68-4C9A-B319-2F025866B543}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{66C8C6A0-E078-4F77-A2FB-A52693CD9524}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{67CA4E14-0327-4A93-B7A4-83FD7A5AACDC}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{684643C3-E4AD-4493-B232-F0F00E43EAC0}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{6A394DDB-7DD1-45FF-8614-BB7CDCF17B21}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{6BD88E06-16E7-48B1-95E5-2FB56A3D51D5}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{7219B86B-55DF-4BE0-8F44-7E91AF49F491}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{73E8BCD2-06F5-4F31-B048-5DFD7FF086B9}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{77D55184-E054-48BB-A982-D2316C7F615D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{7A34F101-6E20-4AB4-A800-F12BB862BB38}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{7B38AD94-28E7-4152-B6FA-6A7420752DC7}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{7C06BE83-693E-4C43-B0F8-5CAF1C96C99D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{7CC6376F-384B-491E-BDE8-06C758A1C7F2}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{7EB0E80D-0EC4-4EC3-8BDB-6E9CC2CE4C7C}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{80F74C0B-ADBA-42D4-B6A4-2B7D24B60D3C}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{81EF7828-3F24-4995-9BBC-0F9B9EE01464}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{83AE34EC-8284-4443-A0B2-A8078174820F}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{83F8CD4F-9B0F-489D-A01C-06D54CC04466}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{878CE82C-B585-4E7A-A3B6-B13BB48E31BF}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{886B666A-077C-4FFA-80F0-CBD2E8416AC6}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{8AFD3B2C-FE91-4418-A431-27A6968423DC}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{8C3CD933-86B4-4312-9CEC-1BC20CF73F79}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{8E016E1D-0912-4643-9770-B0282DF254B1}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{8E8B9BF7-D95C-47B1-9FA0-19F8CD21A245}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{912E826E-3665-40FC-B75F-1A949BBADC23}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{920EB7BF-33DF-45A7-9F77-20BFD05A0010}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{95B40473-F3F1-47F4-9B67-1235E098AA73}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{9671C183-37D3-457F-BAAE-6DDA2BDF49EB}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{97A73C76-0F70-4FDD-8730-09E509396539}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{98EC2435-E7EE-42D4-853E-51793E3B5C4F}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{9AE48C41-61DB-4682-BB9D-5BE73D8AC3BA}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{A07F90C3-D0FB-4498-B362-5AA82A31C1A6}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{A0BCF223-A200-4DC8-B47F-E6FC3FEF8EE9}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{A29C3086-965F-45D9-89D4-65333CB48EEC}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{A2D9AE0C-16CB-4E05-8C93-4697E87BAF62}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{A3755400-73A7-44B4-870B-0B7B4A498648}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{A5487CE4-CE2D-4EEC-988D-78323157C3AC}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{A9037DA2-A944-4414-9A50-987BCB2F6258}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{AE63DF79-1AB1-44C2-8FD7-09B3F16419D5}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{AF15C874-0985-4FEC-9BA3-FF761A751A33}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{B07C9E6A-4482-41DC-BA02-0417C8FF3D33}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{B695377D-2E5E-4099-881B-7445806DB033}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{BAF4D426-C352-498F-A100-C50D2EBF2EE5}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{BC408EFE-292D-474A-B7EE-05E2FB2A0317}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{BF667699-7597-44B7-B219-681B3CB7AD7F}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{C4826652-5923-4BB4-A592-93B6AAFB4006}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{C6889818-0725-4E5E-A867-D34AC6A49F1E}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{C9BB084B-E30F-4384-952E-26294C804D88}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{CB3A3833-8365-4702-9236-7A574F0206FA}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{CD410B38-7876-4545-AA0A-4417DA777549}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{CFD8CDCB-0F6F-499C-9DF5-FB4F1F546F0A}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{D2388989-893A-4312-8558-868EDDDF52FC}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{D3280DC5-7FF4-4C4E-A0D8-A67DE8340A8D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{D6C255AB-0DD5-444E-A2DC-0C10B6891A62}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{D73B0713-7AC8-492D-95A5-7B4FD2428F21}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{D7A2F3BD-DD52-41EA-B75F-5748FD90BE0A}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{D82E293E-3B35-426D-ACED-0AD0EF2C9402}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{DA7481B2-F467-49DC-92C3-D7D3DC830687}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{DCE84834-BFB3-4342-9456-90E17FEE4406}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{E03B1B82-1B24-4963-9BE0-C1658060162B}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{E125E694-328C-46F3-8A2D-7A2D1F4B353F}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{E33B45EB-5FB1-4E24-9091-70F67B86098D}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{E75E3B3A-8CEC-4FE3-9508-0AD0775A4983}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{EB8FBF84-8C04-48F9-A87B-3DCE22501423}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{ED5E51EB-A1DD-4E8E-9FE9-887C08CCDF03}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{EDAC9235-7D54-4FF8-94ED-FEFF9F49AED2}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{EE8BD8BB-B9EF-475E-90ED-A245A67CF93C}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{F12D1040-178E-41C5-8D16-5E07F0A28FC8}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{F7A7547E-0CF2-4B39-B7E8-30C6BC100934}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{FA3FA489-0AC2-4DF0-9C27-9403A82706FA}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{FAB048DC-60A6-47C4-A268-E42852F33361}
Successfully deleted: [Empty Folder] C:\Users\Jfre\appdata\local\{FD4C9323-0286-4180-9944-8B20B3D7ACF8}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/16/2014 at 10:22:27.33
End of JRT log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/16/2014
Scan Time: 10:24:34 AM
Logfile: MBAM09162014.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.16.04
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jfre
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362302
Time Elapsed: 39 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Again, I appreciate the work you do and the help that you give! Any further suggestions are also appreciated!
 
