Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't know what is going on with this computer...HELP!


  • This topic is locked This topic is locked
26 replies to this topic

#1 Thundergod67

Thundergod67

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 26 February 2015 - 05:29 PM

A while back I became infected with a pop-up virus/malware of some kind. I remember that my Walwarebytes found several Pups: PUP.Optional.Booster.A, PUP.Optional.MultiPlug, PUP.Optional.ShoppingGate.A amoung others. I allowed the malwarebytes to remove them, but the pop-ups continued. I then installed Avast, the free version. It found and removed several more during a root scan. But the pop-ups continued. Also, around the same time, flash stopped working on my Firefox browser. And to add another side-effect, my internet itself started acting up. I don't know if it was the malware, but the computer used to be very quick when connecting and downloading. I stopped being able to completely download a file. To install FRST64, I had to download and burn it from another machine.

 

Thanks in advance!

 

Peter

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 27 February 2015 - 05:41 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the hidden2.png button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall: Clipboard Sync, Optimizer Pro v3.2, UniDealsai
  • Reboot your computer.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

 

Scan with mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 28 February 2015 - 02:58 PM

Hi Jürgen,

 

First, let me thank you for your help.

 

I was able to uninstall "Clipboard Sync", but was unable to find "Optimizer Pro V3.2" in the installed programs list. When I clicked uninstall for "UniDealsai" I got the following message:

 

"An error occurred while trying to uninstall UniDealsai. It may have already been uninstalled.     Do you want to remove UniDealsai for the Programs and Features list?"  I selected yes.

 

When I clicked the link you provided to download AdwCleaner from my computer, the download finished in seconds. when I right clicked & selected "Run as Admin" I got the following error:

 

"C:\Users\Peter\Desktop\ADwCleaner.exe is not a valid Win32 application."

 

I had to download it from another machine. I tried several times to copy it to my desktop, but when I would run it I got a "the database has been corrupted" error. I finally saved it to a network drive and was able to run it from there. Here is the report I got when the computer restarted.

 

AdwCleaner[R0]

 

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 13:25:07

# Updated 18/02/2015 by Xplode

# Database : 2015-02-18.3 [Local]

# Operating system : Windows 7 Professional Service Pack 1 (x64)

# Username : Peter - PETER-PC

# Running from : \\READYSHARE\USB_Storage\shared files\Shared\adwcleaner_4.111.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\user.js

File Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\user.js

Folder Found : C:\Program Files (x86)\Optimizer Pro

Folder Found : C:\Program Files (x86)\TampaGeneration

Folder Found : C:\ProgramData\4379246136454145539

Folder Found : C:\ProgramData\icfpkijhfngjladniikiehhnkkjgakec

Folder Found : C:\ProgramData\icfpkijhfngjladniikiehhnkkjgakec

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

Folder Found : C:\ProgramData\ocmjiknefpedlilmagjpbekfkdfpldbi

Folder Found : C:\ProgramData\ocmjiknefpedlilmagjpbekfkdfpldbi

Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Folder Found : C:\Users\Peter\AppData\Roaming\Optimizer Pro

Folder Found : C:\Users\Peter\AppData\Roaming\UpdaterEX

Folder Found : C:\Users\Peter\Documents\Optimizer Pro

 

***** [ Scheduled tasks ] *****

 

Task Found : Optimizer Pro Schedule

Task Found : UpdaterEX

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Optimizer Pro

Key Found : HKCU\Software\UpdaterEX

Key Found : [x64] HKCU\Software\APN PIP

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Found : [x64] HKCU\Software\Optimizer Pro

Key Found : [x64] HKCU\Software\UpdaterEX

Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{250ff432-7edf-4efd-ba85-ab9d1f1a2f66}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{26139cc7-1e92-43de-9316-48af04b481e8}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9c1ae26c-3da1-419f-bff7-3f35e706d1d2}

Key Found : HKLM\SOFTWARE\Classes\P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_.P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_

Key Found : HKLM\SOFTWARE\Classes\P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_.P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_.9

Key Found : HKLM\SOFTWARE\Classes\P26139cc7_1e92_43de_9316_48af04b481e8_.P26139cc7_1e92_43de_9316_48af04b481e8_

Key Found : HKLM\SOFTWARE\Classes\P26139cc7_1e92_43de_9316_48af04b481e8_.P26139cc7_1e92_43de_9316_48af04b481e8_.9

Key Found : HKLM\SOFTWARE\Classes\P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_.P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_

Key Found : HKLM\SOFTWARE\Classes\P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_.P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_.9

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{250ff432-7edf-4efd-ba85-ab9d1f1a2f66}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26139cc7-1e92-43de-9316-48af04b481e8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9c1ae26c-3da1-419f-bff7-3f35e706d1d2}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{250ff432-7edf-4efd-ba85-ab9d1f1a2f66}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{26139cc7-1e92-43de-9316-48af04b481e8}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9c1ae26c-3da1-419f-bff7-3f35e706d1d2}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17631

 

 

-\\ Mozilla Firefox v36.0 (x86 en-US)

 

[000pxceh.default] - Line Found : user_pref("browser.search.defaultenginename", "Astromenda");

[000pxceh.default] - Line Found : user_pref("browser.search.selectedEngine", "Astromenda");

[000pxceh.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBz[...]

[000pxceh.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEt[...]

[000pxceh.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");

[000pxceh.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");

[000pxceh.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCy[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.7g2c6HbLNpd9eNSy.scode", "(function(){try{if(window.self.location.href.indexOf(\"rTgEpjk7qda4pdkFpjY6rdr8qY\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.Drf77zGgiSnVrY5U.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.DveabOqRRAMdogtm.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.index[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.DveabOqRRAMdogtm.url", "hxxp://getproxy5.info/sync2/?q=hfZ9ofV9CShEAen0qHs9tMqLDe49CNU0llrMCMlNhd9FqjaFrTwEpjn6qjrMBzqUojw8rdwGrja4qdYHrSh7hfs0pihPBMn0qjCGrHrGpja9rdg8rTr8rdr4tNq[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBz[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEt[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");

[cbh7h5vl.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");

[cbh7h5vl.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCy[...]

[cbh7h5vl.default] - Line Found : user_pref("extensions.zgKccFDOrtAhTw51.scode", "(function(){try{if(window.self.location.href.indexOf(\"rTgEpjk7qda4pdkFpjY6rdr8qY\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...]

