Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack: Ads by Volaro/ Vonteera - Firefox


  • Please log in to reply
15 replies to this topic

#1 cuddlefish

cuddlefish

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 08 November 2014 - 02:35 PM

Hello,

 

I have caught a browser hijacker which causes annoying pop ups and banners that occlude my browser window in Firefix and IE. Webpages load fine with the normal ads and after a short moment, the normal ads are replaced by the ones from the hijacker ("Ads by Volaro"). There are also new banners and pop ups.

I tried a manual clean of the Registry (several entries deleted) and the Firefox Add Ons, Extensions etc (nothing wrong), the running processes (nothing wrong), killed the prefs in Firefox (Vonteera entries, see below), deleted cache and cookies, completely resetted the Browser, temporary internet files etc., no luck. Also ran Malwarebytes, AdWCleaner, Superantispyware. No chance, keeps coming back.

In the about:config of Firefox, I noticed two suspicious entries:

 

vonteera.randurls;{"tp|www.adnets|info|:srv1|do":1,"tps|www.adnetworkus|com|:srv1|analytics":1}

and

vonteera.randurlsdate;1415471833929

 

Even if I reset these, they come back when I restart Firefox. Might this be the cause of the pop ups?

 

Can anybody help to solve my problem and get rid of the ads, banners and pop ups?

 

Thanks for your help!! :bowdown:

 



BC AdBot (Login to Remove)

 


m

#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 08 November 2014 - 02:42 PM

Hi cuddlefish and :welcome:

 

icon1348768721.jpgDownload Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

icon1337954655.pngPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

icon1337952077.pngPlease download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.

    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.
 

Thank you!



#3 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 08 November 2014 - 03:06 PM

Do not try manual delete in Registry also program to do that.



#4 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 08 November 2014 - 11:36 PM

Hello,

 

First of all, thanks a lot for your help! See below for the results of the scans

 

--------------------------------------------------------------------------------------------------------------------------

Security Check:

Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee VirusScan Enterprise   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65  
 Java version out of Date!
  Adobe Flash Player 14.0.0.145 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (33.0.3)
 Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 McAfee VirusScan Enterprise VsTskMgr.exe  
 McAfee VirusScan Enterprise mfeann.exe  
 McAfee VirusScan Enterprise SHSTAT.EXE  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

---------------------------------------------------------------------------------------------------------------------------------------------------------------

Minitoolbox:

MiniToolBox by Farbar  Version: 21-07-2014
Ran by drschumi (administrator) on 09-11-2014 at 05:29:23
Running from "C:\Users\drschumi\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (11/08/2014 07:09:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/07/2014 00:56:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/06/2014 04:15:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/05/2014 07:15:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/05/2014 04:21:53 PM) (Source: Validity USDK) (User: )
Description: SSL alert by host: Description is: 47.

Error: (11/04/2014 03:31:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/01/2014 04:29:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/31/2014 03:03:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/29/2014 01:58:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/28/2014 09:02:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: WCopyfind64.4.1.2.exe, version: 3.0.0.0, time stamp: 0x53a460df
Faulting module name: WCopyfind64.4.1.2.exe, version: 3.0.0.0, time stamp: 0x53a460df
Exception code: 0xc0000417
Fault offset: 0x00000000001a94a5
Faulting process id: 0x1bf0
Faulting application start time: 0xWCopyfind64.4.1.2.exe0
Faulting application path: WCopyfind64.4.1.2.exe1
Faulting module path: WCopyfind64.4.1.2.exe2
Report Id: WCopyfind64.4.1.2.exe3


System errors:
=============
Error: (11/09/2014 04:24:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
COR_SYS

Error: (11/09/2014 04:24:05 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Endpoint Encryption Agent service failed to start due to the following error:
%%2

Error: (11/09/2014 04:24:03 AM) (Source: Service Control Manager) (User: )
Description: The hardlock service failed to start due to the following error:
%%2

