Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advanced-System Protector and Slow PC


  • This topic is locked This topic is locked
17 replies to this topic

#1 matthew_andres

matthew_andres

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 02 October 2014 - 12:27 PM

I have been working on my dad's computer. He kept getting adware and spyware on his PC that would slow it down. He used Norton Antivirus for awhile. We have removed it and now are using Avast Free. I need help removing Advanced System Protector and any other infections on the PC. Any help would be appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280
Run by Owner at 22:21:27 on 2014-10-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.1220 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\ASP\AdvancedSystemProtector.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Glary Utilities 4\Integrator.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OnlineBackupScheduler] c:\program files\online backup\OnlineBackup.exe
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [Amazon Music] "c:\users\owner\appdata\local\amazon music\Amazon Music Helper.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\owner\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2B7AC37A-F8B6-44F3-84CC-35E71C04DBDA} : DHCPNameServer = 10.110.1.22 68.105.29.11 68.105.28.12
TCP: Interfaces\{D5ABEB93-E15A-4C7B-AB07-AB6CBC0C4CE4} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\pmnpcszv.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\pmnpcszv.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-9-21 860472]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-9-25 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-9-25 192352]
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2014-5-12 16064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-9-25 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-9-25 414520]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-2 37664]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2013-10-10 142648]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-9-25 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-9-25 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-9-25 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-9-25 50344]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-7-23 438616]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2014-2-17 5093216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-9-21 23256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-9-17 596992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-9-21 1809720]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-14 108032]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-21 110296]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-9-21 51928]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-8-30 1343400]
.
=============== Created Last 30 ================
.
2014-10-01 13:48:39    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{4021c2e2-e6c8-46f3-b2fc-a620b6425cdc}\offreg.dll
2014-10-01 02:49:25    8806800    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{4021c2e2-e6c8-46f3-b2fc-a620b6425cdc}\mpengine.dll
2014-09-30 17:48:22    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-26 17:17:35    --------    d-----w-    c:\users\owner\appdata\roaming\Systweak
2014-09-26 17:17:12    --------    d-----w-    c:\programdata\Systweak
2014-09-26 17:17:10    --------    d-----w-    c:\program files\ASP
2014-09-26 17:17:08    17136    ----a-w-    c:\windows\system32\sasnative32.exe
2014-09-26 17:13:31    --------    d-----w-    c:\users\owner\appdata\roaming\ASP
2014-09-26 01:26:39    --------    d-----w-    c:\users\owner\appdata\roaming\AVAST Software
2014-09-26 01:21:01    71944    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-09-26 01:21:00    779536    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-09-26 01:21:00    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-09-26 01:21:00    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-09-26 01:20:59    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-09-26 01:20:58    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-09-26 01:20:58    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-09-26 01:20:53    43152    ----a-w-    c:\windows\avastSS.scr
2014-09-26 01:13:31    --------    d-----w-    c:\program files\AVAST Software
2014-09-26 01:07:29    --------    d-----w-    c:\programdata\AVAST Software
2014-09-25 02:03:54    17752    ----a-w-    c:\windows\system32\roboot.exe
2014-09-25 02:03:52    --------    d-----w-    c:\program files\Tuneup Pro
2014-09-25 02:03:13    --------    d-----w-    c:\users\owner\appdata\roaming\Tuneup Pro
2014-09-24 18:09:34    8806800    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-09-24 18:08:55    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-23 02:25:48    447704    ----a-w-    c:\windows\system32\drivers\n360\1506000.020\symnets.sys
2014-09-23 02:25:46    209624    ----a-w-    c:\windows\system32\drivers\n360\1506000.020\ironx86.sys
2014-09-23 02:25:29    30068    ----a-w-    c:\windows\system32\drivers\n360\1506000.020\symvtcer.dat
2014-09-23 02:25:29    --------    d-----w-    c:\windows\system32\drivers\n360\1506000.020
2014-09-21 15:25:43    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-21 15:23:33    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-21 15:23:33    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-21 15:23:32    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-21 15:23:29    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-09-15 00:34:05    --------    d-----w-    C:\FRST
2014-09-14 14:49:00    33512    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-09-14 14:48:42    --------    d-----w-    c:\programdata\RogueKiller
2014-09-14 08:13:30    2285056    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-12 13:18:27    --------    d-----w-    C:\5d8c319030ce87b8f7462ff30535
2014-09-12 09:43:10    227728    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-09-11 14:34:54    793600    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-11 14:32:52    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-11 14:32:52    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-11 14:29:22    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-11 14:18:41    445952    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-11 14:18:37    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-09-02 03:32:36    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-09-02 03:32:36    2352640    ----a-w-    c:\windows\system32\win32k.sys
2014-09-02 03:27:11    2425856    ----a-w-    c:\windows\system32\wucltux.dll
2014-09-02 03:26:43    92672    ----a-w-    c:\windows\system32\wudriver.dll
2014-09-02 03:26:29    33792    ----a-w-    c:\windows\system32\wuapp.exe
2014-09-02 03:26:29    179656    ----a-w-    c:\windows\system32\wuwebv.dll
.
==================== Find3M  ====================
.
2014-09-24 18:42:26    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 18:42:26    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-09-15 14:06:04    231568    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-18 22:08:55    4232704    ----a-w-    c:\windows\system32\jscript9.dll
2014-08-18 21:57:44    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-08-18 21:44:44    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24    597504    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54    2014208    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    c:\windows\system32\wininet.dll
2014-07-25 07:35:46    875688    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 01:42:02    654336    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-09 01:29:32    6144    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 01:29:31    6144    ----a-w-    c:\windows\system32\KBDBASH.DLL
.
============= FINISH: 22:22:51.12 ===============
 

Attached Files


Edited by matthew_andres, 02 October 2014 - 12:34 PM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 02 October 2014 - 02:21 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 03 October 2014 - 01:10 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by Owner (administrator) on OWNER-PC on 03-10-2014 13:00:39
Running from C:\Users\Owner\Desktop\Matt's Utilities
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Systweak) C:\Program Files\ASP\AdvancedSystemProtector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SwapDrive, Inc.) C:\Program Files\Online Backup\OnlineBackup.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
() C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 4\Integrator.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files\Quicken\qw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-08-02] (Realtek Semiconductor)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-25] (AVAST Software)
HKU\S-1-5-21-3369783558-2446742346-2294043868-1000\...\Run: [OnlineBackupScheduler] => C:\Program Files\Online Backup\OnlineBackup.exe [594760 2013-12-12] (SwapDrive, Inc.)
HKU\S-1-5-21-3369783558-2446742346-2294043868-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3369783558-2446742346-2294043868-1000\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default\searchplugins\safesearch.xml
FF Extension: Garmin Communicator - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-04-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-25]
 