 

-\\ Google Chrome v39.0.2171.99

 

[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

-\\ Opera v27.0.1689.76

 

*************************

 

AdwCleaner[R0].txt - [8603 bytes] - [28/02/2015 13:25:07]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8662 bytes] ##########

 

AdwCleaner[S0]

 

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 13:27:59

# Updated 18/02/2015 by Xplode

# Database : 2015-02-18.3 [Local]

# Operating system : Windows 7 Professional Service Pack 1 (x64)

# Username : Peter - PETER-PC

# Running from : \\READYSHARE\USB_Storage\shared files\Shared\adwcleaner_4.111.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\4379246136454145539

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

Folder Deleted : C:\Program Files (x86)\Optimizer Pro

Folder Deleted : C:\Program Files (x86)\TampaGeneration

Folder Deleted : C:\Users\Peter\AppData\Roaming\Optimizer Pro

Folder Deleted : C:\Users\Peter\AppData\Roaming\UpdaterEX

Folder Deleted : C:\Users\Peter\Documents\Optimizer Pro

Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

Folder Deleted : C:\ProgramData\icfpkijhfngjladniikiehhnkkjgakec

Folder Deleted : C:\ProgramData\ocmjiknefpedlilmagjpbekfkdfpldbi

File Deleted : C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\user.js

File Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\user.js

 

***** [ Scheduled tasks ] *****

 

Task Deleted : Optimizer Pro Schedule

Task Deleted : UpdaterEX

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_.P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_

Key Deleted : HKLM\SOFTWARE\Classes\P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_.P250ff432_7edf_4efd_ba85_ab9d1f1a2f66_.9

Key Deleted : HKLM\SOFTWARE\Classes\P26139cc7_1e92_43de_9316_48af04b481e8_.P26139cc7_1e92_43de_9316_48af04b481e8_

Key Deleted : HKLM\SOFTWARE\Classes\P26139cc7_1e92_43de_9316_48af04b481e8_.P26139cc7_1e92_43de_9316_48af04b481e8_.9

Key Deleted : HKLM\SOFTWARE\Classes\P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_.P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_

Key Deleted : HKLM\SOFTWARE\Classes\P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_.P9c1ae26c_3da1_419f_bff7_3f35e706d1d2_.9

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{250ff432-7edf-4efd-ba85-ab9d1f1a2f66}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26139cc7-1e92-43de-9316-48af04b481e8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9c1ae26c-3da1-419f-bff7-3f35e706d1d2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{250ff432-7edf-4efd-ba85-ab9d1f1a2f66}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26139cc7-1e92-43de-9316-48af04b481e8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9c1ae26c-3da1-419f-bff7-3f35e706d1d2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{250ff432-7edf-4efd-ba85-ab9d1f1a2f66}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26139cc7-1e92-43de-9316-48af04b481e8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9c1ae26c-3da1-419f-bff7-3f35e706d1d2}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\UpdaterEX

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17631

 

 

-\\ Mozilla Firefox v36.0 (x86 en-US)

 

[000pxceh.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Astromenda");

[000pxceh.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");

[000pxceh.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBz[...]

[000pxceh.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEt[...]

[000pxceh.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");

[000pxceh.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");

[000pxceh.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCy[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.7g2c6HbLNpd9eNSy.scode", "(function(){try{if(window.self.location.href.indexOf(\"rTgEpjk7qda4pdkFpjY6rdr8qY\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.Drf77zGgiSnVrY5U.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.DveabOqRRAMdogtm.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.DveabOqRRAMdogtm.url", "hxxp://getproxy5.info/sync2/?q=hfZ9ofV9CShEAen0qHs9tMqLDe49CNU0llrMCMlNhd9FqjaFrTwEpjn6qjrMBzqUojw8rdwGrja4qdYHrSh7hfs0pihPBMn0qjCGrHrGpja9rdg8rTr8rdr4tNq[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBz[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEt[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_dnldstr_14_41_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtBtBtD0ByDtByDyEzztB0BtD0AyDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCy[...]

[cbh7h5vl.default\prefs.js] - Line Deleted : user_pref("extensions.zgKccFDOrtAhTw51.scode", "(function(){try{if(window.self.location.href.indexOf(\"rTgEpjk7qda4pdkFpjY6rdr8qY\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...]

 

-\\ Google Chrome v39.0.2171.99

 

[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

-\\ Opera v27.0.1689.76

 

[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [8781 bytes] - [28/02/2015 13:25:07]

AdwCleaner[S0].txt - [8965 bytes] - [28/02/2015 13:27:59]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9024  bytes] ##########



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 28 February 2015 - 03:26 PM

OK! Please proceed with the other steps. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 28 February 2015 - 03:52 PM

The Malwarebytes just finished with no problems found. It has not found any problems lately, even though the problems have continued with my computer.


