Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent, Backdoor.Agent.CHGen, & Backdoor.Agent.E


  • This topic is locked This topic is locked
36 replies to this topic

#1 SillyTilly

SillyTilly

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 February 2015 - 12:37 AM

I can't post a log because when I run MalwareBytes and Copy the log to clipboard it comes up empty.  But Malwarebytes keeps finding three persistent malware that it keeps saying it quarantined and I try to delete, but they show up after every single scan.

 

nwaiqr.jpg

 

I've posted the image above and attached it to this post.  Help me get rid of these please.

 

Trojan.Agent   Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2/5/2015
Scan Time: 11:31:39 PM
Logfile: 
Administrator: Yes
 
Version: 0.00.0.0000
Malware Database: v2015.02.06.03
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: SillyTilly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373147
Time Elapsed: 22 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end) 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:23 PM

Posted 06 February 2015 - 09:15 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 2

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 SillyTilly

SillyTilly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 February 2015 - 02:50 PM

Thank you so much for your reply.  I will follow your instructions.  And let me just say now....I realllllllllllly appreciate your help!

 

Here is the FRST.txt Log below

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by SillyTilly (administrator) on TILLY on 06-02-2015 13:36:09
Running from C:\Users\SillyTilly\Desktop
Loaded Profiles: SillyTilly (Available profiles: SillyTilly)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Dragon)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTShellHlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
( New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(FastStone Soft) C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-04-23] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [MetroTileShortcut] => "C:\Program Files\McAfeeAntiTheft\2.1.170.2\McATUIHost.exe" /IMAT_SHORTCUTS
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [299648 2012-10-07] (McAfee, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Run: [EPSON18A145 (Epson Stylus NX430)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Run: [WinFLTray] => C:\WINDOWS\SysWow64\WinFLTray.exe [322360 2014-08-21] ( New Softwares.net)
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [275768 2014-08-21] (New Softwares.net)
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe [3127840 2014-02-19] (Disc Soft Ltd)
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-12] (Electronic Arts)
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\MountPoints2: {c14fa3d1-38e0-11e4-be85-0c8bfd46ae46} - "E:\Autorun.exe" 
Startup: C:\Users\SillyTilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SillyTilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Profile: C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-13]
CHR Extension: (Google Docs) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
CHR Extension: (Google Drive) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]
CHR Extension: (YouTube) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-13]
CHR Extension: (Google Search) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-13]
CHR Extension: (Google Sheets) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-13]
CHR Extension: (Click&Clean) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2014-09-13]
CHR Extension: (History Eraser) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR Extension: (Click&Clean App) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-09-13]
CHR Extension: (Gmail) - C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 FLService; C:\Windows\SysWow64\WinFLService.exe [92984 2014-08-21] (New Softwares.net)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-01] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-26] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 McATScheduler; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-12] (Electronic Arts)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-21] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U0 amdmdkb; C:\Windows\System32\drivers\dnbhdmjp.sys [79064 2015-02-06] (Malwarebytes Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50976 2014-11-12] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-10] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [115656 2013-06-03] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-06-01] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation)
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2014-08-21] ()
U0 psymcxki; C:\Windows\System32\drivers\namfe.sys [79064 2015-02-05] (Malwarebytes Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [450632 2013-02-22] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36384 2014-08-21] ()
R2 WinVDEDrv; C:\Windows\SysWow64\WinVDEdrv.sys [225680 2014-08-21] (NewSoftwares.net, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 13:36 - 2015-02-06 13:36 - 00022791 _____ () C:\Users\SillyTilly\Desktop\FRST.txt
2015-02-06 13:35 - 2015-02-06 13:36 - 00000000 ____D () C:\FRST
2015-02-06 13:35 - 2015-02-06 13:35 - 02131968 _____ (Farbar) C:\Users\SillyTilly\Desktop\FRST64.exe
2015-02-06 03:23 - 2015-02-06 03:23 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\dnbhdmjp.sys
2015-02-05 23:10 - 2015-02-05 23:10 - 05611380 _____ (Swearware) C:\Users\SillyTilly\Desktop\ComboFix.exe
2015-02-05 23:08 - 2015-02-05 23:08 - 00000052 _____ () C:\Users\SillyTilly\Desktop\CFScript.txt
2015-02-05 19:24 - 2015-02-05 19:24 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\namfe.sys
2015-02-05 13:04 - 2015-02-05 13:05 - 00000000 ____D () C:\Users\SillyTilly\AppData\Roaming\PCDr
2015-02-05 13:03 - 2015-02-05 13:03 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-04 19:02 - 2015-02-04 19:02 - 00852594 _____ () C:\Users\SillyTilly\Downloads\SecurityCheck.exe
2015-02-04 15:54 - 2015-02-04 15:54 - 00024352 _____ () C:\Users\SillyTilly\Desktop\dds.txt
2015-02-04 15:54 - 2015-02-04 15:54 - 00006096 _____ () C:\Users\SillyTilly\Desktop\attach.txt
2015-02-04 15:53 - 2015-02-04 15:53 - 00688992 ____R (Swearware) C:\Users\SillyTilly\Desktop\dds.com
2015-02-04 15:51 - 2015-02-04 15:51 - 00000815 _____ () C:\Users\SillyTilly\Desktop\JRT.txt
2015-02-04 15:48 - 2015-02-04 15:48 - 01388274 _____ (Thisisu) C:\Users\SillyTilly\Desktop\JRT.exe
2015-02-04 15:47 - 2015-02-04 15:47 - 00015528 _____ () C:\Users\SillyTilly\Desktop\AdwCleaner[S0].txt
2015-02-04 15:41 - 2015-02-04 15:44 - 00000000 ____D () C:\AdwCleaner
2015-02-04 15:39 - 2015-02-04 15:39 - 02194432 _____ () C:\Users\SillyTilly\Desktop\adwcleaner_4.109.exe
2015-02-04 15:38 - 2015-02-04 15:38 - 00003812 _____ () C:\Users\SillyTilly\Desktop\RKreport_DEL_02042015_153827.log
2015-02-04 15:29 - 2015-02-04 15:29 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-04 15:29 - 2015-02-04 15:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-04 15:26 - 2015-02-04 15:26 - 00002667 _____ () C:\Users\SillyTilly\Desktop\gettingridofmalware.txt
2015-02-04 15:24 - 2015-02-04 15:24 - 18570328 _____ () C:\Users\SillyTilly\Desktop\RogueKillerX64.exe
2015-02-02 05:26 - 2015-02-06 13:36 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 05:26 - 2015-02-05 17:36 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 05:26 - 2015-02-04 17:31 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-02 05:26 - 2015-02-04 17:31 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 05:26 - 2015-02-02 05:26 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-02 05:26 - 2015-02-02 05:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-02 05:25 - 2015-02-02 05:25 - 00880784 _____ (Google Inc.) C:\Users\SillyTilly\Desktop\ChromeSetup.exe
2015-02-01 21:45 - 2015-02-06 11:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-01 21:45 - 2015-02-01 21:45 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-01 21:45 - 2015-02-01 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-01 21:45 - 2015-02-01 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-01 21:45 - 2015-02-01 21:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-01 21:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-01 21:45 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-01 21:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-01 21:42 - 2015-02-01 21:42 - 00000000 ____D () C:\Users\SillyTilly\AppData\Local\StormFall
2015-02-01 21:42 - 2015-02-01 21:42 - 00000000 ____D () C:\Users\SillyTilly\AppData\Local\Pirates
2015-02-01 17:41 - 2015-02-01 17:42 - 00000000 ____D () C:\Users\SillyTilly\AppData\Local\Deployment