Chrome: 
=======
CHR CustomProfile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-25]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-25]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-25]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-14] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-25] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-25] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-20] (AVG Technologies)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-04-13] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-02 22:27 - 2014-10-02 22:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-01 22:23 - 2014-10-01 22:25 - 00017283 _____ () C:\Users\Owner\Desktop\dds.txt
2014-10-01 22:23 - 2014-10-01 22:23 - 00013363 _____ () C:\Users\Owner\Desktop\attach.txt
2014-10-01 22:01 - 2014-10-01 22:01 - 00896048 _____ () C:\Users\Owner\Downloads\Norton_Removal_Tool.exe
2014-10-01 21:47 - 2014-10-01 21:48 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-30 21:43 - 2014-09-30 21:47 - 00438627 _____ () C:\Users\Owner\Downloads\NPE(19).exe
2014-09-30 12:48 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 11:55 - 2014-09-30 11:55 - 00036386 _____ () C:\Users\Owner\Downloads\NPE(18).exe
2014-09-30 11:48 - 2014-09-30 11:50 - 00036385 _____ () C:\Users\Owner\Downloads\NPE(17).exe
2014-09-27 15:59 - 2014-09-27 15:59 - 03060320 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE(16).exe
2014-09-26 12:17 - 2014-09-26 12:17 - 00001003 _____ () C:\Users\Public\Desktop\Advanced-System Protector.lnk
2014-09-26 12:17 - 2014-09-26 12:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Systweak
2014-09-26 12:17 - 2014-09-26 12:17 - 00000000 ____D () C:\ProgramData\Systweak
2014-09-26 12:17 - 2014-09-26 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
2014-09-26 12:17 - 2014-09-26 12:17 - 00000000 ____D () C:\Program Files\ASP
2014-09-26 12:17 - 2012-07-25 12:03 - 00017136 _____ () C:\Windows\system32\sasnative32.exe
2014-09-26 12:13 - 2014-09-26 12:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ASP
2014-09-26 12:12 - 2014-09-26 12:12 - 00187016 _____ () C:\Windows\Minidump\092614-19936-01.dmp
2014-09-25 20:26 - 2014-09-25 20:26 - 00002123 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-25 20:26 - 2014-09-25 20:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-09-25 20:26 - 2014-09-25 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-25 20:25 - 2014-09-25 20:25 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 20:25 - 2014-09-25 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-25 20:21 - 2014-10-03 12:33 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 20:21 - 2014-10-02 23:01 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 20:21 - 2014-09-25 20:25 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-25 20:20 - 2014-09-25 20:20 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-25 20:20 - 2014-09-25 20:20 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-25 20:20 - 2014-09-25 20:20 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-25 20:20 - 2014-09-25 20:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-25 20:20 - 2014-09-25 20:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-25 20:13 - 2014-09-25 20:13 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-25 20:07 - 2014-09-25 20:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-25 20:07 - 2014-09-25 20:07 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online(1).exe
2014-09-25 19:47 - 2014-09-25 19:47 - 00001132 _____ () C:\Users\Owner\Desktop\Live PC Help.lnk
2014-09-24 21:04 - 2014-10-02 21:45 - 00000256 _____ () C:\Windows\Tasks\Tuneup Pro_DEFAULT.job
2014-09-24 21:04 - 2014-10-01 21:04 - 00000264 _____ () C:\Windows\Tasks\Tuneup Pro_UPDATES.job
2014-09-24 21:03 - 2014-10-02 21:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Tuneup Pro
2014-09-24 21:03 - 2014-09-24 21:03 - 00000988 _____ () C:\Users\Public\Desktop\Tuneup Pro.lnk
2014-09-24 21:03 - 2014-09-24 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuneup Pro
2014-09-24 21:03 - 2014-09-24 21:03 - 00000000 ____D () C:\Program Files\Tuneup Pro
2014-09-24 21:03 - 2014-09-12 18:47 - 00017752 _____ () C:\Windows\system32\roboot.exe
2014-09-24 16:46 - 2014-09-24 16:46 - 00036454 _____ () C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-09-24 16:26 - 2014-09-24 16:26 - 01322800 _____ () C:\Windows\Minidump\092414-13010-01.dmp
2014-09-24 13:33 - 2014-09-24 13:33 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-24 13:33 - 2014-09-24 13:33 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-24 13:33 - 2014-09-24 13:33 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-24 13:08 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:14 - 2014-09-24 09:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2014-09-23 09:23 - 2014-09-23 09:23 - 00135424 _____ () C:\Windows\Minidump\092314-47377-01.dmp
2014-09-22 11:43 - 2014-09-22 11:43 - 00020625 _____ () C:\ComboFix.txt
2014-09-21 10:25 - 2014-09-21 10:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 10:24 - 2014-09-21 10:24 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-21 10:23 - 2014-09-23 12:21 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-21 10:23 - 2014-05-12 08:05 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-21 10:23 - 2014-05-12 08:05 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-21 10:23 - 2014-05-12 08:05 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 21:35 - 2014-09-18 21:48 - 00077314 _____ () C:\Users\Owner\Downloads\NPE(15).exe
2014-09-18 12:30 - 2014-09-18 12:31 - 00036386 _____ () C:\Users\Owner\Downloads\NPE(14).exe
2014-09-18 12:30 - 2014-09-18 12:30 - 00000000 _____ () C:\Users\Owner\Downloads\NPE(13).exe
2014-09-14 19:34 - 2014-10-03 13:00 - 00000000 ____D () C:\FRST
2014-09-14 19:17 - 2014-09-14 19:17 - 01373475 _____ () C:\Users\Owner\Downloads\AdwCleaner(1).exe
2014-09-14 09:49 - 2014-09-14 09:49 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-14 09:48 - 2014-09-14 09:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 09:47 - 2014-09-14 09:47 - 04859480 _____ () C:\Users\Owner\Downloads\RogueKiller.exe