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/28/2015
Scan Time: 1:51:48 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.28.05
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 747380
Time Elapsed: 56 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#6 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 28 February 2015 - 03:56 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Peter (administrator) on PETER-PC on 28-02-2015 14:53:56
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available profiles: Peter & Katiana)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
() C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(Auslogics) C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(InternetSafety.com, Inc.) C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(12Ghosts Inc. - www.12Ghosts.com) C:\Program Files (x86)\12Ghosts\12wash.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(InternetSafety.com, Inc.) C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AsDLNAServerReal.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [120328 2008-04-04] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-02] (cyberlink)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSPanel.exe [5099840 2013-06-26] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ICF] => C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe [3367384 2014-03-04] (InternetSafety.com, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Corsair Gaming Headset Software] => C:\Program Files (x86)\Corsair\Corsair Gaming Headset Software\HeadsetControlPanel.exe [2918152 2014-08-18] (Corsair Components, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-23] (AVAST Software)
HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3113168 2012-12-27] (DT Soft Ltd)
HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\...\MountPoints2: {2298600f-6cd3-11e4-877b-ac220b525482} - F:\TL_Bootstrap.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\12Ghosts Wash.lnk
ShortcutTarget: 12Ghosts Wash.lnk -> C:\Program Files (x86)\12Ghosts\12wash.exe (12Ghosts Inc. - www.12Ghosts.com)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-1439322100-2213096863-3173725656-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1439322100-2213096863-3173725656-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default
FF DefaultSearchUrl: https://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @fbfslm.plg/fbfslm -> c:\windows\syswow64\lhkadefom\npffplg_hcbbdddz.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1439322100-2213096863-3173725656-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Peter\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: LastPass - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\Extensions\support@lastpass.com [2014-09-18]
FF Extension: YouTube Enhancer Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2015-02-24]
FF Extension: NoScript - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-22]
FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-22]
FF Extension: BetterPrivacy - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [fbfslm@fbfslm.ext] - c:\windows\syswow64\lhkadefom
FF Extension: Mozilla Firefox Extension - c:\windows\syswow64\lhkadefom [2014-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-23]
FF HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RootsSearch) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolcffalbhpnojekmimmelebjchjmmgn [2015-02-12]
CHR Extension: (Avast Online Security) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-23]
CHR Extension: (No Name) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpfmidcdnfpaamdaobjiiamaihdigaoj [2015-02-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-23]
CHR HKLM-x32\...\Chrome\Extension: [kpfmidcdnfpaamdaobjiiamaihdigaoj] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-07-31] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-08] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-23] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-25] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-23] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-02] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfeicfcore; C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2766448 2014-03-04] (McAfee, Inc.)
R2 mfeicfupdate; C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2316808 2014-03-04] (InternetSafety.com, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2015-02-23] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-19] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 svcboot_bjoaclgs; c:\windows\syswow64\lhkadefom\svcboot_bjoaclgs.dll [239936 2015-02-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 12Ghosts 12-Z; C:\Program Files (x86)\12Ghosts\12kernel.sys [8224 2010-02-04] ()
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2013-01-08] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (http://www.asmedia.com.tw) [File not signed]
R2 AsRamDisk; C:\Windows\System32\DRIVERS\asramdisk.sys [105784 2013-05-13] (Asus)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-23] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-02-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-23] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-02-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-23] ()
S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [21456 2012-12-20] (Olof Lagerkvist)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [112808 2014-08-15] (Corsair Components, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-09-02] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2015-02-23] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-09-04] (Citrix Systems, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-05-27] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-05-27] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-05-27] (LG Electronics Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-23] (Avast Software)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
R3 cpuz137; \??\C:\Users\Peter\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 14:53 - 2015-02-28 14:54 - 00027893 _____ () C:\Users\Peter\Desktop\FRST.txt
2015-02-28 13:31 - 2015-02-28 13:31 - 00000197 _____ () C:\Windows\system32\2015-02-28-19-31-33.038-AvastVBoxSVC.exe-5580.log
2015-02-28 13:23 - 2015-02-28 13:23 - 00000280 _____ () C:\Windows\system32\2015-02-28-19-23-26.063-aswFe.exe-9592.log
2015-02-28 13:22 - 2015-02-28 13:28 - 00000000 ____D () C:\AdwCleaner
2015-02-28 13:21 - 2015-02-28 12:50 - 02126848 _____ () C:\Users\Peter\Desktop\adwcleaner_4.111.exe
2015-02-28 13:03 - 2015-02-28 13:03 - 00000197 _____ () C:\Windows\system32\2015-02-28-19-03-19.061-AvastVBoxSVC.exe-4280.log
2015-02-28 13:02 - 2015-02-28 13:02 - 00000000 ____D () C:\Users\Peter\Desktop\first scan
2015-02-28 12:49 - 2015-02-28 12:49 - 00000197 _____ () C:\Windows\system32\2015-02-28-18-49-18.057-AvastVBoxSVC.exe-6148.log
2015-02-28 12:30 - 2015-02-28 12:31 - 00000197 _____ () C:\Windows\system32\2015-02-28-18-30-51.097-AvastVBoxSVC.exe-4256.log
2015-02-28 12:07 - 2015-02-28 12:08 - 00000197 _____ () C:\Windows\system32\2015-02-28-18-07-46.058-AvastVBoxSVC.exe-4308.log
2015-02-28 12:06 - 2015-02-28 13:29 - 00000280 _____ () C:\Windows\setupact.log
2015-02-28 12:06 - 2015-02-28 12:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-27 07:51 - 2015-02-27 07:52 - 00000197 _____ () C:\Windows\system32\2015-02-27-13-51-26.089-AvastVBoxSVC.exe-4208.log
2015-02-26 11:18 - 2015-02-26 11:18 - 00000197 _____ () C:\Windows\system32\2015-02-26-17-18-11.040-AvastVBoxSVC.exe-4128.log
2015-02-25 15:14 - 2015-02-28 14:53 - 00000000 ____D () C:\FRST
2015-02-25 14:47 - 2015-02-25 14:26 - 02087936 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-02-25 14:46 - 2015-02-25 14:46 - 00001111 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2015-02-25 14:46 - 2015-02-25 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2015-02-25 14:46 - 2015-02-25 14:46 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2015-02-25 12:42 - 2015-02-25 12:42 - 02053184 _____ () C:\Users\Peter\Downloads\FRST64.exe
2015-02-25 12:38 - 2015-02-25 12:38 - 00230759 _____ () C:\Users\Peter\Downloads\DownloadApp_1_8_0_209r_Setup-26087280.exe
2015-02-25 11:34 - 2015-02-25 11:36 - 01996048 _____ () C:\Users\Peter\Downloads\dixmlsetup(2).exe
2015-02-25 11:22 - 2015-02-25 11:24 - 01975776 _____ () C:\Users\Peter\Downloads\dixmlsetup(1).exe
2015-02-25 11:20 - 2015-02-25 11:20 - 00018525 _____ () C:\Users\Peter\Downloads\hBOmLhDb
2015-02-25 09:53 - 2015-02-25 09:53 - 00000197 _____ () C:\Windows\system32\2015-02-25-15-53-11.005-AvastVBoxSVC.exe-4124.log
2015-02-25 09:26 - 2015-02-25 09:27 - 00000247 _____ () C:\Windows\system32\2015-02-25-15-26-52.094-aswFe.exe-10004.log
2015-02-25 09:26 - 2015-02-25 09:26 - 00002281 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-02-25 09:26 - 2015-02-25 09:26 - 00000000 ____D () C:\Users\Peter\Documents\Add-in Express
2015-02-25 09:26 - 2015-02-25 09:26 - 00000000 ____D () C:\Users\Peter\AppData\Local\WinZip
2015-02-25 09:26 - 2015-02-25 09:26 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-25 09:26 - 2015-02-25 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-02-25 09:26 - 2015-02-25 09:26 - 00000000 ____D () C:\Program Files\WinZip
2015-02-25 09:24 - 2015-02-25 09:26 - 00000247 _____ () C:\Windows\system32\2015-02-25-15-24-20.090-aswFe.exe-7984.log
2015-02-25 09:24 - 2015-02-25 09:24 - 00000197 _____ () C:\Windows\system32\2015-02-25-15-24-19.020-AvastVBoxSVC.exe-5676.log
2015-02-25 09:12 - 2015-02-25 09:12 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-02-25 09:12 - 2015-02-25 09:12 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-02-25 09:12 - 2015-02-25 09:12 - 00001970 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-02-25 09:12 - 2015-02-23 12:41 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-25 07:47 - 2015-02-25 07:48 - 00000197 _____ () C:\Windows\system32\2015-02-25-13-47-39.015-AvastVBoxSVC.exe-3812.log
2015-02-25 03:00 - 2015-01-08 17:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-08 17:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 01:37 - 2015-02-25 01:37 - 00003128 _____ () C:\Windows\System32\Tasks\{37F07D5F-29C0-463B-9B47-5F4F224B8DA2}
2015-02-25 01:32 - 2015-02-25 01:34 - 01994600 _____ () C:\Users\Peter\Downloads\dixmlsetup.exe
2015-02-25 01:06 - 2015-02-25 01:15 - 00387160 _____ () C:\Users\Peter\Downloads\HijackThis (1).exe
2015-02-25 01:03 - 2015-02-25 01:03 - 00379920 _____ () C:\Users\Peter\Downloads\HijackThis.exe
2015-02-25 00:10 - 2015-02-25 00:10 - 00000197 _____ () C:\Windows\system32\2015-02-25-06-10-25.034-AvastVBoxSVC.exe-4072.log
2015-02-24 08:36 - 2015-02-24 08:36 - 00000197 _____ () C:\Windows\system32\2015-02-24-14-36-41.065-AvastVBoxSVC.exe-4052.log
2015-02-24 08:33 - 2015-02-24 08:33 - 00000197 _____ () C:\Windows\system32\2015-02-24-14-33-30.079-AvastVBoxSVC.exe-5436.log
2015-02-24 08:21 - 2015-02-24 08:21 - 00000000 ____D () C:\Users\Katiana\AppData\Roaming\AVAST Software
2015-02-24 07:58 - 2015-02-24 07:58 - 00000197 _____ () C:\Windows\system32\2015-02-24-13-58-04.005-AvastVBoxSVC.exe-3872.log
2015-02-23 22:43 - 2015-02-23 22:51 - 01045800 _____ () C:\Users\Peter\Downloads\install_flashplayer16x32_ltr5x64d_awc_aih.exe
2015-02-23 21:58 - 2015-02-23 21:58 - 00000197 _____ () C:\Windows\system32\2015-02-24-03-58-37.095-AvastVBoxSVC.exe-3912.log
2015-02-23 21:45 - 2015-02-23 21:45 - 00000197 _____ () C:\Windows\system32\2015-02-24-03-45-33.021-AvastVBoxSVC.exe-3956.log
2015-02-23 17:26 - 2015-02-23 17:26 - 00000197 _____ () C:\Windows\system32\2015-02-23-23-26-39.057-AvastVBoxSVC.exe-3076.log