2015-02-01 17:38 - 2015-02-01 17:38 - 00076578 _____ () C:\Users\SillyTilly\Desktop\bookmarks_2_1_15.html
2015-02-01 14:20 - 2015-02-01 14:20 - 00001486 _____ () C:\ProgramData\tempimage.bmp
2015-02-01 09:47 - 2015-02-01 09:47 - 00628496 _____ (CMI Limited) C:\Users\SillyTilly\AppData\Local\nss3297.tmp
2015-02-01 08:36 - 2015-02-01 18:37 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-02-01 08:34 - 2015-02-01 18:37 - 00000000 ____D () C:\Users\SillyTilly\AppData\Roaming\Easy Email Forwarding
2015-02-01 08:31 - 2015-02-01 08:31 - 00652995 _____ () C:\Users\SillyTilly\Downloads\EasyEmailForwarding.zip
2015-01-25 11:47 - 2015-01-27 03:56 - 00000000 ____D () C:\Users\SillyTilly\Desktop\Taken.3.2014.HC.HDRip.XViD.AC3.juggs[ETRG]
2015-01-25 11:46 - 2015-01-25 11:46 - 00115941 _____ () C:\Users\SillyTilly\Downloads\Taken.3.2014.HC.HDRip.XViD.AC3.juggs.torrent
2015-01-25 11:45 - 2015-01-25 11:45 - 00568392 _____ () C:\Users\SillyTilly\Downloads\Taken_3_2014_hc_hdrip_xvid_ac3_juggs[etrg].exe
2015-01-25 11:25 - 2015-01-25 11:41 - 1002496198 _____ () C:\Users\SillyTilly\Desktop\American Sniper (2014) DvD Scr Rip - X264 lottery.mkv
2015-01-25 11:23 - 2015-01-25 11:23 - 00077233 _____ () C:\Users\SillyTilly\Downloads\[kickass.so]american.sniper.2014.dvdscr.x264.playnow.torrent
2015-01-25 11:19 - 2015-02-02 05:16 - 00071168 ___SH () C:\Users\SillyTilly\Downloads\Thumbs.db
2015-01-25 11:18 - 2015-01-25 11:18 - 01273720 _____ () C:\Users\SillyTilly\Downloads\Download american sniper Torrents - KickassTorrents.exe
2015-01-16 22:11 - 2015-01-16 22:11 - 00000000 ____D () C:\ProgramData\vsosdk
2015-01-15 01:56 - 2015-02-04 18:52 - 00000000 __RDO () C:\Users\SillyTilly\OneDrive
2015-01-14 19:28 - 2014-12-09 21:43 - 51938816 _____ (taig tools) C:\Users\SillyTilly\Desktop\TaiGJBreak_EN_1201.exe
2015-01-14 19:05 - 2015-01-14 19:05 - 00000000 ____D () C:\Users\SillyTilly\AppData\Roaming\TaiG
2015-01-14 19:03 - 2015-02-06 10:48 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE71484F-D1D1-4DE0-B59F-905B906C1FE2}
2015-01-14 19:02 - 2015-01-14 19:02 - 00000000 __SHD () C:\Users\SillyTilly\AppData\Local\EmieUserList
2015-01-14 19:02 - 2015-01-14 19:02 - 00000000 __SHD () C:\Users\SillyTilly\AppData\Local\EmieSiteList
2015-01-14 19:02 - 2015-01-14 19:02 - 00000000 __SHD () C:\Users\SillyTilly\AppData\Local\EmieBrowserModeList
2015-01-13 19:00 - 2014-12-19 00:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 19:00 - 2014-12-11 20:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 19:00 - 2014-12-11 18:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 19:00 - 2014-12-08 19:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 19:00 - 2014-12-08 13:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 19:00 - 2014-12-08 13:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 19:00 - 2014-12-08 13:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 19:00 - 2014-12-08 13:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 19:00 - 2014-12-08 13:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 19:00 - 2014-12-08 13:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 19:00 - 2014-12-08 13:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 19:00 - 2014-12-08 13:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 19:00 - 2014-12-05 21:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 19:00 - 2014-12-05 19:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 19:00 - 2014-12-05 19:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 19:00 - 2014-10-28 22:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 19:00 - 2014-10-28 22:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 19:00 - 2014-10-28 21:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 19:00 - 2014-10-28 21:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 19:00 - 2014-10-28 21:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 19:00 - 2014-10-28 21:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 19:00 - 2014-10-28 21:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 19:00 - 2014-10-28 21:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 19:00 - 2014-10-28 21:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 19:00 - 2014-10-28 21:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 19:00 - 2014-10-28 21:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 19:00 - 2014-10-28 20:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 19:00 - 2014-10-28 19:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 19:00 - 2014-10-28 19:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 19:00 - 2014-10-28 19:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 19:00 - 2014-10-28 19:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-09 10:43 - 2014-12-20 12:16 - 2033861248 _____ () C:\Users\SillyTilly\Desktop\Gone.Girl.2014.BluRay.1080p.5.1CH.x264.mkv
2015-01-08 19:47 - 2015-01-09 07:09 - 2033862306 _____ () C:\Users\SillyTilly\Desktop\GoneGirl.rar
2015-01-08 19:47 - 2015-01-08 19:47 - 00065536 _____ () C:\Users\SillyTilly\Downloads\FLVPlayer-Chrome.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 13:12 - 2014-11-03 23:02 - 01297323 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-06 13:02 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-06 04:53 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-05 23:32 - 2015-01-02 04:20 - 00463872 ___SH () C:\Users\SillyTilly\Desktop\Thumbs.db
2015-02-05 23:06 - 2014-08-21 17:06 - 00011781 ___SH () C:\WINDOWS\SysWOW64\win_flfiles_sys.dat
2015-02-05 23:06 - 2014-08-21 17:06 - 00003465 ___SH () C:\WINDOWS\SysWOW64\win_stlthdb_sys.dat
2015-02-05 21:07 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-05 18:03 - 2014-08-20 09:43 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-05 13:10 - 2014-07-30 14:41 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3131570312-1522225647-529158487-1001
2015-02-04 16:18 - 2014-09-24 01:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-04 16:15 - 2013-09-05 11:13 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-04 16:12 - 2014-09-24 01:03 - 00050094 _____ () C:\WINDOWS\PFRO.log
2015-02-04 16:12 - 2013-08-22 08:46 - 00291982 _____ () C:\WINDOWS\setupact.log
2015-02-04 16:12 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-04 16:11 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-04 15:45 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Performance
2015-02-03 13:31 - 2014-09-24 03:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:31 - 2014-09-24 03:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 05:26 - 2014-07-30 14:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-02 00:00 - 2014-09-24 00:53 - 00000000 ____D () C:\WINDOWS\SKB
2015-02-01 23:39 - 2014-09-06 11:42 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-02-01 21:49 - 2014-09-06 12:08 - 00000000 ____D () C:\Program Files (x86)\OOpptOOnn
2015-02-01 21:41 - 2014-09-09 09:46 - 00000000 _____ () C:\Users\SillyTilly\Downloads\ChromeSetup.exe
2015-02-01 21:35 - 2013-09-05 11:05 - 00000000 ____D () C:\ProgramData\Temp
2015-02-01 18:55 - 2014-08-20 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-01 18:40 - 2014-11-03 22:46 - 00000000 ____D () C:\Users\SillyTilly
2015-02-01 18:37 - 2014-11-12 22:26 - 00000000 ____D () C:\Users\SillyTilly\AppData\Local\AVG Web TuneUp
2015-02-01 18:37 - 2014-11-12 22:26 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-02-01 18:37 - 2014-10-31 10:05 - 00000000 ____D () C:\ProgramData\Protexis
2015-02-01 18:37 - 2014-09-24 03:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-01 18:37 - 2014-09-10 07:46 - 00000000 ____D () C:\Users\SillyTilly\AppData\Roaming\uTorrent
2015-02-01 18:37 - 2014-08-21 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Lock
2015-02-01 18:37 - 2014-08-03 21:36 - 00000000 ____D () C:\ProgramData\Protexis64
2015-02-01 18:37 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-01 18:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration
2015-02-01 18:28 - 2014-08-20 09:46 - 00000000 ____D () C:\ProgramData\AVG2014
2015-02-01 06:43 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-16 22:20 - 2014-07-30 17:15 - 00000000 ____D () C:\Users\SillyTilly\Documents\ConvertXtoDVD
2015-01-16 22:19 - 2014-07-30 17:14 - 00000000 ____D () C:\Users\SillyTilly\AppData\Roaming\Vso
2015-01-15 08:47 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-15 01:57 - 2014-07-30 14:34 - 00000000 ____D () C:\Users\SillyTilly\AppData\Local\Packages
2015-01-14 18:57 - 2014-08-20 07:32 - 00000000 ____D () C:\Users\SillyTilly\AppData\Local\pangu
2015-01-13 19:23 - 2014-07-31 03:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-13 19:19 - 2014-07-31 03:27 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-08 13:24 - 2014-08-21 17:06 - 00001386 ___SH () C:\WINDOWS\SysWOW64\win_fldb_sys.dat
 