2014-09-14 03:18 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 03:18 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 03:18 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 03:18 - 2014-08-18 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 03:18 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 03:18 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 03:18 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 03:18 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 03:18 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 03:18 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 03:18 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 03:18 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 03:18 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 03:18 - 2014-08-18 16:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 03:18 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 03:18 - 2014-08-18 16:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 03:18 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 03:18 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 03:18 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 03:18 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 03:18 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 03:18 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 03:18 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 03:18 - 2014-08-18 16:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 03:18 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 03:18 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 03:18 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 03:18 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 03:17 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 03:17 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 03:13 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 08:29 - 2014-09-12 08:29 - 00190608 _____ () C:\Windows\Minidump\091214-36051-01.dmp
2014-09-12 08:18 - 2014-09-12 08:20 - 00000000 ____D () C:\5d8c319030ce87b8f7462ff30535
2014-09-11 09:34 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 09:32 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 09:32 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 09:29 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 09:18 - 2014-09-04 20:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 09:18 - 2014-09-04 20:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-06 23:34 - 2014-09-06 23:34 - 03077584 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE(12).exe
2014-09-03 05:23 - 2014-09-03 05:24 - 00187176 _____ () C:\Windows\Minidump\090314-34757-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-03 13:00 - 2014-05-12 12:17 - 00000000 ____D () C:\Users\Owner\Desktop\Matt's Utilities
2014-10-03 12:52 - 2013-08-30 19:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 12:41 - 2013-08-30 19:45 - 01996548 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 08:32 - 2013-09-02 08:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-02 21:57 - 2014-07-26 20:08 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-10-02 21:56 - 2014-07-26 19:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-02 21:56 - 2009-07-13 23:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 21:56 - 2009-07-13 23:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 21:47 - 2014-05-12 12:20 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-10-02 21:47 - 2014-05-12 12:20 - 00000000 ____D () C:\Program Files\Glary Utilities 4
2014-10-02 21:46 - 2014-05-13 12:24 - 00009730 _____ () C:\Windows\setupact.log
2014-10-02 21:46 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 22:10 - 2014-05-21 10:13 - 00161062 _____ () C:\Windows\PFRO.log
2014-09-30 20:54 - 2014-05-12 12:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskDefrag
2014-09-30 13:17 - 2013-09-01 19:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-27 16:13 - 2013-11-04 16:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-09-27 16:03 - 2014-06-04 13:15 - 00000000 ____D () C:\NPE
2014-09-26 16:49 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 14:41 - 2014-02-07 16:18 - 00000000 ____D () C:\Program Files\sp
2014-09-26 12:13 - 2009-07-13 23:53 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 12:12 - 2013-12-27 14:07 - 00000000 ____D () C:\Windows\Minidump
2014-09-26 12:12 - 2013-12-27 14:06 - 224625447 _____ () C:\Windows\MEMORY.DMP
2014-09-25 20:25 - 2014-03-25 09:41 - 00000000 ____D () C:\Program Files\Google
2014-09-24 14:56 - 2013-08-31 19:59 - 00000000 ____D () C:\ProgramData\Norton
2014-09-24 13:42 - 2013-08-30 19:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 13:42 - 2013-08-30 19:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 13:42 - 2013-08-30 19:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-09-24 13:36 - 2013-08-30 19:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 13:36 - 2013-08-30 19:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-24 13:33 - 2013-08-30 19:42 - 00000000 ____D () C:\Program Files\Adobe
2014-09-24 13:33 - 2013-08-30 19:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-24 13:33 - 2013-08-30 19:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-09-24 13:25 - 2010-11-20 16:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 21:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-23 12:21 - 2014-05-12 13:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 12:21 - 2014-05-12 13:35 - 00000000 ____D () C:\Qoobox
2014-09-23 12:21 - 2014-05-12 12:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-23 12:21 - 2014-05-12 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-23 12:21 - 2014-05-12 12:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-23 12:21 - 2013-09-27 23:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-09-23 12:21 - 2013-08-31 20:38 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-09-23 12:21 - 2010-11-20 19:46 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-23 12:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-23 12:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-09-23 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-23 11:19 - 2013-08-31 10:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-23 09:46 - 2013-08-30 19:46 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-23 09:23 - 2013-08-30 17:50 - 00000000 ____D () C:\Users\Owner
2014-09-21 10:41 - 2013-08-30 19:23 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-09-18 23:23 - 2014-07-26 20:08 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2014-09-18 23:23 - 2014-07-26 20:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 23:01 - 2014-05-12 12:17 - 00000000 ____D () C:\Program Files\Defraggler
2014-09-15 09:47 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-15 09:06 - 2013-08-30 18:10 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 19:23 - 2013-09-27 21:21 - 00000000 ____D () C:\AdwCleaner
2014-09-14 17:16 - 2009-07-13 23:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-14 03:16 - 2013-09-01 06:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 03:09 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsic013.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 16:07
 