2015-02-23 14:57 - 2015-02-25 09:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-23 14:57 - 2015-02-23 14:57 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-23 14:57 - 2015-02-23 14:57 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-23 14:55 - 2015-02-23 14:56 - 39873036 _____ () C:\Users\Peter\Downloads\Firefox Setup 35.0.1 (2).exe
2015-02-23 14:54 - 2015-02-23 14:55 - 38816131 _____ () C:\Users\Peter\Downloads\Firefox Setup 35.0.1 (1).exe
2015-02-23 14:53 - 2015-02-23 14:54 - 38643681 _____ () C:\Users\Peter\Downloads\Firefox Setup 35.0.1.exe
2015-02-23 14:06 - 2015-02-23 14:06 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Dropbox
2015-02-23 14:03 - 2015-02-23 14:03 - 00243440 _____ () C:\Users\Peter\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-23 13:59 - 2015-02-23 13:59 - 00000247 _____ () C:\Windows\system32\2015-02-23-19-59-13.093-aswFe.exe-7268.log
2015-02-23 13:57 - 2015-02-23 13:59 - 00000247 _____ () C:\Windows\system32\2015-02-23-19-57-22.047-aswFe.exe-5436.log
2015-02-23 13:57 - 2015-02-23 13:57 - 00000197 _____ () C:\Windows\system32\2015-02-23-19-57-20.083-AvastVBoxSVC.exe-8820.log
2015-02-23 13:55 - 2014-09-29 12:32 - 00022878 _____ () C:\Users\Peter\Documents\Speech One Outline Template.odt
2015-02-23 12:42 - 2015-02-23 12:42 - 00000247 _____ () C:\Windows\system32\2015-02-23-18-42-49.010-aswFe.exe-6632.log
2015-02-23 12:42 - 2015-02-23 12:42 - 00000197 _____ () C:\Windows\system32\2015-02-23-18-42-47.037-AvastVBoxSVC.exe-5204.log
2015-02-23 12:42 - 2015-02-23 12:42 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\AVAST Software
2015-02-23 12:41 - 2015-02-25 09:12 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-23 12:41 - 2015-02-25 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-23 12:41 - 2015-02-23 21:42 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-23 12:41 - 2015-02-23 21:42 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-23 12:41 - 2015-02-23 12:41 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-23 12:41 - 2015-02-23 12:41 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-23 12:41 - 2015-02-23 12:41 - 00000000 ____D () C:\Program Files\AVAST Software
2015-02-23 12:40 - 2015-02-23 12:41 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-23 12:40 - 2015-02-23 12:40 - 05006864 _____ (AVAST Software) C:\Users\Peter\Downloads\avast_free_antivirus_setup_online.exe
2015-02-23 12:36 - 2015-02-23 12:36 - 00000114 ___RH () C:\Users\Peter\Downloads\Stinger.opt
2015-02-23 12:35 - 2015-02-23 12:36 - 00000857 _____ () C:\Users\Peter\Downloads\Stinger_23022015_123523.html
2015-02-23 12:35 - 2015-02-23 12:36 - 00000000 ____D () C:\Program Files\stinger
2015-02-23 12:35 - 2015-02-23 12:35 - 12953456 _____ (McAfee Inc) C:\Users\Peter\Downloads\stinger64.exe
2015-02-23 12:26 - 2015-02-23 12:26 - 00001173 _____ () C:\Users\Peter\Desktop\Auslogics BoostSpeed 7.lnk
2015-02-23 12:26 - 2015-02-23 12:26 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics
2015-02-23 12:26 - 2015-02-23 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-02-23 12:26 - 2015-02-23 12:26 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-02-23 12:25 - 2015-02-23 12:25 - 07218272 _____ (Auslogics Labs Pty Ltd ) C:\Users\Peter\Downloads\registry-cleaner-setup.exe
2015-02-23 12:25 - 2015-02-23 12:25 - 07218272 _____ (Auslogics Labs Pty Ltd ) C:\Users\Peter\Downloads\registry-cleaner-setup (1).exe
2015-02-23 12:23 - 2015-02-23 12:23 - 00000020 _____ () C:\Users\Peter\AppData\Roaming\appdataFr3.bin
2015-02-23 12:09 - 2015-02-23 12:09 - 00397532 _____ () C:\Users\Peter\Desktop\bookmarks-2015-02-23.json
2015-02-22 00:37 - 2015-02-22 00:37 - 00000000 ____D () C:\Program Files (x86)\LighterGeneration
2015-02-13 07:35 - 2015-01-22 22:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 07:35 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 07:35 - 2015-01-22 21:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-13 07:35 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 08:44 - 2015-02-18 09:04 - 00000000 ____D () C:\Program Files (x86)\SystemPromote
2015-02-11 07:46 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 07:46 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 07:46 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 07:46 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 07:46 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 07:46 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 07:46 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 07:46 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 07:46 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:46 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:46 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:46 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:46 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:46 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:46 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:46 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:46 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:46 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:46 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:46 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 07:46 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 07:46 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 07:46 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 07:46 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 07:46 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 07:46 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:46 - 2015-01-13 23:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:46 - 2015-01-13 23:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 07:46 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:46 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 07:46 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:46 - 2015-01-11 21:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:46 - 2015-01-11 21:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 07:46 - 2015-01-11 20:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:46 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:46 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:46 - 2015-01-11 20:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 07:46 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:46 - 2015-01-11 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:46 - 2015-01-11 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:46 - 2015-01-11 20:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:46 - 2015-01-11 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 07:46 - 2015-01-11 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 07:46 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 07:46 - 2015-01-11 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:46 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 07:46 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:46 - 2015-01-11 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:46 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 07:46 - 2015-01-11 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:46 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:46 - 2015-01-11 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 07:46 - 2015-01-11 20:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 07:46 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 07:46 - 2015-01-11 20:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:46 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 07:46 - 2015-01-11 20:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 07:46 - 2015-01-11 19:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 07:46 - 2015-01-11 19:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 07:46 - 2015-01-11 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 07:46 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:46 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:46 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:46 - 2015-01-11 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 07:46 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 07:46 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:46 - 2015-01-11 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 07:46 - 2015-01-11 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 07:46 - 2015-01-11 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 07:46 - 2015-01-11 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 07:46 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:46 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 07:46 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 07:46 - 2015-01-11 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 07:46 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 07:46 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:46 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 07:46 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 07:46 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 07:46 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 07:46 - 2015-01-10 00:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 07:46 - 2015-01-10 00:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 07:46 - 2015-01-10 00:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 07:46 - 2015-01-10 00:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 07:46 - 2015-01-10 00:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 07:46 - 2015-01-10 00:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 07:46 - 2015-01-10 00:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 07:46 - 2015-01-10 00:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 07:46 - 2015-01-10 00:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 07:46 - 2015-01-10 00:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 07:46 - 2015-01-10 00:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 07:46 - 2015-01-10 00:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 07:46 - 2015-01-10 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 07:46 - 2015-01-10 00:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 07:46 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 07:46 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 07:46 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 07:46 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 07:45 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:45 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 07:45 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 07:45 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 07:45 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 07:45 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 07:45 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 07:45 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:45 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 07:45 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 07:45 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 07:45 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 07:45 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 07:45 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 07:45 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 07:45 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 07:45 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 07:45 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-30 04:14 - 2015-01-30 04:14 - 00646306 _____ () C:\Users\Peter\Downloads\gspan.djvu