==================== Files in the root of some directories =======
 
2014-07-30 17:14 - 2014-07-30 17:14 - 0099384 _____ () C:\Users\SillyTilly\AppData\Roaming\inst.exe
2014-07-30 17:14 - 2014-07-30 17:14 - 0007859 _____ () C:\Users\SillyTilly\AppData\Roaming\pcouffin.cat
2014-07-30 17:14 - 2014-07-30 17:14 - 0001167 _____ () C:\Users\SillyTilly\AppData\Roaming\pcouffin.inf
2014-07-30 17:14 - 2014-07-30 17:14 - 0000055 _____ () C:\Users\SillyTilly\AppData\Roaming\pcouffin.log
2014-07-30 17:14 - 2014-07-30 17:14 - 0082816 _____ (VSO Software) C:\Users\SillyTilly\AppData\Roaming\pcouffin.sys
2014-07-30 17:13 - 2014-07-30 17:13 - 27628568 _____ (VSO-Software                                                ) C:\Users\SillyTilly\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2014-08-08 10:53 - 2014-08-08 10:53 - 0168331 _____ () C:\Users\SillyTilly\AppData\Local\ars.cache
2014-08-08 10:53 - 2014-08-08 10:53 - 0341754 _____ () C:\Users\SillyTilly\AppData\Local\census.cache
2014-08-08 09:45 - 2014-08-08 09:45 - 0000036 _____ () C:\Users\SillyTilly\AppData\Local\housecall.guid.cache
2015-02-01 09:47 - 2015-02-01 09:47 - 0628496 _____ (CMI Limited) C:\Users\SillyTilly\AppData\Local\nss3297.tmp
2014-08-29 11:54 - 2014-08-29 11:54 - 0007602 _____ () C:\Users\SillyTilly\AppData\Local\Resmon.ResmonCfg
2015-02-01 14:20 - 2015-02-01 14:20 - 0001486 _____ () C:\ProgramData\tempimage.bmp
2013-09-05 11:12 - 2013-09-05 11:13 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-09-05 11:06 - 2013-09-05 11:08 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-09-05 11:08 - 2013-09-05 11:10 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-09-05 11:05 - 2013-09-05 11:06 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-09-05 11:10 - 2013-09-05 11:12 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\SillyTilly\AppData\Local\Temp\dllnt_dump.dll
C:\Users\SillyTilly\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 16:23
 
==================== End Of Log ============================
 
 
 
And now the Addition.txt log is below
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by SillyTilly at 2015-02-06 13:36:56
Running from C:\Users\SillyTilly\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Amazon 1Button App for Windows Taskbar (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.2 - Amazon)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{59E75C53-7980-45AD-ADAA-733198B4BF7F}) (Version: 2.0.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version:  - DT Soft Ltd.)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.02 - NCH Software)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell Custom Help (Version: 16.00.4000.0176 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.13 - Synaptics Incorporated)
Dropbox (HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
FastStone Capture 7.9 (HKLM-x32\...\FastStone Capture) (Version: 7.9 - FastStone Soft)
Folder Lock (HKLM-x32\...\Folder Lock) (Version:  - New Softwares.net)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.8.2414.748 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.1.1306.0354 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8650723d-1a15-4dc8-8679-e4050178aa58}) (Version: 16.0.5 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 2014 (HKLM-x32\...\{4EC535F1-AE46-4734-8188-DA549B7B73D2}) (Version: 15.0.10200 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.18 - NCH Software)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.12 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21220 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shoebox (HKLM-x32\...\{12372DFB-DA2B-4348-9F64-7793A98A1EE7}) (Version: 2.2.3 - Couch Labs)
SolveigMM Video Splitter (HKLM-x32\...\SolveigMM Video Splitter 3.7.1312.23) (Version: 3.7.1312.23 - Solveig Multimedia)
The Sims 2 (HKLM-x32\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version:  - )
The Sims 2 Family Fun Stuff (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
The Sims 2 Glamour Life Stuff (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
The Sims 2 Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
The Sims 2 Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
The Sims 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
The Sims 2 University (HKLM-x32\...\{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}) (Version:  - )
The Sims Makin' Magic (HKLM-x32\...\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}) (Version:  - )
The Sims™ 2 Apartment Life (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version:  - Electronic Arts)
The Sims™ 2 Bon Voyage (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
The Sims™ 2 Celebration! Stuff (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
The Sims™ 2 FreeTime (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
The Sims™ 2 H&M® Fashion Stuff (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
The Sims™ 2 IKEA® Home Stuff (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version:  - Electronic Arts)
The Sims™ 2 Kitchen & Bath Interior Design Stuff (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
The Sims™ 2 Mansion and Garden Stuff (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
The Sims™ 2 Teen Style Stuff (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.677.20 - Electronic Arts Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.60 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.37 - VSO-Software SARL)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.96 - NCH Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3131570312-1522225647-529158487-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SillyTilly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
21-01-2015 05:47:20 Scheduled Checkpoint
28-01-2015 00:12:50 Windows Update
01-02-2015 14:11:35 Before uninstalling AnyProtect
01-02-2015 17:58:20 Restore Operation
05-02-2015 21:07:04 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {145FB8FC-B397-470C-A297-E98228E26E21} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {17848D3A-C58A-4912-91EB-83C72B9CE6E7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {47898752-C9E3-4587-BE87-5057269D1735} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {4E3DAD24-DC9D-4502-A623-3B831D116F4E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {52B855FF-18D3-47E8-B2B7-2676CE2CDA81} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {5E6AA03F-BE9E-45AC-9642-1139C2F56DE0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-04] (Synaptics Incorporated)
Task: {6607B114-E143-4673-A861-0C930C03F3F1} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {AEF7BBF1-A344-4238-BA90-8E8C3A2B8DD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-02] (Google Inc.)
Task: {BA5F230C-A2F6-4C5E-80C0-769D515A74EE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {C88B530C-10FC-43EC-9832-3A3BE3A58991} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-02] (Google Inc.)
Task: {E0D7CC70-1895-47E5-AC8E-7D0579C8E188} - System32\Tasks\{42E260C1-E5A9-4D89-B9C6-8DE1546C6E94} => pcalua.exe -a C:\Users\SillyTilly\Desktop\Stuff\Sims\Sims3\TownLifeStuff\TheSim72s3-Tow33nLi5feStuff\Autorun.exe -d C:\Users\SillyTilly\Desktop\Stuff\Sims\Sims3\TownLifeStuff\TheSim72s3-Tow33nLi5feStuff
Task: {EF28C73C-C527-46BA-AF2C-0AB884A67FF9} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-09-06] (Nero AG)
Task: {EF47F988-D13E-46F0-9D62-27BC5E07E5B3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-05 11:10 - 2012-04-24 20:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-10-03 17:36 - 2014-10-03 17:36 - 00457616 _____ () C:\WINDOWS\system32\igfxTray.exe
2014-11-24 19:57 - 2014-11-24 19:57 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 10:44 - 2013-06-01 06:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-03-16 19:23 - 2014-03-16 19:23 - 00003132 _____ () C:\Program Files (x86)\DAEMON Tools Pro Advanced\MSIMG32.dll
2015-02-02 05:26 - 2015-01-26 21:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-02 05:26 - 2015-01-26 21:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-02 05:26 - 2015-01-26 21:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-02 05:26 - 2015-01-26 21:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll
2013-09-05 11:07 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-05 07:14 - 2015-02-03 12:22 - 14964912 _____ () C:\Users\SillyTilly\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Syst303B1D80:$WIMMOUNTDATA
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
AlternateDataStreams: C:\Users\SillyTilly\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SillyTilly\Pictures\MickeyMouse\wallpapers-mickey-mouse-black-cartoon-picture-mickey-mouse-wallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3131570312-1522225647-529158487-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3131570312-1522225647-529158487-500 - Administrator - Disabled)
Guest (S-1-5-21-3131570312-1522225647-529158487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3131570312-1522225647-529158487-1003 - Limited - Enabled)
SillyTilly (S-1-5-21-3131570312-1522225647-529158487-1001 - Administrator - Enabled) => C:\Users\SillyTilly
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (02/04/2015 04:15:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053
 