Error: (11/09/2014 04:23:41 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\cor_sys.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/08/2014 07:32:02 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
COR_SYS

Error: (11/08/2014 07:31:37 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Endpoint Encryption Agent service failed to start due to the following error:
%%2

Error: (11/08/2014 07:31:35 PM) (Source: Service Control Manager) (User: )
Description: The hardlock service failed to start due to the following error:
%%2

Error: (11/08/2014 07:31:17 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\cor_sys.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/08/2014 07:24:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/08/2014 07:24:43 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/08/2014 07:09:37 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/07/2014 00:56:38 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/06/2014 04:15:09 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/05/2014 07:15:51 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/05/2014 04:21:53 PM) (Source: Validity USDK)(User: )
Description: Description is: 47

Error: (11/04/2014 03:31:53 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/01/2014 04:29:47 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/31/2014 03:03:33 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/29/2014 01:58:40 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/28/2014 09:02:00 PM) (Source: Application Error)(User: )
Description: WCopyfind64.4.1.2.exe3.0.0.053a460dfWCopyfind64.4.1.2.exe3.0.0.053a460dfc000041700000000001a94a51bf001cff2e9f8548321C:\Dokumente und Einstellungen\Administrator\Desktop\DOWNLOADS\WCopyfind64.4.1.2.exeC:\Dokumente und Einstellungen\Administrator\Desktop\DOWNLOADS\WCopyfind64.4.1.2.exe46d6d06c-5edd-11e4-b4b3-c774745b95da



=========================== Installed Programs ============================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.0.0 - Adobe Systems) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (HKLM-x32\...\Adobe_2a31ae7a5c43ff52d8577782dd34e04) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{86BEB33F-3312-AA5F-C8AF-CAD2B4E64A8E}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.1112.154.3284 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1112.154.3284 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1112.154.3284 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1112.154.3284 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1112.154.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1112.0153.3284 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1112.154.3284 - Advanced Micro Devices, Inc.) Hidden
Chiavetta Internet TM201 (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - Onda Communication S.p.a.)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Default (x32 Version: 1.0.0.1 - Onda Communication S.p.a.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.11.34 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Ergonizer PDF Printer (novaPDF 7.4 printer) (HKLM\...\Ergonizer PDF Printer_is1) (Version:  - Softland)
Ergonizer Update 4.3.5 Build 48 (HKLM-x32\...\Ergonizer) (Version: 4.3.5 Build 48 - Ergonizer Software)
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Gladinet Cloud Desktop (HKLM-x32\...\{B7827207-E3D8-4A3D-B13F-D41B497F5017}) (Version: 4.0.856 - Gladinet)
Golden Cheetah (HKLM-x32\...\GoldenCheetah) (Version:  - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30151 (CD 2.5d) - Hauppauge Computer Works)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Automation Agent Preload  (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{4B21E4B2-89B8-499D-803A-34ABF929401E}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 5520 series Basic Device Software (HKLM\...\{014A59C8-DDA5-4788-906D-1F5CBA8A583D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP GPS and Location (HKLM-x32\...\{225C4860-9D03-49F5-B983-943EB938E0B0}) (Version: 1.0.26.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.5.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{20976B1F-E910-404D-9261-C16EE7E12DC8}) (Version: 3.0.0.9057 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}) (Version: 3.2.0.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{3A0FD0E8-7825-468D-8808-A5D63B11777B}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E02FBF01-0DE3-4BCB-89E8-D300FEFC3289}) (Version: 5.2.3.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel® Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (HKLM\...\{FE3DEA5D-60D7-4C92-A71F-1E1F2F4615FC}) (Version: 14.2.0.0216 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
InterCall Unified Meeting (HKLM-x32\...\{96312C46-E17A-4598-B1C6-C21C288840B5}) (Version: 4.11.7.244 - Genesys Conferencing Ltd.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.21.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
JMP 9 (HKLM-x32\...\{9DED7CDC-128A-4958-BCA2-FB9C9AA92A62}) (Version: 9.0 - SAS Institute Inc.)
JMP Profiler Core (HKLM-x32\...\{E3699351-FCC8-40C1-BB00-23E555A0E87E}) (Version: 1.0.0 - SAS Institute Inc.)
JMP Profiler GUI (HKLM-x32\...\{0BBA8AC3-ACD0-4C10-8451-0A79D14227ED}) (Version: 1.0.0 - SAS Institute Inc.)
Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13340.0 - Linksys LLC)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MATLAB® Compiler Runtime 7.9 (HKLM-x32\...\{A8ADD652-2101-4A28-98FB-486D2D70603F}) (Version: 7.9 - The MathWorks)
McAfee Agent (HKLM-x32\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.01000 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD Business 2010 (HKLM-x32\...\{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}) (Version: 12.1.73.14 - Roxio)
Roxio MyDVD Business 2010 (x32 Version: 1.0.410 - Roxio) Hidden
Roxio Secure Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.68.2 - Roxio)
Roxio Secure Burn (x32 Version: 1.8 - Roxio) Hidden
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SRM Software 6.42.06 (HKLM-x32\...\{C1CFAC96-7AD7-4874-AF4A-EF3EF1E2205F}) (Version: 6.42.06 - SRM)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.25.0 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Visual C++ 10.0 MFC (x86) (x32 Version: 10.0 - Microsoft Corporation) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