==================== End Of Log ============================


#4 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 03 October 2014 - 01:11 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2014
Ran by Owner at 2014-10-03 13:02:20
Running from C:\Users\Owner\Desktop\Matt's Utilities
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced-System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.13727 - Systweak Software)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Desktop Calendar 7.0.0.6 Retail (HKLM\...\DesktopCalendar2ndGeneration_is1) (Version: 7.0.0.6 - Tinnes Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Free Photo Viewer (HKLM\...\Free Photo Viewer_is1) (Version: 1.2 - 10-Strike Software)
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Glary Utilities 4.10 (HKLM\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Backup (HKLM\...\Online Backup) (Version: 2.33 - www.backup.com)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
QuickShare (HKLM\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Social Privacy DNS (HKLM\...\dnsshield) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Tuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
23-09-2014 16:19:15 Removed Belkin F7D1101 Basic Wireless USB Adapter
24-09-2014 18:08:55 Windows Update
25-09-2014 08:00:28 Windows Update
26-09-2014 01:13:10 avast! antivirus system restore point
27-09-2014 21:08:07 Norton_Power_Eraser_20140927160803589
01-10-2014 02:48:10 Windows Update
01-10-2014 08:00:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-05-12 14:10 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02D58134-8D33-4A1D-8312-8B87EA429590} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {11D8E0E6-0612-45DB-9377-2568E6DBB509} - System32\Tasks\GlaryInitialize 4 => C:\Program Files\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)
Task: {145A7248-DD30-4134-BF43-729A6223048C} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {168F14FE-3977-4504-A6FC-17C9C1768F73} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe
Task: {2C2133AA-E3CB-48E9-94B9-4E5E9787E3EB} - System32\Tasks\Tuneup Pro_UPDATES => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-09-12] (Tuneup Pro)
Task: {2E31DADF-221D-43F6-9602-5F27C9DEC7B3} - System32\Tasks\Tuneup Pro_DEFAULT => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-09-12] (Tuneup Pro)
Task: {2E3F9BF0-5F6E-44A6-8293-026631EDA898} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {34F242E2-CDC3-4599-B09B-305683EF2E19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {37CEFCA7-029B-418E-B4F1-6307EFF3694D} - System32\Tasks\Tuneup Pro => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-09-12] (Tuneup Pro)
Task: {4BDFD425-1314-4CAE-9D4C-6A5E8F710816} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {526B8378-E2C0-4B67-963F-A35E3B1693B0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {612A42DC-B466-4F6F-B282-E9A156687C97} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {61C30084-A19B-4584-8EA8-B1EC174514F7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {7A49FDEC-4492-4A25-82E5-F96B9ABAFEE8} - System32\Tasks\GU4SkipUAC => C:\Program Files\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd)
Task: {924E86C3-A73B-4A89-815B-F1643D0D9B1C} - System32\Tasks\Advanced-System Protector_startup => C:\Program Files\ASP\AdvancedSystemProtector.exe [2014-08-25] (Systweak)
Task: {AC66676B-CEEE-4F5C-9684-0CB9AE218F93} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.5.0.19\WSCStub.exe
Task: {B2976C31-56DA-4282-B237-AF6083629464} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-25] (AVAST Software)
Task: {D7F5ADA1-42B7-4A13-B01C-0D8E9BE7DC4E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe
Task: {FD68BD09-079D-4567-9AC1-21AA8C1F6557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {FE3D0AB5-8FB8-46E7-B5E7-7E796A06C0CB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tuneup Pro_DEFAULT.job => C:\Program Files\Tuneup Pro\TuneupPro.exe
Task: C:\Windows\Tasks\Tuneup Pro_UPDATES.job => C:\Program Files\Tuneup Pro\TuneupPro.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-25 20:20 - 2014-09-25 20:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-02 11:35 - 2014-10-02 11:35 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100200\algo.dll
2014-10-02 21:59 - 2014-10-02 21:59 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100201\algo.dll
2014-10-03 08:32 - 2014-10-03 08:32 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2014-09-26 12:17 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files\ASP\System.Data.SQLite.dll
2014-09-26 12:17 - 2014-08-25 18:35 - 01730928 _____ () C:\Program Files\ASP\aspsys.dll
2014-09-25 20:20 - 2014-09-25 20:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-08 15:01 - 2012-03-06 09:26 - 00005632 _____ () C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.Gadget.Interop.dll
2013-09-08 15:01 - 2013-09-08 15:01 - 00182272 _____ () C:\Windows\assembly\GAC_MSIL\TinnesSoftware.DesktopCalendar\7.0.0.6__89bbe7d16a9a6d41\TinnesSoftware.DesktopCalendar.dll
2014-06-12 10:05 - 2014-07-01 13:58 - 03162944 _____ () C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-02 21:47 - 2014-10-02 21:47 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsic013.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-14 03:05 - 2014-04-14 03:05 - 00080160 _____ () C:\Program Files\Glary Utilities 4\zlib1.dll
2013-12-13 16:09 - 2013-12-13 16:09 - 00430888 _____ () C:\Program Files\Quicken\qw.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-10-02 22:27 - 2014-10-02 22:27 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3369783558-2446742346-2294043868-500 - Administrator - Disabled)
Guest (S-1-5-21-3369783558-2446742346-2294043868-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3369783558-2446742346-2294043868-1002 - Limited - Enabled)
Owner (S-1-5-21-3369783558-2446742346-2294043868-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
Name: I:\
Description: MS/MS-Pro       
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: F:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: H:\
Description: SM/xD Picture   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: G:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2014 09:47:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 09:21:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/02/2014 08:30:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11c4
 
Start Time: 01cfde3e8a5490b7
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 33431c82-4a38-11e4-be6a-b8ac6fe28f90
 
Error: (10/02/2014 01:14:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 11:23:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 10:11:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 10:18:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: qw.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at QuickenWindow.Controls.QuickenHostControl+<>c__DisplayClass5.<OnApplyTemplate>b__3()
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at QuickenWindow.Program.ShowMain()
   at QuickenWindow.Program.Main()
 
Error: (10/01/2014 09:40:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 09:23:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 08:51:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TuneupPro.exe version 1.8.72.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a6c
 
Start Time: 01cfdd2763f23a48
 
Termination Time: 1732
 
Application Path: C:\Program Files\Tuneup Pro\TuneupPro.exe
 
Report Id: eb76cf7e-4971-11e4-be91-b8ac6fe28f90
 
 
System errors:
=============
Error: (10/03/2014 10:36:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (10/03/2014 08:31:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/03/2014 08:31:22 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (10/02/2014 09:48:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MBAMService service hung on starting.
 
Error: (10/02/2014 09:47:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (10/02/2014 09:47:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (10/02/2014 09:47:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (10/02/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (10/02/2014 09:46:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (10/02/2014 09:44:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/02/2014 09:47:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 09:21:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\glary utilities 4\DPInst64.exe
 
Error: (10/02/2014 08:30:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1728011c401cfde3e8a5490b70C:\Program Files\Internet Explorer\iexplore.exe33431c82-4a38-11e4-be6a-b8ac6fe28f90
 
Error: (10/02/2014 01:14:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 11:23:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 10:11:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 10:18:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: qw.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at QuickenWindow.Controls.QuickenHostControl+<>c__DisplayClass5.<OnApplyTemplate>b__3()
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.Run()
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at QuickenWindow.Program.ShowMain()
   at QuickenWindow.Program.Main()
 
Error: (10/01/2014 09:40:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 09:23:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 08:51:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TuneupPro.exe1.8.72.87a6c01cfdd2763f23a481732C:\Program Files\Tuneup Pro\TuneupPro.exeeb76cf7e-4971-11e4-be91-b8ac6fe28f90
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 450 @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 2012.98 MB
Available physical RAM: 910.89 MB
Total Pagefile: 4025.97 MB
Available Pagefile: 2297.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:418.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E605FAC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 04 October 2014 - 09:15 AM

Hi,
please do the following:
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Advanced-System Protector
    QuickShare
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop. (Of course, I know you have downloaded it before, but please use the newest version.)
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3
 
Scan with mbam.pngMalwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 04 October 2014 - 12:51 PM

# AdwCleaner v3.311 - Report created 04/10/2014 at 12:47:44
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner(2).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuneup Pro
Folder Deleted : C:\Program Files\Tuneup Pro
Folder Deleted : C:\Users\Owner\AppData\Roaming\ASP
Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Owner\AppData\Roaming\Tuneup Pro
Folder Deleted : C:\Users\Richard and Barb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default\searchplugins\safesearch.xml
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Tuneup Pro
Task Deleted : Tuneup Pro_DEFAULT
Task Deleted : Tuneup Pro_UPDATES
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\Tuneup Pro
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\Tuneup Pro
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [36846 octets] - [27/09/2013 21:56:21]
AdwCleaner[R1].txt - [17809 octets] - [12/05/2014 12:59:37]
AdwCleaner[R2].txt - [1983 octets] - [14/09/2014 19:18:17]
AdwCleaner[R3].txt - [2457 octets] - [04/10/2014 12:43:11]
AdwCleaner[S0].txt - [37472 octets] - [27/09/2013 22:27:38]
AdwCleaner[S1].txt - [16606 octets] - [12/05/2014 13:01:20]
AdwCleaner[S2].txt - [2064 octets] - [14/09/2014 19:23:29]
AdwCleaner[S3].txt - [2418 octets] - [04/10/2014 12:47:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2478 octets] ##########