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-28 14:36 - 2014-08-29 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-28 14:00 - 2014-08-29 04:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 13:36 - 2009-07-13 23:13 - 00006666 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 13:36 - 2009-07-13 22:45 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 13:36 - 2009-07-13 22:45 - 00031920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 13:35 - 2014-09-02 17:52 - 00000000 _____ () C:\Windows\Path.idx
2015-02-28 13:32 - 2014-08-29 04:20 - 01817802 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 13:30 - 2014-09-02 17:40 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-02-28 13:29 - 2014-10-15 21:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 13:29 - 2014-09-21 05:17 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1439322100-2213096863-3173725656-1000
2015-02-28 13:29 - 2014-09-21 05:17 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1439322100-2213096863-3173725656-1000
2015-02-28 13:29 - 2014-08-29 18:50 - 00000344 _____ () C:\Windows\lgfwup.ini
2015-02-28 13:29 - 2014-08-29 18:49 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2015-02-28 13:29 - 2014-08-29 04:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 13:29 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 13:28 - 2014-10-11 04:11 - 00029837 _____ () C:\debug.log
2015-02-28 13:01 - 2014-09-19 20:37 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1439322100-2213096863-3173725656-1000
2015-02-28 13:01 - 2014-09-19 20:37 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1439322100-2213096863-3173725656-1000
2015-02-25 18:34 - 2014-08-29 18:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-25 18:34 - 2014-08-29 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-25 18:34 - 2014-08-29 18:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-25 18:33 - 2014-09-05 03:30 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe
2015-02-25 09:26 - 2014-09-02 17:50 - 00002287 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-02-25 08:53 - 2014-11-28 12:32 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\.minecraft
2015-02-25 00:28 - 2014-09-29 22:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 08:33 - 2014-08-29 04:39 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-24 08:23 - 2014-09-11 17:34 - 00000000 ____D () C:\Windows\Minidump
2015-02-24 08:01 - 2015-01-08 11:32 - 00003830 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1420738362
2015-02-24 08:01 - 2015-01-08 11:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-23 21:53 - 2014-10-23 22:25 - 00000898 ____H () C:\Users\Peter\Downloads\.picasa.ini
2015-02-23 21:42 - 2014-08-30 10:58 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-23 21:42 - 2014-08-29 04:35 - 00000000 ____D () C:\Users\Peter
2015-02-23 21:42 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-23 21:42 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-02-23 13:27 - 2015-01-21 03:47 - 00000000 ____D () C:\ProgramData\{9569a5f4-c914-e3c8-9569-9a5f4c9197d3}
2015-02-23 12:35 - 2014-09-10 20:35 - 00786296 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-02-23 12:35 - 2014-09-10 20:35 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-23 12:26 - 2014-10-10 08:31 - 00000000 ____D () C:\ProgramData\Auslogics
2015-02-23 12:26 - 2014-10-10 08:30 - 00001240 _____ () C:\Users\Peter\Desktop\Auslogics Registry Cleaner.lnk
2015-02-23 12:23 - 2014-10-16 06:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-22 09:28 - 2009-07-13 23:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 16:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 18:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 08:19 - 2009-07-13 22:45 - 00547856 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 08:18 - 2014-12-10 17:38 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 08:18 - 2014-08-30 11:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 08:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2015-02-12 08:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 03:04 - 2014-08-29 18:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 03:03 - 2014-08-30 11:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:00 - 2014-08-30 11:33 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 00:11 - 2014-08-29 18:07 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Macromedia