========================= Devices: ================================

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4046.36 MB
Available physical RAM: 2447.52 MB
Total Pagefile: 8090.9 MB
Available Pagefile: 5510.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:444.61 GB) (Free:312.58 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:15.86 GB) (Free:2.39 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:4.99 GB) (Free:2.13 GB) FAT32

========================= Users: ========================================

User accounts for \\DRSCHUMI-HP

Administrator            drschumi                 Guest                    


**** End of log ****
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

FSS:

Farbar Service Scanner Version: 21-07-2014
Ran by drschumi (administrator) on 09-11-2014 at 05:32:24
Running from "C:\Users\drschumi\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#5 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 09 November 2014 - 02:22 AM

And I run AdWCleaner- JRT - Malwarebytes - Hitman (in that order) again this morning, no success :-(



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 09 November 2014 - 07:47 AM

Ok post the logs:

C:\AdwCleaner[S1].txt

JRT is on your desktop.

Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop.

C:\ProgramData\HitmanPro\Logs

 

Downloaddelfix.pngDelfix by Xplode HERE to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

    Activate UAC (optional; some users prefer to keep it off)
    Remove disinfection tools
    Create registry backup
    Reset system settings


Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

 

icon1337553765.pngPlease download Sophos Virus Removal Tool HERE and save it to your desktop.
* NOTE : It is a very large file so it may take some time to download.
* Be sure to read and follow the instructions on that same page for installing and performing a scan.
* If anything threats are detected, they will show in the Scan Results with an option to click a Details... button for more information.
* Click on the Start clean up button to allow removal of all threats found and reboot the computer when done.
* A log file should have been created...copy and paste the results in your next reply.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
-- Vista, Windows 7, 2008: C:\Program Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

 

icon1341514754.jpgPlease download Emsisoft Emergency Kit HERE
Double click on downloaded file..It will be extracted in C:\EEK
Double click the icon on the desktop.Click Yes to update.When is over click back and then Scan.Choose Yes to detect PUP`s.After that Full Scan.At the end from above choose LOGS, tab Scan log and under there is an Export button.Post it here.

Thank you!
 