#7 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 04 October 2014 - 04:28 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/4/2014
Scan Time: 1:12:29 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.04.11
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344635
Time Elapsed: 17 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{8E9E3331-D360-4f87-8803-52DE43566502}, C:\Program Files\Updater By SweetPacks\Firefox, , [592ccc237dfe1224e25f65baba49e51b]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 04 October 2014 - 04:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by Owner (administrator) on OWNER-PC on 04-10-2014 16:29:13
Running from C:\Users\Owner\Desktop\Matt's Utilities
Loaded Profile: Owner (Available profiles: Owner)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SwapDrive, Inc.) C:\Program Files\Online Backup\OnlineBackup.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
() C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 4\Integrator.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12000984 2013-08-02] (Realtek Semiconductor)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-25] (AVAST Software)
HKU\S-1-5-21-3369783558-2446742346-2294043868-1000\...\Run: [OnlineBackupScheduler] => C:\Program Files\Online Backup\OnlineBackup.exe [594760 2013-12-12] (SwapDrive, Inc.)
HKU\S-1-5-21-3369783558-2446742346-2294043868-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-3369783558-2446742346-2294043868-1000\...\Run: [Amazon Music] => C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk *  BootDefrag.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default
FF SearchEngineOrder.1: Ask Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: Garmin Communicator - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-04-29]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-25]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR CustomProfile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-25]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-25]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-25]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-25]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-14] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-25] (AVAST Software)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-09-25] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-09-25] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-25] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-20] (AVG Technologies)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-04-13] (Glarysoft Ltd)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-10-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 12:55 - 2014-10-04 12:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-04 12:41 - 2014-10-04 12:41 - 01375089 _____ () C:\Users\Owner\Downloads\AdwCleaner(2).exe
2014-10-04 12:28 - 2014-10-04 12:28 - 00001226 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2014-10-04 12:28 - 2014-10-04 12:28 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-02 22:27 - 2014-10-02 22:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-01 22:23 - 2014-10-01 22:25 - 00017283 _____ () C:\Users\Owner\Desktop\dds.txt
2014-10-01 22:23 - 2014-10-01 22:23 - 00013363 _____ () C:\Users\Owner\Desktop\attach.txt
2014-10-01 22:01 - 2014-10-01 22:01 - 00896048 _____ () C:\Users\Owner\Downloads\Norton_Removal_Tool.exe
2014-10-01 21:47 - 2014-10-01 21:48 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-09-30 21:43 - 2014-09-30 21:47 - 00438627 _____ () C:\Users\Owner\Downloads\NPE(19).exe
2014-09-30 12:48 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 11:55 - 2014-09-30 11:55 - 00036386 _____ () C:\Users\Owner\Downloads\NPE(18).exe
2014-09-30 11:48 - 2014-09-30 11:50 - 00036385 _____ () C:\Users\Owner\Downloads\NPE(17).exe
2014-09-27 15:59 - 2014-09-27 15:59 - 03060320 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE(16).exe
2014-09-26 12:12 - 2014-09-26 12:12 - 00187016 _____ () C:\Windows\Minidump\092614-19936-01.dmp
2014-09-25 20:26 - 2014-09-25 20:26 - 00002123 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-25 20:26 - 2014-09-25 20:26 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-09-25 20:26 - 2014-09-25 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-25 20:25 - 2014-09-25 20:25 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 20:25 - 2014-09-25 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-25 20:21 - 2014-10-04 15:33 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 20:21 - 2014-10-04 13:02 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 20:21 - 2014-09-25 20:25 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-25 20:21 - 2014-09-25 20:20 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-25 20:20 - 2014-09-25 20:20 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-25 20:20 - 2014-09-25 20:20 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-25 20:20 - 2014-09-25 20:20 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-25 20:20 - 2014-09-25 20:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-25 20:20 - 2014-09-25 20:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-25 20:13 - 2014-09-25 20:13 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-25 20:07 - 2014-09-25 20:13 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-25 20:07 - 2014-09-25 20:07 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online(1).exe
2014-09-25 19:47 - 2014-09-25 19:47 - 00001132 _____ () C:\Users\Owner\Desktop\Live PC Help.lnk
2014-09-24 21:03 - 2014-09-24 21:03 - 00000988 _____ () C:\Users\Public\Desktop\Tuneup Pro.lnk
2014-09-24 16:46 - 2014-09-24 16:46 - 00036454 _____ () C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-09-24 16:26 - 2014-09-24 16:26 - 01322800 _____ () C:\Windows\Minidump\092414-13010-01.dmp
2014-09-24 13:33 - 2014-09-24 13:33 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-09-24 13:33 - 2014-09-24 13:33 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-09-24 13:33 - 2014-09-24 13:33 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-24 13:08 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:14 - 2014-09-24 09:14 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2014-09-23 09:23 - 2014-09-23 09:23 - 00135424 _____ () C:\Windows\Minidump\092314-47377-01.dmp
2014-09-22 11:43 - 2014-09-22 11:43 - 00020625 _____ () C:\ComboFix.txt
2014-09-21 10:25 - 2014-10-04 13:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 10:24 - 2014-10-04 13:00 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-21 10:23 - 2014-10-04 13:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-21 10:23 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-21 10:23 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-21 10:23 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-18 21:35 - 2014-09-18 21:48 - 00077314 _____ () C:\Users\Owner\Downloads\NPE(15).exe
2014-09-18 12:30 - 2014-09-18 12:31 - 00036386 _____ () C:\Users\Owner\Downloads\NPE(14).exe
2014-09-18 12:30 - 2014-09-18 12:30 - 00000000 _____ () C:\Users\Owner\Downloads\NPE(13).exe
2014-09-14 19:34 - 2014-10-04 16:29 - 00000000 ____D () C:\FRST
2014-09-14 19:17 - 2014-09-14 19:17 - 01373475 _____ () C:\Users\Owner\Downloads\AdwCleaner(1).exe
2014-09-14 09:49 - 2014-09-14 09:49 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-14 09:48 - 2014-09-14 09:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 09:47 - 2014-09-14 09:47 - 04859480 _____ () C:\Users\Owner\Downloads\RogueKiller.exe
2014-09-14 03:18 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-14 03:18 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-14 03:18 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-14 03:18 - 2014-08-18 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-14 03:18 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-14 03:18 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-14 03:18 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-14 03:18 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-14 03:18 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-14 03:18 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-14 03:18 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-14 03:18 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-14 03:18 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-14 03:18 - 2014-08-18 16:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-14 03:18 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-14 03:18 - 2014-08-18 16:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-14 03:18 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-14 03:18 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 03:18 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-14 03:18 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-14 03:18 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-14 03:18 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-14 03:18 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-14 03:18 - 2014-08-18 16:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-14 03:18 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-14 03:18 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-14 03:18 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-14 03:18 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-14 03:17 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-14 03:17 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-14 03:13 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 08:29 - 2014-09-12 08:29 - 00190608 _____ () C:\Windows\Minidump\091214-36051-01.dmp
2014-09-12 08:18 - 2014-09-12 08:20 - 00000000 ____D () C:\5d8c319030ce87b8f7462ff30535