Error: (02/04/2015 04:15:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
Error: (02/04/2015 04:15:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McATScheduler service failed to start due to the following error: 
%%1053
 
Error: (02/04/2015 04:15:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McATScheduler service to connect.
 
Error: (02/04/2015 04:13:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error: 
%%1053
 
Error: (02/04/2015 04:13:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service2 service to connect.
 
Error: (02/04/2015 03:59:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (02/04/2015 03:59:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (02/04/2015 03:55:10 PM) (Source: DCOM) (EventID: 10010) (User: TILLY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (02/04/2015 03:54:40 PM) (Source: DCOM) (EventID: 10010) (User: TILLY)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 33%
Total physical RAM: 7898.57 MB
Available physical RAM: 5229.35 MB
Total Pagefile: 9178.57 MB
Available Pagefile: 5616.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:683.44 GB) (Free:429.77 GB) NTFS
Drive e: (Sims2EP9) (CDROM) (Total:0.7 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: C6CDB511)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 

And below is the log for zoek-results.txt

 

 
Zoek.exe v5.0.0.0 Updated 06-February-2015
Tool run by SillyTilly on Fri 02/06/2015 at 13:41:30.80.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\SillyTilly\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
2/6/2015 1:42:59 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\SysWow64\WinFLService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTShellHlp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\WinFLTray.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\FastStone Capture\FSCapture.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SillyTilly\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe
R2 - [AMPPALR3] - Intel® Centrino® Wireless Bluetooth® + High Speed Service - c:\program files\intel\bluetoothhs\bthsamppalservice.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [avgwd] - AVG WatchDog - c:\program files (x86)\avg\avg2014\avgwdsvc.exe
R2 - [Bluetooth Device Monitor] - Bluetooth Device Monitor - c:\program files (x86)\intel\bluetooth\devmonsrv.exe
R2 - [Bluetooth OBEX Service] - Bluetooth OBEX Service - c:\program files (x86)\intel\bluetooth\obexsrv.exe
R2 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
R2 - [BrcmSetSecurity] - BrcmSetSecurity - c:\program files\intel corporation\intel widi\brcmsetsecurity.exe
R2 - [BTHSSecurityMgr] - Intel® Centrino® Wireless Bluetooth® + High Speed Security Service - c:\program files\intel\bluetoothhs\bthssecuritymgr.exe
R2 - [DragonUpdater] - COMODO Dragon Update Service - c:\program files (x86)\comodo\dragon\dragon_updater.exe
R2 - [EvtEng] - Intel® PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
R2 - [IAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe
R2 - [igfxCUIService1.0.0.0] - Intel® HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
R2 - [Intel® ME Service] - Intel® ME Service - c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe
R2 - [Intel® Wireless Bluetooth® 4.0 Radio Management] - Intel® Wireless Bluetooth® 4.0 Radio Management - c:\program files (x86)\intel\bluetooth\ibtrksrv.exe
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
R2 - [PSI_SVC_2] - Protexis Licensing V2 - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
R2 - [PSI_SVC_2_x64] - Protexis Licensing V2 x64 - c:\program files\common files\protexis\license service\psiservice_2.exe
R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe
R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
R2 - [SftService] - SoftThinks Agent Service - c:\program files (x86)\dell backup and recovery\sftservice.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [ZeroConfigService] - Intel® PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [AVGIDSAgent] - AVGIDSAgent - c:\program files (x86)\avg\avg2014\avgidsagent.exe
S2 - [DellDigitalDelivery] - Dell Digital Delivery Service - c:\program files (x86)\dell digital delivery\deliveryservice.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S3 - [iumsvc] - Intel® Update Manager - c:\program files (x86)\intel\intel® update manager\bin\iumsvc.exe
S3 - [McAWFwk] - McAfee Activation Service - c:\program files\common files\mcafee\actwiz\mcawfwk.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 7899 MB
CPU Info: Intel® Core™ i5-4200U CPU @ 1.60GHz
CPU Speed: 1597.1 MHz
Sound Card: Speakers (Realtek High Definiti | 
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | Intel® HD Graphics Family
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth Device (Personal Area Network) | Intel® Dual Band Wireless-N 7260 | Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (D: | E: | ) D: HL-DT-STDVD+-RW GU70N    | E: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  683.4GB
Hard Disks - Free: C:  429.8GB
Manufacturer *: Dell Inc.         
BIOS Info: AT/AT COMPATIBLE |  | DELL   - 2
Time Zone: Central Standard Time
Motherboard *: Dell Inc.          02F6GW
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: AVG AntiVirus Free Edition 2014 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: AVG AntiVirus Free Edition 2014 disabled (Outdated)
Default Browser: Comodo Dragon 36.1.1.21
Internet Explorer Version: 11.0.9600.17498 
Google Chrome version: 40.0.2214.94
Flash Player version: 11.9.900.170
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\SILLYT~1\AppData\Local\Temp ====
2015-02-04 21:49:17 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\libiconv2.dll
2015-02-04 21:49:17 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\libintl3.dll
2015-02-04 21:49:17 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\pcre3.dll
2015-02-04 21:49:17 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\regex2.dll
2015-02-04 21:29:32 5053FE9043FB84D71B04EFC7D5DA13CF 1710184 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\dllnt_dump.dll
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
2015-02-06 09:23:31 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\WINDOWS\Sysnative\drivers\dnbhdmjp.sys
2015-02-06 01:24:36 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\WINDOWS\Sysnative\drivers\namfe.sys
2015-02-04 21:29:32 531121E7ED50084B493A69F8F8A7A927 37624 ----a-w- C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2015-02-02 03:45:54 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2015-02-02 03:45:36 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2015-02-02 03:45:36 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2015-02-02 03:45:36 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2015-01-14 01:00:59 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\WINDOWS\Sysnative\drivers\ahcache.sys
2015-01-14 01:00:59 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxdav.sys
====== C:\WINDOWS\Tasks ======
2015-02-02 11:26:05 FD30FA383AC5C0FC1B0E02DBDC4926AB 3654 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 11:26:05 5825178E5AFA88A9F72E8F65B9A4E50A 914 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 11:26:05 41AE856F1595F53381C3698C5EAAF03B 3890 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2015-02-02 11:26:05 1B98CE25AB25275BE30E20AFF34E13B2 918 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 01:03:03 2664A470195C873C0FB49CA845AC93EB 3934 ----a-w- C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{FE71484F-D1D1-4DE0-B59F-905B906C1FE2}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\SillyTilly\AppData\Roaming ======
2015-02-05 19:04:14 -------- d-----w- C:\Users\SillyTilly\AppData\Roaming\PCDr
2015-02-02 03:42:11 -------- d-----w- C:\Users\SillyTilly\AppData\Local\Pirates
2015-02-02 03:42:01 -------- d-----w- C:\Users\SillyTilly\AppData\Local\StormFall
2015-02-02 00:53:35 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Avg
2015-02-01 23:41:53 -------- d-----w- C:\Users\SillyTilly\AppData\Local\Deployment
2015-02-01 15:47:07 F62CEE3BAF32391E69FA24CDDE4EBE39 628496 ----a-w- C:\Users\SillyTilly\AppData\Local\nss3297.tmp
2015-02-01 14:34:36 -------- d-----w- C:\Users\SillyTilly\AppData\Roaming\Easy Email Forwarding
2015-01-15 01:05:59 -------- d-----w- C:\Users\SillyTilly\AppData\Roaming\TaiG
2015-01-15 01:03:10 -------- d-sh--w- C:\Users\SillyTilly\AppData\Locallow\EmieUserList
2015-01-15 01:03:10 -------- d-sh--w- C:\Users\SillyTilly\AppData\Locallow\EmieBrowserModeList
2015-01-15 01:02:59 -------- d-sh--w- C:\Users\SillyTilly\AppData\Local\EmieUserList
2015-01-15 01:02:59 -------- d-sh--w- C:\Users\SillyTilly\AppData\Local\EmieSiteList
2015-01-15 01:02:59 -------- d-sh--w- C:\Users\SillyTilly\AppData\Local\EmieBrowserModeList
2015-01-15 01:02:39 -------- d-sh--w- C:\Users\SillyTilly\AppData\Locallow\EmieSiteList
====== C:\Users\SillyTilly ======
2015-02-06 19:35:02 8C53B3CCC34D91A49A4B597AF7CA6892 2131968 ----a-w- C:\Users\SillyTilly\Desktop\FRST64.exe
2015-02-05 19:03:36 -------- d-----w- C:\ProgramData\PCDr
2015-02-04 21:53:03 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\SillyTilly\Desktop\dds.com
2015-02-04 21:48:20 AF6E966D1F38287EF4D33B246CCC3A33 1388274 ----a-w- C:\Users\SillyTilly\Desktop\JRT.exe
2015-02-04 21:39:44 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\SillyTilly\Desktop\adwcleaner_4.109.exe
2015-02-04 21:29:29 -------- d-----w- C:\ProgramData\RogueKiller
2015-02-04 21:24:25 175814FFCDAA1F26E7904148B4F186D6 18570328 ----a-w- C:\Users\SillyTilly\Desktop\RogueKillerX64.exe
2015-02-02 11:26:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-02 11:25:19 16A01EBC3A8C140D2A1B7EBCC6D37FAB 880784 ----a-w- C:\Users\SillyTilly\Desktop\ChromeSetup.exe
2015-02-01 20:20:36 8F5043B1C04AD427DEF46C90421100DC 1486 ----a-w- C:\ProgramData\tempimage.bmp
2015-02-01 14:36:32 -------- d-----w- C:\ProgramData\Windows VXM
2015-01-25 17:45:36 E0820287A8C97F2CAD0975F0896728FA 568392 ----a-w- C:\Users\SillyTilly\Downloads\Taken_3_2014_hc_hdrip_xvid_ac3_juggs[etrg].exe
2015-01-25 17:18:28 A04ECE6F142BAEE0B550D4B742F41A3D 1273720 ----a-w- C:\Users\SillyTilly\Downloads\Download american sniper Torrents - KickassTorrents.exe
2015-01-17 04:11:27 -------- d-----w- C:\ProgramData\vsosdk
2015-01-15 07:56:18 -------- d---a-r- C:\Users\SillyTilly\OneDrive
 