#7 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 09 November 2014 - 11:31 AM

OK, will do. Here are the Log Files:

 

AdWCleaner

 

# AdwCleaner v4.100 - Report created 09/11/2014 at 07:42:50
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : drschumi - DRSCHUMI-HP
# Running from : C:\Users\drschumi\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [5184 octets] - [08/11/2014 18:47:15]
AdwCleaner[R1].txt - [957 octets] - [09/11/2014 07:37:53]
AdwCleaner[S0].txt - [4958 octets] - [08/11/2014 18:49:58]
AdwCleaner[S1].txt - [878 octets] - [09/11/2014 07:42:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [937 octets] ##########
 

------------------------------------------------------------------------------------------------------------

Malwarebytes (run on two occasions, see below)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04.11.2014
Scan Time: 18:34:43
Logfile: Log Scan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.04.05
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: drschumi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340596
Time Elapsed: 14 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}\INPROCSERVER32, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{598AC71E-BE58-3981-B78A-5C138F423AD6}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63D2A451-3351-178C-7BC4-13C4D58A7652}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3FC2D59A-5C76-1E97-30DC-1EC6784419E5}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\FoxPro.FoxPro.1, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\CLASSES\FoxPro.FoxPro, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FoxPro.FoxPro, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{598AC71E-BE58-3981-B78A-5C138F423AD6}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{598AC71E-BE58-3981-B78A-5C138F423AD6}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKU\S-1-5-21-2400452108-182445717-2449198723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{598AC71E-BE58-3981-B78A-5C138F423AD6}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FoxPro.FoxPro.1, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKU\S-1-5-21-2400452108-182445717-2449198723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{598AC71E-BE58-3981-B78A-5C138F423AD6}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, HKU\S-1-5-21-2400452108-182445717-2449198723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{598AC71E-BE58-3981-B78A-5C138F423AD6}, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.Vonteera.A, HKU\S-1-5-21-2400452108-182445717-2449198723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vonteera Safe ads, , [524969cd3844999d5a971520d52e936d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2400452108-182445717-2449198723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [f6a5a690e19ba3933a54095b63a02cd4],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2400452108-182445717-2449198723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [613a1e187c00211524a8eb8f8b79f808],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2400452108-182445717-2449198723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0B1J1Q2Z1S1P1U2O, , [613a1e187c00211524a8eb8f8b79f808]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.ARHome.A, C:\Users\drschumi\AppData\Roaming\ARHome, , [514a0630fb81a88ed4f535e7c1429b65],

Files: 8
PUP.Optional.StartPage.A, C:\Users\drschumi\AppData\Roaming\VolIE\FoxPro_64.dll, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.StartPage.A, C:\Users\drschumi\AppData\Roaming\VolIE\FoxPro_32.dll, , [118a47ef6a12171f860942a861a115eb],
PUP.Optional.Ext, C:\Windows\System32\Tasks\4CEFD9B73D6C-1CRMOI2, , [a2f9e2545b214fe79a118baa27dc2cd4],
Backdoor.Bifrose, C:\Program Files (x86)\Java\Java.exe, , [c0db989ebfbd4aec18863c62eb18a25e],
PUP.Optional.ARHome.A, C:\Users\drschumi\AppData\Roaming\ARHome\qhnsjt.dat, , [514a0630fb81a88ed4f535e7c1429b65],
PUP.Optional.ARHome.A, C:\Users\drschumi\AppData\Roaming\ARHome\Updater.exe, , [514a0630fb81a88ed4f535e7c1429b65],
PUP.Optional.ArabyOnline.A, C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.arabyonline.com/?scr=90Qw8888");), ,[e8b3989e8cf03ef8a8d63b36976e728e]
PUP.Optional.ArabyOnline.A, C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://www.arabyonline.com/search.php?src=1000&q={searchTerms}");), ,[207b171fe498a78f88f89ed3ee171ee2]

Physical Sectors: 0
(No malicious items detected)


(end)

 

---------------------------

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09.11.2014
Scan Time: 07:51:21
Logfile: MWB.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.09.02
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: drschumi

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 274574
Time Elapsed: 3 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

-------------------------------------------------------------------------------------------------------------

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Professional x64
Ran by drschumi on 09.11.2014 at  7:46:30.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2014 at  7:49:42.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