2014-09-11 09:34 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 09:32 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 09:32 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 09:29 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 09:18 - 2014-09-04 20:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 09:18 - 2014-09-04 20:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-06 23:34 - 2014-09-06 23:34 - 03077584 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE(12).exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 16:29 - 2014-05-12 12:17 - 00000000 ____D () C:\Users\Owner\Desktop\Matt's Utilities
2014-10-04 16:03 - 2013-08-30 19:45 - 02050557 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 16:02 - 2013-08-30 19:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 13:09 - 2009-07-13 23:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 13:09 - 2009-07-13 23:34 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 13:03 - 2014-07-26 20:08 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-10-04 13:03 - 2014-07-26 19:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-10-04 13:02 - 2014-05-12 12:20 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-10-04 13:02 - 2014-05-12 12:20 - 00000000 ____D () C:\Program Files\Glary Utilities 4
2014-10-04 13:01 - 2014-05-13 12:24 - 00009898 _____ () C:\Windows\setupact.log
2014-10-04 13:01 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 12:48 - 2014-05-21 10:13 - 00161376 _____ () C:\Windows\PFRO.log
2014-10-04 12:47 - 2013-09-27 21:21 - 00000000 ____D () C:\AdwCleaner
2014-10-04 12:15 - 2013-09-02 08:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-30 20:54 - 2014-05-12 12:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DiskDefrag
2014-09-30 13:17 - 2013-09-01 19:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-09-27 16:13 - 2013-11-04 16:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2014-09-27 16:03 - 2014-06-04 13:15 - 00000000 ____D () C:\NPE
2014-09-26 16:49 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 14:41 - 2014-02-07 16:18 - 00000000 ____D () C:\Program Files\sp
2014-09-26 12:13 - 2009-07-13 23:53 - 00032616 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 12:12 - 2013-12-27 14:07 - 00000000 ____D () C:\Windows\Minidump
2014-09-26 12:12 - 2013-12-27 14:06 - 224625447 _____ () C:\Windows\MEMORY.DMP
2014-09-25 20:25 - 2014-03-25 09:41 - 00000000 ____D () C:\Program Files\Google
2014-09-24 14:56 - 2013-08-31 19:59 - 00000000 ____D () C:\ProgramData\Norton
2014-09-24 13:42 - 2013-08-30 19:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 13:42 - 2013-08-30 19:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 13:42 - 2013-08-30 19:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-09-24 13:36 - 2013-08-30 19:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 13:36 - 2013-08-30 19:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-24 13:33 - 2013-08-30 19:42 - 00000000 ____D () C:\Program Files\Adobe
2014-09-24 13:33 - 2013-08-30 19:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-24 13:33 - 2013-08-30 19:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-09-24 13:25 - 2010-11-20 16:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 21:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-23 12:21 - 2014-05-12 13:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-23 12:21 - 2014-05-12 13:35 - 00000000 ____D () C:\Qoobox
2014-09-23 12:21 - 2014-05-12 12:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-23 12:21 - 2014-05-12 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-23 12:21 - 2014-05-12 12:26 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-23 12:21 - 2013-09-27 23:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2014-09-23 12:21 - 2013-08-31 20:38 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2014-09-23 12:21 - 2010-11-20 19:46 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-23 12:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-23 12:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-09-23 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-23 11:19 - 2013-08-31 10:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-23 09:46 - 2013-08-30 19:46 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-23 09:23 - 2013-08-30 17:50 - 00000000 ____D () C:\Users\Owner
2014-09-21 10:41 - 2013-08-30 19:23 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-09-18 23:23 - 2014-07-26 20:08 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2014-09-18 23:23 - 2014-07-26 20:04 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 23:01 - 2014-05-12 12:17 - 00000000 ____D () C:\Program Files\Defraggler
2014-09-15 09:47 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-15 09:06 - 2013-08-30 18:10 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 17:16 - 2009-07-13 23:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-14 03:16 - 2013-09-01 06:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 03:09 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpde3lly.dll
C:\Users\Owner\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 16:07
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2014
Ran by Owner at 2014-10-04 16:30:24
Running from C:\Users\Owner\Desktop\Matt's Utilities
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Desktop Calendar 7.0.0.6 Retail (HKLM\...\DesktopCalendar2ndGeneration_is1) (Version: 7.0.0.6 - Tinnes Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Elevated Installer (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Free Photo Viewer (HKLM\...\Free Photo Viewer_is1) (Version: 1.2 - 10-Strike Software)
Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden
Glary Utilities 4.10 (HKLM\...\Glary Utilities 4) (Version: 4.10.0.100 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Backup (HKLM\...\Online Backup) (Version: 2.33 - www.backup.com)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7010 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Social Privacy DNS (HKLM\...\dnsshield) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Tuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3369783558-2446742346-2294043868-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
04-10-2014 17:29:43 Revo Uninstaller's restore point - Advanced-System Protector
04-10-2014 17:33:04 Revo Uninstaller's restore point - QuickShare
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-05-12 14:10 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02D58134-8D33-4A1D-8312-8B87EA429590} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {11D8E0E6-0612-45DB-9377-2568E6DBB509} - System32\Tasks\GlaryInitialize 4 => C:\Program Files\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd)
Task: {145A7248-DD30-4134-BF43-729A6223048C} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()
Task: {168F14FE-3977-4504-A6FC-17C9C1768F73} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe
Task: {2E3F9BF0-5F6E-44A6-8293-026631EDA898} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {34F242E2-CDC3-4599-B09B-305683EF2E19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {4BDFD425-1314-4CAE-9D4C-6A5E8F710816} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {526B8378-E2C0-4B67-963F-A35E3B1693B0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {612A42DC-B466-4F6F-B282-E9A156687C97} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {61C30084-A19B-4584-8EA8-B1EC174514F7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {7A49FDEC-4492-4A25-82E5-F96B9ABAFEE8} - System32\Tasks\GU4SkipUAC => C:\Program Files\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd)
Task: {AC66676B-CEEE-4F5C-9684-0CB9AE218F93} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.5.0.19\WSCStub.exe
Task: {B2976C31-56DA-4282-B237-AF6083629464} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-25] (AVAST Software)
Task: {D7F5ADA1-42B7-4A13-B01C-0D8E9BE7DC4E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.5.0.19\SymErr.exe
Task: {FD68BD09-079D-4567-9AC1-21AA8C1F6557} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {FE3D0AB5-8FB8-46E7-B5E7-7E796A06C0CB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-25 20:20 - 2014-09-25 20:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-04 12:29 - 2014-10-04 12:29 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100400\algo.dll
2014-09-25 20:20 - 2014-09-25 20:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-08 15:01 - 2012-03-06 09:26 - 00005632 _____ () C:\Program Files\Windows Sidebar\Shared Gadgets\desktopcalendar.gadget\bin\TinnesSoftware.Gadget.Interop.dll
2013-09-08 15:01 - 2013-09-08 15:01 - 00182272 _____ () C:\Windows\assembly\GAC_MSIL\TinnesSoftware.DesktopCalendar\7.0.0.6__89bbe7d16a9a6d41\TinnesSoftware.DesktopCalendar.dll
2014-06-12 10:05 - 2014-07-01 13:58 - 03162944 _____ () C:\Users\Owner\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-04 13:02 - 2014-10-04 13:02 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpde3lly.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-14 03:05 - 2014-04-14 03:05 - 00080160 _____ () C:\Program Files\Glary Utilities 4\zlib1.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3369783558-2446742346-2294043868-500 - Administrator - Disabled)
Guest (S-1-5-21-3369783558-2446742346-2294043868-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3369783558-2446742346-2294043868-1002 - Limited - Enabled)
Owner (S-1-5-21-3369783558-2446742346-2294043868-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
Name: I:\
Description: MS/MS-Pro       
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: F:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: H:\
Description: SM/xD Picture   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: G:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/04/2014 04:26:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/04/2014 01:02:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 00:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 00:29:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {81b5b538-ddc4-475d-8610-b8e1609cca01}
 