====== C: exe-files ==
2015-02-06 19:35:02 8C53B3CCC34D91A49A4B597AF7CA6892 2131968 ----a-w- C:\Users\SillyTilly\Desktop\FRST64.exe
2015-02-06 17:36:47 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Install\{68BD7D8A-73A8-40A8-9113-F864CF171C2E}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
2015-02-06 06:36:46 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Program Files (x86)\Google\Update\Install\{2D1B7B57-9E37-4B71-A6CE-8D6174C9EC1D}\40.0.2214.111_chrome_installer.exe
2015-02-06 06:36:46 10C915F39C291AF809CE76E9F2F2D659 41213008 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_chrome_installer.exe
2015-02-06 01:37:01 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C506059E-3C84-408F-82F7-73749E4A944E}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
2015-02-06 01:37:01 1F9A2717F6C6D3440B1F4A59FF96C708 1043024 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_40.0.2214.94_chrome_updater.exe
2015-02-04 23:31:52 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-02-04 23:31:52 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-02-04 23:31:52 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-02-04 23:31:51 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-02-04 23:31:50 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-02-04 23:31:50 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-02-04 23:31:50 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-02-04 23:31:50 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-04 23:31:49 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{B40B77D7-8D02-4F9B-9D83-52311E6FCCF0}\GoogleUpdateSetup.exe
2015-02-04 23:31:49 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
2015-02-04 21:48:20 AF6E966D1F38287EF4D33B246CCC3A33 1388274 ----a-w- C:\Users\SillyTilly\Desktop\JRT.exe
2015-02-04 21:39:44 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\SillyTilly\Desktop\adwcleaner_4.109.exe
2015-02-04 21:24:25 175814FFCDAA1F26E7904148B4F186D6 18570328 ----a-w- C:\Users\SillyTilly\Desktop\RogueKillerX64.exe
2015-02-02 11:26:16 CF9BA33C05F698644E790FF80AB96295 41175632 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\40.0.2214.94\40.0.2214.94_chrome_installer.exe
2015-02-02 11:26:02 F172AD4E906D97ED8F071896FC6789DC 107912 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2015-02-02 11:25:19 16A01EBC3A8C140D2A1B7EBCC6D37FAB 880784 ----a-w- C:\Users\SillyTilly\Desktop\ChromeSetup.exe
2015-02-02 11:22:36 E8BE63349D2AF751BB741BE73AD48260 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$IPPG3X5.exe
2015-02-02 06:04:09 FD717676221CD450FE0600A7ED42B047 797384 ----a-w- C:\Users\SillyTilly\AppData\Local\Microsoft\Windows\INetCache\IE\FJ0X9PP3\Chrome_Setup.exe
2015-02-02 03:44:28 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$RPPG3X5.exe
2015-02-02 03:42:14 1E6D338741F00BA5946029253299A3B7 299448 ----a-w- C:\Users\SillyTilly\AppData\Local\Microsoft\Windows\INetCache\IE\9BI0Z869\stormwatch2_0[1].exe
2015-02-02 03:42:10 6E7DB149FB9D597FF598BEDC0A168263 479616 ----a-w- C:\Users\SillyTilly\AppData\Local\Microsoft\Windows\INetCache\IE\9BI0Z869\StormWatchSetup[1].exe
2015-02-02 03:41:49 D25590CFBCFB2FFA1B05EB7C7EBA8840 797384 ----a-w- C:\Users\SillyTilly\AppData\Local\Microsoft\Windows\INetCache\IE\98YOFBA8\Chrome_Setup.exe
2015-02-02 00:49:49 BE0F8385014EF54DFF37FCEFEE254905 6019736 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
2015-02-02 00:49:49 5467CB7479FE288D897926D6A4B8196E 62992 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avguirux.exe
2015-02-02 00:49:49 425520D5C08434D709B796B2C398A460 16912 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtesta.exe
2015-02-02 00:49:49 210189A02C57B179A82F77E3B7C411F7 15888 ----a-w- C:\Program Files (x86)\AVG\AVG2014\avgrdtestx.exe
=== C: other files ==
2015-02-06 09:23:31 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\System32\drivers\dnbhdmjp.sys
2015-02-06 01:24:36 95B3CEAF06A2DF96FE28CD0755D319C4 79064 ----a-w- C:\Windows\System32\drivers\namfe.sys
2015-02-04 21:53:03 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\SillyTilly\Desktop\dds.com
2015-02-04 21:49:17 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\prelim.bat
2015-02-04 21:49:17 E49F9C309DC32E854A081507B89EBE39 11201 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\runvalues.bat
2015-02-04 21:49:17 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\TDL4.bat
2015-02-04 21:49:17 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\medfos.bat
2015-02-04 21:49:17 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\surfvox.bat
2015-02-04 21:49:17 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\searchlnk.bat
2015-02-04 21:49:17 8BA81DD47CF392BEBEE506E3789F9FBA 14924 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\get.bat
2015-02-04 21:49:17 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\firefox.bat
2015-02-04 21:49:17 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\ev_clear.bat
2015-02-04 21:49:17 56CE326F6AAE3CF1709D332C04E8F9F1 191237 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\misc.bat
2015-02-04 21:49:17 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\ask.bat
2015-02-04 21:49:17 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\iexplore.bat
2015-02-04 21:49:17 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\delfolders.bat
2015-02-04 21:49:17 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\mws.bat
2015-02-04 21:49:17 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\SillyTilly\AppData\Local\Temp\jrt\chrome.bat