-------------------------------------------------------------------------------------------------------------

Hitman

 

HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : DRSCHUMI-HP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : drschumi-HP\drschumi
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-11-09 06:59:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 1s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 28

   Objects scanned . . . : 2 036 711
   Files scanned . . . . : 87 101
   Remnants scanned  . . : 565 643 files / 1 383 967 keys

Suspicious files ____________________________________________________________

   C:\Users\drschumi\Downloads\FSS.exe
      Size . . . . . . . : 415 232 bytes
      Age  . . . . . . . : 0.1 days (2014-11-09 05:22:29)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 149759CADFDF8C19A4104C7DB08BA490D33CFBD29785640385239087B79E1FD2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -59.9s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\6321778E60FA3BF2116D57797D02479CF3D7FAF8
         -59.5s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\046ACCADB4769D39C469D80D95972345F8085D18
         -45.2s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\FEA59B1C0255EC0D20BDBDFB7C6A80305205704C
         -44.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\2A92B7785861999EC9CEB21C43AD073F82605A58
         -44.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\B40DE88CB73E2027BFDE7F41F195F6AC07905049
         -44.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\D8043F321B595A2C38F02B865C402FA7C2F59375
         -44.7s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\6D365CA3AB1859526DDF1B67F891AE7BD18DD28D
         -43.5s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\B598BA0B751D653C0E62027EF4DF1995576A97C6
         -43.3s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\1D43291655C895C78F9B0B6A235D8C4CEC1772A8
         -42.5s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\D4BF030234E8E032BC3411916B3A711F76A023E0
         -42.5s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\2463AB18F0E3DB7BD3A9237FB6915485DDB863B1
         -42.3s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\02F18ADE4392EA762F2FF1D783BED93E5976F9E9
         -42.0s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\CA7398AE87EDD5B9342B1BAA848658E84D803330
         -41.4s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DB2DC6394D1E9A0AB420D1B83B91E15977F9F16E
         -40.9s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\4049D350E07C1DAD0747E8F257F713DE501B1E17
         -37.9s C:\Users\drschumi\Downloads\SecurityCheck.exe
         -24.2s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DD9A48F781FE432135B799543FE0FA36B5C53177
         -24.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\A29ECDC5DE9B0E5F7F807E80F4B91B8E2F32FADB
         -24.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F25369F99D66290579DA63BA3BB5A81D9B6A1B0B
         -23.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\D17B221B67288D2D37CADC21629311EC890ACFEE
         -23.6s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\BF9DBC6058DF2C822497355086792FFCE8C70381
         -20.4s C:\Users\drschumi\Downloads\MiniToolBox.exe
         -8.7s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\CD84D625DCD6BCA3AA4AF9322045B634FFB1BE8D
         -8.6s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\FF36494D90619EC08CA5A4400307F6F898EBBC40
         -8.6s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\4E522072F2A4F5396D7509415FD2B9AD2D4B8D29
         -8.4s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F85CCEE2217FF3602E485515E62689D31CB1D4EB
         -7.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\6E5E0A06C43F1E870A2655DCC60D96815A345442
         -6.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F6C27168771A0B59BF279CC654CCA90A6A4AC03B
         -4.2s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\99943FE056FDAA7CDCABE3E68F12F5D677652EB1
         -3.6s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F561ED7334874B5CBAFC94C22D0527EBCE59C8A4
         -3.4s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\9B50D9392A7710457871D43C38E62BF4376FC63C
          0.0s C:\Users\drschumi\Downloads\FSS.exe
          0.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DA3D0DA939B66C57D755E1FFB3CEEF90EF89E274
          1.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DC4559BC8403FFF4756EF858E9AD5E4EEA638380