==================== Files in the root of some directories =======

2015-02-23 12:23 - 2015-02-23 12:23 - 0000020 _____ () C:\Users\Peter\AppData\Roaming\appdataFr3.bin
2014-08-29 06:02 - 2014-12-14 12:50 - 0002457 _____ () C:\Users\Peter\AppData\Roaming\PETER-PC.MTBF.txt
2014-10-10 07:34 - 2014-10-13 06:34 - 0000132 _____ () C:\Users\Peter\AppData\Roaming\WB.CFG
2014-08-29 06:02 - 2014-12-14 13:49 - 0000922 _____ () C:\Users\Peter\AppData\Roaming\__AvidCloudManager.log
2014-08-29 06:02 - 2014-12-14 00:07 - 0000942 _____ () C:\Users\Peter\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-12-04 23:24 - 2015-01-05 12:02 - 0004608 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-12 18:34 - 2014-10-12 18:34 - 0000001 _____ () C:\Users\Peter\AppData\Local\DSI.DAT
2014-09-18 14:10 - 2014-12-31 15:07 - 0007655 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg
2014-08-29 04:45 - 2014-08-29 04:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Peter\gosetup.exe


Some content of TEMP:
====================
C:\Users\Katiana\AppData\Local\Temp\COMAP.EXE
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe
[2014-08-31 10:18] - [2014-09-02 17:48] - 2871808 ____A (Microsoft Corporation) D57BBAB1AD2F0F7B8A761E895E50BECB

C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 14:27

==================== End Of Log ============================



#7 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 28 February 2015 - 03:57 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Peter at 2015-02-28 14:54:28
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12G-Complete (HKLM-x32\...\PactGhosts) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
AMD Catalyst Install Manager (HKLM\...\{22E2B25B-2FFE-1A69-E591-55DD72BC5F5B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.2.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.5.2.3 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.22 - ASUSTeK Computer Inc.)
ASUS_ROG_THEME (HKLM-x32\...\ASUS_ROG_THEME) (Version: 1.01.00 - ASUSTeK Computer Inc.)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.8.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.3.0.0 - Auslogics Labs Pty Ltd)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.31.95.4 - Broadcom Corporation)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Corsair Gaming Headset Software (HKLM-x32\...\{6118E939-08B6-4180-8B5B-97836617813B}) (Version: 2.0.35 - Corsair)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.7.5361 - Corsair)
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
CPUID ROG CPU-Z 1.66.1 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.66.1 - CPUID, Inc.)
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0350 - DT Soft Ltd)
Data Import Utility (HKLM-x32\...\{98E62842-1524-4C30-9E60-1545CDD810A4}) (Version: 2.00.005 - PIXELA)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{2444562A-A7DC-42B8-A4D8-1BCF704B1480}) (Version: 1.0.1 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.0.1 - Red Giant) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMyPC (HKLM\...\{91E91FEC-9AF1-4F45-841A-78B7BF434F8F}) (Version: 8.2.1470 - Citrix Online)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LG VZW United Drivers (HKLM-x32\...\{FF712194-6643-4E4D-A340-2D447A644F75}) (Version: 2.16.1 - LG Electronics)
Logitech Gaming Software 5.02 (HKLM\...\{ECDF0939-A653-44D0-8B8E-597B890F45EC}) (Version: 5.02.116 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MemTweakIt (HKLM-x32\...\{E51AAC3A-D66D-4912-B883-DAFBA249D10F}) (Version: 2.02.01 - ASUSTeK Computer Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Flight Simulator 2002 (HKLM-x32\...\Flight Simulator 8.0) (Version:  - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{E5C99F9E-E97D-40B6-BAFC-8BCBFF1031E4}) (Version: 1.0.1 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.0.1 - Red Giant) Hidden
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
Paradise (HKLM-x32\...\Paradise_is1) (Version:  - White Birds Productions)
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Studio 17 - Install Manager (HKLM-x32\...\{F04D92CC-5C3A-46FA-9C98-6EACBDD262FF}) (Version: 17.0.131 - Corel Corporation)
Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.6.0.332 - Corel Corporation)
PRB Line (HKLM-x32\...\PRB Line) (Version:  - )
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)
Prince of Persia (HKLM-x32\...\{7C11154F-3539-4CB5-979D-EF7913473E53}) (Version: 1.0 - Ubisoft)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recover Files 3.31 (HKLM-x32\...\Recover Files_is1) (Version:  - Undelete & Unerase, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
R-Studio 7.3 (HKLM-x32\...\R-Studio 7.3NSIS) (Version: 7.3.155233 - R-Tools Technology Inc.)
Safe Eyes (HKLM-x32\...\{C3FA280D-3AE4-43F3-AFB5-D459B36A05B7}) (Version: 6.2.119.1 - McAfee, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
Sonic Radar (HKLM\...\{A14FEAA1-142B-4DAF-87C1-500764B0383D}) (Version: 1.1.201 - ASUSTeKcomputer.Inc)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.1.213 - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3800 - Broadcom Corporation)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
Wise Data Recovery 3.44 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.44 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-02-2015 12:40:55 avast! antivirus system restore point
23-02-2015 21:41:36 Restore Operation
24-02-2015 08:25:41 Windows Update
25-02-2015 03:00:10 Windows Update
25-02-2015 09:11:36 avast! antivirus system restore point
25-02-2015 09:12:20 Device Driver Package Install: Avast Network Service