Cheers!
 
Jfre


#8 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 16 September 2014 - 06:13 PM

Hi 85strat, :hello:
 
Perfect
 
Please do the following.

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.00 (XI) to your PC's desktop.

  • Uninstall Adobe Reader X via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg
-------------------------------------------------

 

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

 

Java 7 Update 60

 

Now system reboot.

 

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

-----------------------------------------------

 

Run Eset Online Scan

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option "Scan Archives" and Remove found threats is ticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

-----------------------------------------------

 

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

 

Sincerely

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 16 September 2014 - 11:43 PM

Here are the results of both scans. They both had reports, which are as follows:

 

Hijack this -

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:37 AM, on 9/17/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17088)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jfre\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - Startup: Dropbox.lnk = Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\WPLauncher.hta
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://edrivers.lenovo.com.cn
O15 - Trusted Zone: http://support4.lenovo.com.cn
O15 - Trusted Zone: http://think.lenovo.com.cn
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: pcregservice Service (pcregservice) - Unknown owner - C:\Program Files\pcreg\pcreg.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 11218 bytes
 
 
esetscan - 
 
C:\FRST\Quarantine\C\Program Files\pcreg\pcreg.exe.xBAD a variant of Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application deleted - quarantined
C:\Users\Jfre\Desktop\ccsetup310.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\Jfre\Documents\dfsetup209.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\AA_v3.exe Win32/RemoteAdmin.Ammyy.A potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup326 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup328 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup328.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup407 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup414pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\dfsetup217.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\dfsetup218.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Jfre\Downloads\DownloadManagerSetup (1).exe a variant of Win32/InstallCore.BQ potentially unwanted application deleted - quarantined
C:\Users\Jfre\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.BQ potentially unwanted application deleted - quarantined
C:\Users\Jfre\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
 
escan was deleted after it was run, but hijack this was not. I await your further direction.
 
Jfre


#10 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 17 September 2014 - 07:43 AM

Hi 85strat,

Please do the following:

 

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X7\Programs\QFSCHD170.EXE"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - Startup: Dropbox.lnk = Jfre\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

 

--------------------------------------------------------------------------------------------------------------------------------------------------------

 

Thank you for your patience.

 

The problem solved. We can close this thread.

''Congratulations! You now appear clean!''
 
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
  •  

:step1: Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

:step2:  FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
 
NoScript
AdBlock Plus

:step3:  Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

:step4:  Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
:step5: One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:step6: ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

 

Sincerely :hello:


Edited by olgun52, 17 September 2014 - 07:45 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 85strat

85strat
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 17 September 2014 - 05:06 PM

Thank you for your patience and your assistance! I appreciate the work that you do and the fact that you DO this work!

 

Cheers!

 

Jfre



#12 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 17 September 2014 - 05:15 PM

Sincerely :thumbup2:

 

:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 18 September 2014 - 06:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users