   C:\Users\drschumi\Downloads\MiniToolBox.exe
      Size . . . . . . . : 401 920 bytes
      Age  . . . . . . . : 0.1 days (2014-11-09 05:22:09)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -39.6s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\6321778E60FA3BF2116D57797D02479CF3D7FAF8
         -39.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\046ACCADB4769D39C469D80D95972345F8085D18
         -24.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\FEA59B1C0255EC0D20BDBDFB7C6A80305205704C
         -24.4s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\2A92B7785861999EC9CEB21C43AD073F82605A58
         -24.4s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\B40DE88CB73E2027BFDE7F41F195F6AC07905049
         -24.4s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\D8043F321B595A2C38F02B865C402FA7C2F59375
         -24.3s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\6D365CA3AB1859526DDF1B67F891AE7BD18DD28D
         -23.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\B598BA0B751D653C0E62027EF4DF1995576A97C6
         -22.9s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\1D43291655C895C78F9B0B6A235D8C4CEC1772A8
         -22.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\D4BF030234E8E032BC3411916B3A711F76A023E0
         -22.1s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\2463AB18F0E3DB7BD3A9237FB6915485DDB863B1
         -21.9s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\02F18ADE4392EA762F2FF1D783BED93E5976F9E9
         -21.6s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\CA7398AE87EDD5B9342B1BAA848658E84D803330
         -21.0s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DB2DC6394D1E9A0AB420D1B83B91E15977F9F16E
         -20.6s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\4049D350E07C1DAD0747E8F257F713DE501B1E17
         -17.5s C:\Users\drschumi\Downloads\SecurityCheck.exe
         -3.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DD9A48F781FE432135B799543FE0FA36B5C53177
         -3.7s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\A29ECDC5DE9B0E5F7F807E80F4B91B8E2F32FADB
         -3.7s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F25369F99D66290579DA63BA3BB5A81D9B6A1B0B
         -3.5s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\D17B221B67288D2D37CADC21629311EC890ACFEE
         -3.2s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\BF9DBC6058DF2C822497355086792FFCE8C70381
          0.0s C:\Users\drschumi\Downloads\MiniToolBox.exe
         11.7s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\CD84D625DCD6BCA3AA4AF9322045B634FFB1BE8D
         11.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\FF36494D90619EC08CA5A4400307F6F898EBBC40
         11.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\4E522072F2A4F5396D7509415FD2B9AD2D4B8D29
         12.0s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F85CCEE2217FF3602E485515E62689D31CB1D4EB
         13.3s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\6E5E0A06C43F1E870A2655DCC60D96815A345442
         14.3s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F6C27168771A0B59BF279CC654CCA90A6A4AC03B
         16.2s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\99943FE056FDAA7CDCABE3E68F12F5D677652EB1
         16.8s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\F561ED7334874B5CBAFC94C22D0527EBCE59C8A4
         17.0s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\9B50D9392A7710457871D43C38E62BF4376FC63C
         20.4s C:\Users\drschumi\Downloads\FSS.exe
         21.2s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DA3D0DA939B66C57D755E1FFB3CEEF90EF89E274
         21.5s C:\Users\drschumi\AppData\Local\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cache2\entries\DC4559BC8403FFF4756EF858E9AD5E4EEA638380


Cookies _____________________________________________________________________

   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ad.360yield.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ad.adnet.de
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ad.reklamport.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.creative-serving.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.mediade.sk
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.nervora.net
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.p161.net
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.pubmatic.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.regie24h00.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.stickyadstv.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ads.yahoo.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:adserver.radsport-aktiv.de
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:adtech.de
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:advertising.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:at.atwola.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:burstnet.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:casalemedia.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:collective-media.net
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:doubleclick.net
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:eas4.emediate.eu
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:googleadservices.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:revsci.net
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:ru4.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:serving-sys.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:tradedoubler.com
   C:\Users\drschumi\AppData\Roaming\Mozilla\Firefox\Profiles\rkqlqu9p.default-1414840171976\cookies.sqlite:www.etracker.de
 

 

I will run the other programs and post the logs..

 

Thanks a lot!!!