Error: (10/04/2014 00:16:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 09:47:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 09:21:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/02/2014 08:30:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11c4
 
Start Time: 01cfde3e8a5490b7
 
Termination Time: 0
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 33431c82-4a38-11e4-be6a-b8ac6fe28f90
 
Error: (10/02/2014 01:14:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 11:23:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/04/2014 04:02:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.
 
Error: (10/04/2014 01:04:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%1070
 
Error: (10/04/2014 01:04:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The SSDP Discovery service hung on starting.
 
Error: (10/04/2014 01:04:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Function Discovery Resource Publication service hung on starting.
 
Error: (10/04/2014 01:02:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (10/04/2014 01:02:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (10/04/2014 00:51:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MBAMService service hung on starting.
 
Error: (10/04/2014 00:49:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (10/04/2014 00:49:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (10/04/2014 00:49:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (10/04/2014 04:26:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\glary utilities 4\DPInst64.exe
 
Error: (10/04/2014 01:02:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 00:49:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2014 00:29:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {81b5b538-ddc4-475d-8610-b8e1609cca01}
 
Error: (10/04/2014 00:16:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 09:47:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 09:21:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\glary utilities 4\DPInst64.exe
 
Error: (10/02/2014 08:30:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1728011c401cfde3e8a5490b70C:\Program Files\Internet Explorer\iexplore.exe33431c82-4a38-11e4-be6a-b8ac6fe28f90
 
Error: (10/02/2014 01:14:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/01/2014 11:23:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 450 @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 2012.98 MB
Available physical RAM: 1244.23 MB
Total Pagefile: 4025.97 MB
Available Pagefile: 2864.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:434.87 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E605FAC9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 05 October 2014 - 02:59 PM

Hi,

Step 1


Please download the eset.pngESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 06 October 2014 - 10:22 AM

It keeps giving me the message:
Can not get updase. is proxy configured?

 

Image attached.

Attached Files



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 06 October 2014 - 03:25 PM

Hi,
please visit this link with Internet Explorer 11.

Does it work for you?

 

 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 10 October 2014 - 10:54 AM

Scan is working now. I will post when it is done.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 10 October 2014 - 10:56 AM