2015-02-04 21:29:32 531121E7ED50084B493A69F8F8A7A927 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-02-02 11:00:39 D65B02F16DB9851A0C624E9460549BF6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$I5564Z3.zip
2015-02-02 11:00:39 C85F77DD3E285697F53ECDE0E130BE55 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$INCO8EK.zip
2015-02-02 11:00:39 B25148B313FC7BA2C7708CC60FE206D8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$I8BVH0I.zip
2015-02-02 11:00:39 AD5D92AF46D26ABF316E9653194EE412 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$IY4AYED.zip
2015-02-02 11:00:39 2E5A956428C3B70B075F3E6E2F8E1063 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$IAOM58D.zip
2015-02-02 11:00:39 273347473065E136B749157F1D789A6D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$I6LHARZ.zip
2015-02-02 06:05:26 1FB1A7ED7358981E692E02C1EFA43B7C 50037162 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$R8BVH0I.zip
2015-02-02 03:45:54 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-02 03:45:36 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-02 03:45:36 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-02 03:45:36 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-02 03:42:33 1FB1A7ED7358981E692E02C1EFA43B7C 50037162 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$RY4AYED.zip
2015-02-01 23:59:20 1FB1A7ED7358981E692E02C1EFA43B7C 50037162 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$R6LHARZ.zip
2015-02-01 23:50:03 1FB1A7ED7358981E692E02C1EFA43B7C 50037162 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$RNCO8EK.zip
2015-02-01 14:31:49 C60CD89E76553E8919B0AA0B586E2EDB 652995 ----a-w- C:\Users\SillyTilly\Downloads\EasyEmailForwarding.zip
2015-02-01 12:20:38 1FB1A7ED7358981E692E02C1EFA43B7C 50037162 ----a-w- C:\$Recycle.Bin\S-1-5-21-3131570312-1522225647-529158487-1001\$R5564Z3.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-3131570312-1522225647-529158487-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON18A145 (Epson Stylus NX430)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU C:\Users\SillyTilly\AppData\Local\Temp\E_S1F8B.tmp /EF HKCU"
"WinFLTray"="C:\WINDOWS\SysWow64\WinFLTray.exe"
"FLBackup"="C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe"
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe -autorun"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"MetroTileShortcut"="C:\Program Files\McAfeeAntiTheft\2.1.170.2\McATUIHost.exe /IMAT_SHORTCUTS"
"mcpltui_exe"="C:\Program Files\Common Files\mcafee\platform\McUICnt.exe /platui"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON18A145 (Epson Stylus NX430)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /FU C:\Users\SillyTilly\AppData\Local\Temp\E_S1F8B.tmp /EF HKCU"
"WinFLTray"="C:\WINDOWS\SysWow64\WinFLTray.exe"
"FLBackup"="C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe"
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro Advanced\DTAgent.exe -autorun"
"EADM"="C:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX5"
"RtHDVBg_PushButton"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM"
"QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
 
==== Startup Folders ======================
 
2014-08-29 07:31:21 1018 ----a-w- C:\Users\SillyTilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-07-30 21:37:03 1167 ----a-w- C:\Users\SillyTilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/02/2015 05:26 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/02/2015 05:26 AM]
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [06/04/2013 11:44 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe]
"C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe"]
"C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\My Dell\sessionchecker.exe"]
"C:\WINDOWS\SysNative\tasks\PCDoctorBackgroundMonitorTask" ["C:\Program Files\My Dell\uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{FE71484F-D1D1-4DE0-B59F-905B906C1FE2}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe]
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Fri 02/06/2015 at 13:48:49.12 ======================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:23 PM

Posted 06 February 2015 - 03:22 PM

You are welcome!
 
Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1KB   3 downloads
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 SillyTilly

SillyTilly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 February 2015 - 08:02 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by SillyTilly at 2015-02-06 18:55:03 Run:1
Running from C:\Users\SillyTilly\Desktop
Loaded Profiles: SillyTilly (Available profiles: SillyTilly)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
cmd: type "C:\Users\SillyTilly\Desktop\CFScript.txt"
AlternateDataStreams: C:\Syst303B1D80:$WIMMOUNTDATA
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
File: "c:\users\sillytilly\pictures\cool profile pics\cool profile pics.exe"
File: "c:\users\sillytilly\pictures\conhost.exe"
File: "c:\users\sillytilly\pictures\windir.exe"
"c:\users\sillytilly\pictures\cool profile pics\cool profile pics.exe"
c:\users\sillytilly\pictures\conhost.exe
c:\users\sillytilly\pictures\windir.exe
EmptyTemp:
*****************
 
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
 
=========  type "C:\Users\SillyTilly\Desktop\CFScript.txt" =========
 
DirLook::
c:\users\sillytilly\documents\my pictures
========= End of CMD: =========
 
C:\Syst303B1D80 => ":$WIMMOUNTDATA" ADS removed successfully.
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully.
 