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 09 November 2014 - 11:36 AM

Ok! :thumbup2:



#9 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 10 November 2014 - 02:12 AM

OK, here are the logs:

 

Sophos: Did not detect anything ("No threats"). I could not find a report in the directories of the program.

 

----------------------------------------------------------------------------------------------------------------------------------

Emsisoft:

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/10/2014 4:51:20 AM
User account: drschumi-HP\drschumi

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    11/10/2014 4:52:58 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS     detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2400452108-182445717-2449198723-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-2400452108-182445717-2449198723-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN     detected: Setting.NoRun (A)

Scanned    343472
Found    6

Scan end:    11/10/2014 8:05:15 AM
Scan time:    3:12:17
 

 

I have quarantined the detected items but not deleted them yet. Not sure these are system processes?

 

Thanks for your help!



#10 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 10 November 2014 - 02:27 AM

And, by the way, the ads are still there...No change until now :(



#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 10 November 2014 - 10:27 AM

Where did you download FLV Player 2.0 by Martijn de Visser?

Yes, because we found nothing.

Update Adobe flash - http://get.adobe.com/flashplayer/

Uncheck optional offer.

Also Java - https://java.com/en/download/index.jsp

And Adone Air - http://get.adobe.com/air/

 

Thank you!



#12 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 10 November 2014 - 10:59 AM

FLV player has been on my computer for ages, never had any issues, I am quite sure its not the cause.

I will update Java and Adobe, no problem.

 

Any idea how to get rid of the entries related to the Ads in the Firefox configuration mentioned in my first post?

 

Thanks!



#13 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 10 November 2014 - 11:13 AM

Registry keys I think.I don`t know what you have been doing there.May uninstall Sophos as a program if you want.

 

esetsmartinstaller_enu.pngPlease download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish
The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Eset Online scanner\log.txt"

Note: Do not forget to re-enable your antivirus application after running the above scan!
 

Thank you!



#14 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 10 November 2014 - 10:55 PM

Hi again,

 

I ran the ESET scan and I think this did it! No more ads after restarting the computer (until now, keep my fingers crossed... :thumbup2:  ), see log below:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1eb5334f4b9ece4fb94d63b4f809195d
# engine=21023
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-10 07:09:24
# local_time=2014-11-10 08:09:24 (+0100, W. Europe Standard Time)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee VirusScan Enterprise'
# compatibility_mode=5128 16777213 100 100 86356723 99619284 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 42130652 167276414 0 0
# scanned=285991
# found=7
# cleaned=7
# scan_time=6745
sh=5B10CD3149A92E97858B1129C02373AD1C7D0CA0 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addon@Vonteera.com\chrome\content\filesrv.js"
sh=5344F035459C238984B97FE67F7E4A64671A1EEA ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addon@Vonteera.com\chrome\content\globals.js"
sh=00348626604C21B9D9BF3143780ACC3E54EDA9E4 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addon@Vonteera.com\chrome\content\main.js"
sh=AE5B3F001C0841896F71E6FAE28916F13A899CF6 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addon@Vonteera.com\chrome\content\main.xul"
sh=5E491BBF74B0023B9BAA6E3A7D04F4E7BDCE9CC4 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addon@Vonteera.com\chrome\content\prefs.js"
sh=B82B8944D73493FE21DBEB276E99D9DCCA9A34D0 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\addon@Vonteera.com\chrome\content\tabs_listener.js"
sh=A323A26747E5E00BDACD1B6ECC0D8BD560896324 ft=1 fh=9a876114259598ed vn="a variant of Win32/AdWare.Vonteera.J application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\drschumi\AppData\Roaming\SPK\SPK.exe"
 



#15 cuddlefish

cuddlefish
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 11 November 2014 - 11:21 AM

Yep, after 10 hours, still no ads.

 

Thanks a lot Alex&Vanko for your help, much appreciated! :thumbsup2:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users