OK... :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 matthew_andres

matthew_andres
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 10 October 2014 - 12:34 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d42f46e6d58d564892724c0f80084729
# engine=20538
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-10 05:24:08
# local_time=2014-10-10 12:24:08 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 8238533 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 164506639 0 0
# scanned=108773
# found=76
# cleaned=0
# scan_time=2152
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=C1C547EE61E369232A71086B14C3DA1EA0F5DFEC ft=1 fh=2f7a5f77aa61c184 vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.12\hk64tbKeyB.dll.vir"
sh=F59FAFF6995AAE4B0EEED57F6035FE33CD92666F ft=1 fh=6dd03b204708c051 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.12\hktbKeyB.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.12\KeyBar_1.12ToolbarHelper.exe.vir"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.12\ldrtbKeyB.dll.vir"
sh=E4BE1B342006EF4CFBC51EC1D5CAEB94AFD9B032 ft=1 fh=5fb9d38220bce25d vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.12\prxtbKeyB.dll.vir"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\KeyBar_1.12\tbKeyB.dll.vir"
sh=C1C547EE61E369232A71086B14C3DA1EA0F5DFEC ft=1 fh=2f7a5f77aa61c184 vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V37\hk64tbMixi.dll.vir"
sh=F59FAFF6995AAE4B0EEED57F6035FE33CD92666F ft=1 fh=6dd03b204708c051 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V37\hktbMixi.dll.vir"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V37\ldrtbMixi.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V37\MixiDJ_V37ToolbarHelper.exe.vir"
sh=E4BE1B342006EF4CFBC51EC1D5CAEB94AFD9B032 ft=1 fh=5fb9d38220bce25d vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V37\prxtbMixi.dll.vir"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V37\tbMixi.dll.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\ChromeModule.dll.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\SPRunner.exe.vir"
sh=8202466E1DE3A815AB172AFF4383E4BD94278DCF ft=1 fh=89f70014390bbe76 vn="Win32/Conduit.SearchProtect.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\uninstall.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir"
sh=29F6BCB69217E5A7A554F41965EBAEB7BE2BAA11 ft=1 fh=9087372ffeaaadaf vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir"
sh=72A43056A8066C579454FDEBB3F96DB28BAE9E9C ft=1 fh=22d268527d187618 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir"
sh=8F8A63A594ACDF9DF91BE86C49BF1567F6042D93 ft=1 fh=217e1943b333fe65 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir"
sh=073E958F46935AD69F27A15E7AC05319DB801259 ft=1 fh=69669c94f288659b vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir"
sh=D3FCEFB397AF98813366D61802647E65A3D7BC18 ft=1 fh=10d28fcbcb14de99 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir"
sh=3122515D06647578A15FD45EF6718F53E3D2DDB8 ft=1 fh=223a9142e94aa61e vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir"
sh=AD1C3482B059F856D1963563DFD2DBFA11CD7AC0 ft=1 fh=735059e74d878d1f vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir"
sh=6D4E6AED389ACD0258E715FB68C9C3006BDF0969 ft=1 fh=5c436028b1ba18b9 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir"
sh=1A9AAB4DAD381CC00091B1836D186264C120433D ft=1 fh=1b628981af7edc5d vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir"
sh=1ED0C78C66085894E09B239C47C10C94E454F464 ft=1 fh=c0c0e9861e7b7102 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir"
sh=AF76FF7962A195B54F6FBFC726C761CEC254BAFA ft=1 fh=dbc065df8af52993 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir"
sh=D12C0ACC0DF0F629C895FF0A47FB99B573089B88 ft=1 fh=4c3eae06c32cd26b vn="Win32/Systweak.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Tuneup Pro\systweakasp.exe.vir"
sh=72C3DC35583E8F51B4D1FCEDF40BC7FDC9F175F6 ft=1 fh=40852f018d164d3f vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Tuneup Pro\TuneupPro.exe.vir"
sh=95AABFBC3A7FCEA51179B455FBDD5B7B4888C6EC ft=1 fh=567a33047db71482 vn="Win32/Systweak.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Tuneup Pro\TuppUns.exe.vir"
sh=FBF54788093138D98EADBC6BFFD9FDF2B573EB63 ft=1 fh=139ac82c62e4f788 vn="a variant of MSIL/Adware.PullUpdate.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\MovieMode\MovieModeService.exe.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\CT3291325\KeyBar_1.12AutoUpdateHelper.exe.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Conduit\CT3298573\MixiDJ_V37AutoUpdateHelper.exe.vir"
sh=A3F956746AC881EC2215CDDCBA9E394F146E6B1C ft=1 fh=def75e2564e7c401 vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\DefineExt\temp.dat.vir"
sh=696FF3F8A1D1E284190EBD99068B79377A115DBC ft=1 fh=f6c058c38c720a34 vn="a variant of MSIL/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Smartbar\Application\smartbarinternetexplorerextension.dll.vir"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=C1C547EE61E369232A71086B14C3DA1EA0F5DFEC ft=1 fh=2f7a5f77aa61c184 vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\KeyBar_1.12\hk64tbKeyB.dll.vir"
sh=F59FAFF6995AAE4B0EEED57F6035FE33CD92666F ft=1 fh=6dd03b204708c051 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\KeyBar_1.12\hktbKeyB.dll.vir"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\KeyBar_1.12\ldrtbKeyB.dll.vir"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\KeyBar_1.12\tbKeyB.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\KeyBar_1.12\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=C1C547EE61E369232A71086B14C3DA1EA0F5DFEC ft=1 fh=2f7a5f77aa61c184 vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\MixiDJ_V37\hk64tbMixi.dll.vir"
sh=F59FAFF6995AAE4B0EEED57F6035FE33CD92666F ft=1 fh=6dd03b204708c051 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\MixiDJ_V37\hktbMixi.dll.vir"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\MixiDJ_V37\ldrtbMixi.dll.vir"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\MixiDJ_V37\tbMixi.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\LocalLow\MixiDJ_V37\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=E354E7642F00AEDBAB85CE332A1D6EEA93BCD989 ft=1 fh=8cf5ec3b72844192 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir"
sh=C47E53CACD1F4B754DF21EFA7F323298554ED2D9 ft=1 fh=0e7ed61c46e3db5f vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir"
sh=BE9E83EF3EBCEF71A3F0565F2FAAE01A0DC03DE7 ft=1 fh=2ce3c90b953bae1f vn="Win64/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir"
sh=A66441EA33B541895F23B3A4F8EB408B616A94BA ft=1 fh=02e58446c958c5ff vn="Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir"
sh=E7F195291D8D8CEE4FA530E30F6AEE6DBBAE098D ft=1 fh=57442482986f4472 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir"
sh=C0788845580CFC9BE689DD93CA5BEE02B660E9A0 ft=1 fh=ef2be3480b0de156 vn="a variant of Win64/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir"
sh=EA111903F48C1CB7FE5056509351A88EFE85114F ft=1 fh=0f73ddfd31d1def0 vn="Win32/Toolbar.DefaultTab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir"
sh=17044BF6155DB1C1B9E69419E3230C8243DAFAE0 ft=1 fh=1a209f8f18633308 vn="a variant of Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe.vir"
sh=FCFAE3DB8CF47575ACAA2898E88A1EC6B99AA58D ft=1 fh=b3d5fdc26777243b vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\DefaultTab\DefaultTab\update.exe.vir"
sh=7347094BB7355D843C3B590B6944158EF33010C2 ft=1 fh=d6498a4cb5105e4e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default\Extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=27327CE935264BE6554AB64CC62CCA1AED7E1671 ft=1 fh=3cfe49887f8b1621 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmnpcszv.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\SPHook32.dll.vir"
sh=FC96B1F32B9320881BA847B4B84AF0EF096CB99D ft=1 fh=e2b5ce1f1ae776f7 vn="Win32/Conduit.SearchProtect.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\bin\SPRunner.exe.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir"
sh=6104D3F9ABFD70C59D8B1F77296D9F20D53695A8 ft=1 fh=9485a1ac4e30d9de vn="a variant of Win32/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot.exe.vir"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\cbsidlm-cbsi183-Free_Photo_Viewer-SEO-10808200 (1).exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\cbsidlm-cbsi183-Free_Photo_Viewer-SEO-10808200 (2).exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\cbsidlm-cbsi183-Free_Photo_Viewer-SEO-10808200.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\cbsidlm-cbsi183-PhotoViewer-SEO-10163573.exe"
sh=03215C48CB00536971E88817819081965062F03E ft=1 fh=71226b2d678a6418 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\dfsetup218.exe"

 



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:49 PM

Posted 11 October 2014 - 06:59 AM

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users