========================= File: "c:\users\sillytilly\pictures\cool profile pics\cool profile pics.exe" ========================
 
"c:\users\sillytilly\pictures\cool profile pics\cool profile pics.exe" not found.
====== End Of File: ======
 
 
========================= File: "c:\users\sillytilly\pictures\conhost.exe" ========================
 
"c:\users\sillytilly\pictures\conhost.exe" not found.
====== End Of File: ======
 
 
========================= File: "c:\users\sillytilly\pictures\windir.exe" ========================
 
"c:\users\sillytilly\pictures\windir.exe" not found.
====== End Of File: ======
 
"c:\users\sillytilly\pictures\cool profile pics\cool profile pics.exe" => File/Directory not found.
"c:\users\sillytilly\pictures\conhost.exe" => File/Directory not found.
"c:\users\sillytilly\pictures\windir.exe" => File/Directory not found.
EmptyTemp: => Removed 14.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:55:23 ====


#6 SillyTilly

SillyTilly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 06 February 2015 - 08:43 PM

I'm not sure if that was supposed to get rid of them or not, but just to let you know I scanned again with Malwarebytes, and they are still there.



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:23 PM

Posted 07 February 2015 - 01:41 AM

Hi,

Step 1
please uninstall Malwarebytes Antimalware.

Step 2
  • Please download mbam-clean.exe from here to your desktop and save it.
  • Please close all open applications and temporarily shutdown your antivirus to avoid any conflicts when running the tool.
  • Locate the file mbam-clean.exe and double-click to run it and follow the onscreen prompts.
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, ensure that your antivirus is enabled and download the latest version of Malwarebytes Anti-Malware from here and save it to your desktop.
  • Now close all open applications including your browser and again temporarily disable your antivirus as before and launch the Malwarebytes installer you just downloaded.
Step 3

Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Edited by deeprybka, 07 February 2015 - 01:42 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 SillyTilly

SillyTilly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 07 February 2015 - 05:58 AM

will i ever get rid of these ??? LOL  

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/7/2015
Scan Time: 4:23:34 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.07.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: SillyTilly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374460
Time Elapsed: 32 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
Trojan.Agent, c:\users\sillytilly\pictures\cool profile pics\cool profile pics.exe, , [ef23ec2e22689b9bfe17f080dc288977], 
Backdoor.Agent.CHGen, c:\users\sillytilly\pictures\conhost.exe, , [40d2f426622857df0ea26895be460ef2], 
Backdoor.Agent.E, c:\users\sillytilly\pictures\windir.exe, , [b16197832b5fde58731e6a9922e3d12f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:23 PM

Posted 07 February 2015 - 07:03 AM


Step 1


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 SillyTilly

SillyTilly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 08 February 2015 - 05:01 AM

HitmanPro 3.7.9.234
www.hitmanpro.com
 
   Computer name . . . . : TILLY
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : TILLY\SillyTilly
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2015-02-08 03:56:13
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 1
 
   Objects scanned . . . : 1,901,139
   Files scanned . . . . : 94,223
   Remnants scanned  . . : 757,090 files / 1,049,826 keys
 
Malware _____________________________________________________________________
 
   C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Patch.ONLY.IF.SERIAL.DONT.WORK\nero.14.platinum.v15.0_patch.exe
      Size . . . . . . . : 46,080 bytes
      Age  . . . . . . . : 154.7 days (2014-09-06 11:58:23)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 2D38FE91E3B464FE965425310BB9702046D3EB1BA90E2C800A51C958677E0880
    > G Data . . . . . . : Gen:Variant.Application.Strictor.41569
    > Bitdefender  . . . : Trojan.Generic.10063873
      Fuzzy  . . . . . . : 114.0
 
 
 


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:23 PM

Posted 08 February 2015 - 05:21 AM

Hi,
 
goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 SillyTilly

SillyTilly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 08 February 2015 - 05:56 AM

No I was not aware....If I remember correctly, a friend sent me that file quite a few years ago for some reason or another, I don't even remember why.  Am doing the next steps in the previous post of yours now.  Will get back with you once the eset scan is done.



#13 SillyTilly

SillyTilly
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 08 February 2015 - 08:36 AM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v2.02.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.68.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v2.18.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.60.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.96.exe.vir a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir JS/Chromex.Agent.L trojan
C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir JS/Kryptik.ATB trojan
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js JS/Kryptik.ATB trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js JS/Kryptik.ATB trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js JS/Kryptik.ATB trojan
C:\Users\SillyTilly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\SillyTilly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js JS/Kryptik.ATB trojan
C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js JS/Chromex.Agent.L trojan
C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js JS/Kryptik.ATB trojan
C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js JS/Chromex.Agent.L trojan
C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js JS/Kryptik.ATB trojan
C:\Users\SillyTilly\Desktop\DownloadedPrograms\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\debutsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\FastStone.Capture.7.9.rar Win32/Keygen.IE potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Folder Lock 7.3.rar BAT/Qhost.NTI trojan
C:\Users\SillyTilly\Desktop\DownloadedPrograms\NERO 14 Activator.exe a variant of Win32/Keygen.AR potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero 2014 Platinum Crack.rar a variant of Win32/Keygen.AR potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\ConvertX\vsoConvertXtoDVD5_setup.exe a variant of MSIL/Spy.Agent.IT trojan
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Folder Lock 7.3\Host Edit.bat BAT/Qhost.NTI trojan
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Crack.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\nero.14.platinum.universal.patches\nero.14.platinum-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\nero.14.platinum.universal.patches\nero.14.platinum.installer.unblacklister-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Nero_Patch\nero-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Patch.ONLY.IF.SERIAL.DONT.WORK\nero.14.platinum.v15.0_patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Patch_DI\keygen.exe a variant of Win32/Keygen.AR potentially unsafe application
C:\Users\SillyTilly\Desktop\Stuff\Sims\Sims2\GlamourLifeStuff\The Sims2 - Glamour Life Stuff.iso Win32/Keygen.FC potentially unsafe application
C:\Users\SillyTilly\Downloads\Download american sniper Torrents - KickassTorrents.exe a variant of Win32/Adware.MultiPlug.ED application
C:\Users\SillyTilly\Downloads\EasyEmailForwarding.zip Win32/InstallMonetizer.AQ potentially unwanted application
C:\Users\SillyTilly\Downloads\FLVPlayer-Chrome.exe NSIS/TrojanDownloader.Adload.AA trojan
C:\Users\SillyTilly\Downloads\Taken_3_2014_hc_hdrip_xvid_ac3_juggs[etrg].exe multiple threats
 
 
 
 
 
 
 
---------------------------------------------------
 
 
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=00195f6e8bde2e4ca2d3dd979731d8b3
# engine=22362
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-08 01:33:18
# local_time=2015-02-08 07:33:18 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 109589582 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6727218 18217450 0 0
# scanned=337793
# found=165
# cleaned=0
# scan_time=9405
sh=E2D7F4E6B8A3B79E0B6DF5583D29CC3378FB0AE4 ft=1 fh=edfb838cbe24a7ff vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir"
sh=8FA19F6FED68E389CCCC8E372E47A9ED1CA1305E ft=1 fh=57415a27353b7b93 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v2.02.exe.vir"
sh=232E9307CA737BF5BC24F7D2AC43A5ECDC90891F ft=1 fh=0e90513f52ca5fb3 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir"
sh=53E8E12875A924F7FC677EC88A5ADF9229A39F59 ft=1 fh=9f4da6734ca6e94d vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.68.exe.vir"
sh=DA86A043E1519CC31A69C46B7C536B7BEC28FC1F ft=1 fh=382342b3ccb2b8bd vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir"
sh=D8CC99E55B13E0965239AFE51F49996537A17DA7 ft=1 fh=3044abf3494d8a5c vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v2.18.exe.vir"
sh=F4EE776D6F36887964E8A4379FFC61C9D5BF09D3 ft=1 fh=872936c9c7ee3edc vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir"
sh=04973CAB96469022097E5C223F720728A4186AE7 ft=1 fh=bffe2060f7220892 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.60.exe.vir"
sh=8C7BA92F8674F9D37B040D90C3E4182E81C0405D ft=1 fh=4c2da10d68fe0666 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepad.exe.vir"
sh=9A1A181DC9C254E499BA0C2E03E465431CEDFCAA ft=1 fh=ac8bb93429cc4950 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.96.exe.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=331FDF20F428F06D4011DC42F2368EF4FEEB41F6 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\djhpjkahepdooiiiojnlpoppmdadjmda\1.0\ZO.js.vir"
sh=C378AEC55AE4ED9B8A0B4DBD07069AD572A46285 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\fmciodgbofbagdhlngajpgmhpfpnbkgb\1.0\k_5w8f1sdUy.js.vir"
sh=BD3EB3BE73FB110F8583B64747874E3B8703AEBE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\hafnpfldgdimmoaiognnendpaojbolii\1.0\cQktX1yP3W.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\content.js.vir"
sh=F2C83F335D9CBE531121864F5EB66927D3E6CE4C ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\haglmoboklaklfidpllhbjfcbchkbcbb\3.9\o8W.js.vir"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js.vir"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js.vir"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js.vir"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SillyTilly\AppData\Local\torch\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js.vir"
sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\SillyTilly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\SillyTilly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=A976F4BB5BC9C4161E198AD54AED6FFB44774922 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmahpbihlocplkmiclkdlmodlklapljk\2.1\p_zG_tCIZxQ.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\content.js"
sh=D03EB7368F1C4277B6AF6405D7D4D6A767E15405 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\126\oDMqY8a.js"
sh=50BC0E67BEED671BB2D753F7F7FC50834FEF65CD ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\content.js"
sh=84951096A5064C57B4D721BE63BB3FFF45AD1595 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\SillyTilly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogdahgbfglgfncgndppmcijlfehlmikc\3.18\uYYpEnE1.js"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\ccsetup416.exe"
sh=8FA19F6FED68E389CCCC8E372E47A9ED1CA1305E ft=1 fh=57415a27353b7b93 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\debutsetup.exe"
sh=F0C1126C233114CEE18B1C25243481A438389189 ft=0 fh=0000000000000000 vn="Win32/Keygen.IE potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\FastStone.Capture.7.9.rar"
sh=FD3998F24FEF1E8F9E2CD59EF6A80DD827291848 ft=0 fh=0000000000000000 vn="BAT/Qhost.NTI trojan" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Folder Lock 7.3.rar"
sh=F1EEBDF1720729CDC8D1A611CD17A6B85D70CCD4 ft=1 fh=41fa1764b8c46269 vn="a variant of Win32/Keygen.AR potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\NERO 14 Activator.exe"
sh=3E210478ECC72734DEA6FE3C162DA7CFA2808F68 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AR potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero 2014 Platinum Crack.rar"
sh=5CA96A0C243390C378DEE1A629684EA261E2CFC4 ft=1 fh=a717dcd23690f0a7 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\SetupImgBurn_2.5.8.0.exe"
sh=D4CC046B96B4261BBD28CD1831C4C6C07629448D ft=1 fh=cf6cf08eca0010cf vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\vlcmediaplayer-setup.exe"
sh=4CA1924E731F905F0C6FF085B6410D2095886996 ft=1 fh=0250f88d24196fa5 vn="a variant of MSIL/Spy.Agent.IT trojan" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\ConvertX\vsoConvertXtoDVD5_setup.exe"
sh=588B93C3130B553444C1B5E7AF47B18B331535E0 ft=0 fh=0000000000000000 vn="BAT/Qhost.NTI trojan" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Folder Lock 7.3\Host Edit.bat"
sh=F2D397C477E7085DDA56EA0F4C2683CF96F202FE ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Crack.rar"
sh=B0916743D59E3E5F19A39AC63B5AC9C991EC6DB0 ft=1 fh=892bd41b5b0101b0 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\nero.14.platinum.universal.patches\nero.14.platinum-patch.exe"
sh=07BB967807B9B81C84F3F689144A09296BF39B90 ft=1 fh=4a3ec9b890d28290 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\nero.14.platinum.universal.patches\nero.14.platinum.installer.unblacklister-patch.exe"
sh=E134B775A78A715A9E53A97A3199B39974CE2C9E ft=1 fh=185a0c4bef15c277 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Nero_Patch\nero-patch.exe"
sh=7D4887117E5FAEC4FDEA1410DBE924027F532352 ft=1 fh=3279bed39d0d4e4e vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Patch.ONLY.IF.SERIAL.DONT.WORK\nero.14.platinum.v15.0_patch.exe"
sh=A254E10C10E8C0DF248599E7BE8B539FFADA615C ft=1 fh=f54278c481fa8c67 vn="a variant of Win32/Keygen.AR potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\DownloadedPrograms\Nero\Nero.2014.Platinum.v15.0.10200.Multilanguage.Incl.Patch-P2P\Patch_DI\keygen.exe"
sh=E2858FBA433D4529978A1B138EEB4B84CA1D7AEE ft=0 fh=0000000000000000 vn="Win32/Keygen.FC potentially unsafe application" ac=I fn="C:\Users\SillyTilly\Desktop\Stuff\Sims\Sims2\GlamourLifeStuff\The Sims2 - Glamour Life Stuff.iso"
sh=BC8FCCD19FAC3F4156953E627812CB67A43A9575 ft=1 fh=f5256be09f318a37 vn="a variant of Win32/Adware.MultiPlug.ED application" ac=I fn="C:\Users\SillyTilly\Downloads\Download american sniper Torrents - KickassTorrents.exe"
sh=1FAE6E8F5ABFFF6E0CF8801E4EF613C222DBBF17 ft=0 fh=0000000000000000 vn="Win32/InstallMonetizer.AQ potentially unwanted application" ac=I fn="C:\Users\SillyTilly\Downloads\EasyEmailForwarding.zip"
sh=75CA96E2746B37E83163D53B11BA22F891735E29 ft=1 fh=33ae5d89b5cf2434 vn="NSIS/TrojanDownloader.Adload.AA trojan" ac=I fn="C:\Users\SillyTilly\Downloads\FLVPlayer-Chrome.exe"
sh=EEA5BBF41CFDD3AEC47310B387485A1AD805821E ft=1 fh=9464d7a30dcba400 vn="multiple threats" ac=I fn="C:\Users\SillyTilly\Downloads\Taken_3_2014_hc_hdrip_xvid_ac3_juggs[etrg].exe"
 


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:23 PM

Posted 08 February 2015 - 10:44 AM

Please delete the crack/keygen files in the download folder and uninstall Nero 2014 as well.

Edited by deeprybka, 08 February 2015 - 10:45 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:23 PM

Posted 08 February 2015 - 10:51 AM

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   2.6KB   3 downloads
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users