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E9E28DA-7532-4080-A566-DFAFE56014C2} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1439322100-2213096863-3173725656-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {0FDC0871-F7F3-4A91-8B9D-4520CF998129} - System32\Tasks\Start Corsair Link => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe [2014-09-05] ()
Task: {153838EB-DA1B-4A01-AE19-54F0B7922D56} - System32\Tasks\{A2B72962-53AB-4E9A-A651-3454AE3065AF} => D:\setup.exe
Task: {15DA2985-229C-44D2-B193-E544EFF276FA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {16F967CD-C067-4A96-B5A3-DF4429579F64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: {183000C8-9122-4268-BD30-FA9BC52AC8F6} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {1959792A-DCC2-4D2B-8DA5-6B9F5E7D9C5E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1439322100-2213096863-3173725656-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {1C334EC4-C240-47DB-BF56-5C8A47D422BD} - System32\Tasks\{22AE139E-5F17-4CD6-B44C-22AA09C4922B} => D:\setup.exe
Task: {231F4A94-6132-4EA6-85D8-F58049930340} - System32\Tasks\Opera scheduled Autoupdate 1420738362 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {35B196B7-D7E7-47DC-B7FE-77140AD83F1D} - System32\Tasks\{37F07D5F-29C0-463B-9B47-5F4F224B8DA2} => pcalua.exe -a C:\Users\Peter\Downloads\dixmlsetup.exe -d C:\Users\Peter\Downloads
Task: {396062FF-C8BC-4B0B-A435-F4357465EDB6} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {3C8BA340-ECC5-48B1-BF8A-90EB8449F0E5} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe [2013-08-29] (ASUSTeK Computer Inc.)
Task: {3C90E8A6-E6D7-48AF-BD93-1A124412137B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3F43FB0C-B95C-4A21-A397-F3DA3BD6F497} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {57129120-83AC-4C80-8D0E-5339B05619B4} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {650C97BC-F0FC-4038-9ACD-41EDE425F7E7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-23] (AVAST Software)
Task: {69153D06-ED03-4C00-A8B9-E28D8F77566A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1439322100-2213096863-3173725656-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {6FD64A87-0012-464E-92A1-E5B382C01B82} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {87CB1CC3-E9C2-45B0-9263-4E87B47705AD} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Peter logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2015-02-14] (Auslogics)
Task: {93FB7EEF-4A45-4D6E-96B7-4D74A3C73C3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-29] (Google Inc.)
Task: {96EEE6B4-91E2-4BD4-85F8-CFA1200CA732} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {9F2FD9AF-EC17-4FF3-B3F4-9507A8E93EE3} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {A13F5738-EFDD-4F47-BF24-A9EF61B96AE6} - System32\Tasks\{58C53994-69D1-4250-BDF1-5F78FFA864F1} => D:\setup.exe
Task: {A2C5D650-FBE0-434F-9F23-C8AD7BD0B5BC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B7675113-5937-4BCF-884F-FF7D394560FD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-25] (Adobe Systems Incorporated)
Task: {BBD106FF-998C-4432-BA33-E5A9221C6507} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1439322100-2213096863-3173725656-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {C3C75BBD-173E-43D7-A9A3-E3949379AE83} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {C9BDCA8E-7901-4E85-A079-14AE784DC806} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-08-08] ()
Task: {E02E62AD-3E25-43FA-904A-43BE460E9D7C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1439322100-2213096863-3173725656-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {EB159061-A277-45DA-A8A4-5A7D08913B5A} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2013-04-12] ()
Task: {EBD111B7-94AD-410A-8921-0406E8FBA8FB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1439322100-2213096863-3173725656-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {ED147B55-86A1-4A7A-A1C2-C8563F9C6147} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {F821B9A6-4A0E-4441-9BAD-D199851DB859} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-09-10 19:29 - 2015-02-16 03:47 - 03509568 ____N () c:\windows\syswow64\lhkadefom\shim64_dyjkdfqh.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00292160 ____N () c:\windows\syswow64\lhkadefom\mcapp64_oshldeig.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 03523392 ____N () c:\windows\syswow64\lhkadefom\mcsc64_jeeuaekt.dll
2012-06-01 03:42 - 2012-06-01 03:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-09-02 17:42 - 2010-10-21 03:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2014-09-29 22:54 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-25 00:27 - 2014-12-23 13:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-08 13:38 - 2014-12-08 13:38 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2014-10-04 14:05 - 2014-09-05 21:43 - 03109640 _____ () C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe
2014-09-02 17:36 - 2013-07-24 09:16 - 01425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2014-09-02 17:35 - 2013-08-08 13:34 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-09-02 17:42 - 2013-04-12 09:07 - 01985848 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
2014-08-29 04:44 - 2013-06-20 21:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-08-29 04:45 - 2013-08-20 03:37 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-02-23 12:41 - 2015-02-23 12:41 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-02-23 12:41 - 2015-02-23 12:41 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-09-02 17:35 - 2013-08-08 13:34 - 01221912 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
2015-02-28 12:30 - 2015-02-28 12:30 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022801\algo.dll
2015-02-23 12:41 - 2015-02-23 12:41 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-02 17:42 - 2015-02-28 13:29 - 00034304 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-09-02 17:42 - 2010-06-28 20:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 02775360 ____N () c:\windows\syswow64\lhkadefom\shim_dhwvomoq.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00239936 ____N () c:\windows\syswow64\lhkadefom\mcapp_wrywflfh.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 02767168 ____N () c:\windows\syswow64\lhkadefom\mcsc_redyplab.dll
2014-10-04 14:05 - 2014-05-15 12:55 - 00203264 _____ () C:\Program Files (x86)\Corsair\Corsair Link\UsbRobbins.dll
2014-10-04 14:05 - 2014-05-15 12:55 - 00203776 _____ () C:\Program Files (x86)\Corsair\Corsair Link\UsbClink.dll
2014-09-02 17:37 - 2012-05-02 17:04 - 00233472 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\AudioProjection.dll
2014-09-02 17:37 - 2010-12-14 16:46 - 00067584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\CoreAudioCap.dll
2014-09-02 17:37 - 2013-08-07 17:43 - 00176128 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\DLCapPP.dll
2014-09-02 17:37 - 2013-06-11 11:06 - 00425984 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\awiscale.DLL
2014-09-02 17:37 - 2010-10-29 17:58 - 00221184 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\JpegCD.DLL
2014-09-02 17:37 - 2013-08-06 19:04 - 02502656 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\xH264E.DLL
2014-09-02 17:37 - 2012-01-12 15:44 - 00475136 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll
2014-09-02 17:37 - 2013-06-13 16:37 - 00156160 _____ () C:\Program Files (x86)\InstallShield Installation Information\{1DF11DAD-D427-4E1D-ABB6-04CB881EBE06}\CloudAPI\CloudAPI.dll
2014-09-02 17:37 - 2013-03-21 18:38 - 00716800 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiMoveHelp.dll
2014-09-02 17:37 - 2012-04-25 13:47 - 00659456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll
2014-09-02 17:35 - 2013-08-07 18:11 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-09-02 17:35 - 2013-10-11 12:49 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll
2014-09-02 17:35 - 2013-08-08 13:41 - 02747392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-09-02 17:36 - 2013-08-29 14:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-09-02 17:37 - 2013-09-05 14:46 - 02064384 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\WiFiGO.dll
2014-09-02 17:35 - 2013-06-04 03:41 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-09-02 17:35 - 2013-08-07 18:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2014-09-02 17:37 - 2012-01-19 08:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2014-09-02 17:35 - 2013-08-07 18:11 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2014-09-02 17:35 - 2013-08-07 18:11 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2014-09-02 17:39 - 2013-06-24 12:45 - 00062976 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll
2014-09-02 17:37 - 2010-09-23 10:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll
2014-09-02 17:37 - 2010-02-25 13:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2014-09-02 17:36 - 2013-07-31 19:05 - 05773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-09-02 17:36 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-09-02 17:35 - 2013-08-08 13:34 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-09-02 17:35 - 2013-08-08 13:34 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-09-02 17:35 - 2013-08-08 13:34 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-09-02 17:35 - 2013-08-08 13:34 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-09-02 17:42 - 2013-03-07 09:43 - 00179712 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsusService.dll
2014-09-02 17:42 - 2013-03-07 13:37 - 00470016 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\IccHelper.dll
2014-09-19 20:36 - 2014-11-19 19:28 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00239936 ____N () c:\windows\syswow64\lhkadefom\svcboot_bjoaclgs.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 02636096 ____N () c:\windows\syswow64\lhkadefom\Director_wnktlzkw.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00313664 ____N () c:\windows\syswow64\lhkadefom\Proxy.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00325952 ____N () c:\windows\syswow64\lhkadefom\dprx_xeepsuox.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00362816 ____N () c:\windows\syswow64\lhkadefom\ccp_atlxixfqt.dll
2014-09-10 19:29 - 2015-02-15 22:14 - 00047616 ____N () c:\windows\syswow64\lhkadefom\LiteUnzip.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00231744 ____N () c:\windows\syswow64\lhkadefom\mcmsg_wdfcbyea.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00538944 ____N () c:\windows\syswow64\lhkadefom\mca_eddnekewu.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00231744 ____N () c:\windows\syswow64\lhkadefom\mcy_ocxehdgjb.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 01390912 ____N () c:\windows\syswow64\lhkadefom\mcsky_bjwbgnvo.dll
2015-02-27 07:50 - 2015-02-16 03:47 - 00309568 ____N () c:\windows\syswow64\lhkadefom\mco_rxgjfftve.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00313664 ____N () c:\windows\syswow64\lhkadefom\mcoexp_frcmpzqd.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00248128 ____N () c:\windows\syswow64\lhkadefom\mclmd_nkmowkzi.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 02816320 ____N () c:\windows\syswow64\lhkadefom\mck_mqcbvigoz.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 02971968 ____N () c:\windows\syswow64\lhkadefom\mcie_lpkiaepa.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 00563520 ____N () c:\windows\syswow64\lhkadefom\mcff_jrsekkve.dll
2014-09-10 19:29 - 2015-02-16 03:47 - 03332416 ____N () c:\windows\syswow64\lhkadefom\mcgc_guwaiddr.dll
2011-03-09 15:21 - 2011-03-09 15:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 15:21 - 2011-03-09 15:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-02 17:37 - 2012-02-06 20:08 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi GO!\AssistTools\WiFile\pngio.dll
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-02-23 12:41 - 2015-02-23 12:41 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-31 11:34 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-09-18 21:21 - 2014-09-18 21:21 - 01020928 _____ () C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-02-27 07:50 - 2015-02-27 07:50 - 03469312 _____ () c:\windows\syswow64\lhkadefom\npffplg_hcbbdddz.dll
2015-02-04 22:36 - 2015-02-25 18:34 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1439322100-2213096863-3173725656-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1439322100-2213096863-3173725656-1005 - Limited - Enabled)
Guest (S-1-5-21-1439322100-2213096863-3173725656-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1439322100-2213096863-3173725656-1002 - Limited - Enabled)
Katiana (S-1-5-21-1439322100-2213096863-3173725656-1003 - Limited - Enabled) => C:\Users\Katiana
Peter (S-1-5-21-1439322100-2213096863-3173725656-1000 - Administrator - Enabled) => C:\Users\Peter

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2015 01:36:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/28/2015 01:36:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/28/2015 01:29:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 01:29:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/28/2015 01:12:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/28/2015 01:07:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (02/28/2015 01:07:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (02/28/2015 01:01:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/28/2015 01:01:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 00:59:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: abc

Start Time: 01d05386f46e3b47

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: ecb32ff6-bf7b-11e4-8c4b-240a64ded1ff


System errors:
=============
Error: (02/28/2015 02:44:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (02/28/2015 02:44:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (02/28/2015 02:19:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2

Error: (02/28/2015 01:29:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (02/28/2015 01:29:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (02/28/2015 01:29:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (02/28/2015 01:29:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (02/28/2015 01:29:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (02/28/2015 01:29:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (02/28/2015 01:29:58 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================
Error: (02/28/2015 01:36:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (02/28/2015 01:36:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (02/28/2015 01:29:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 01:29:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (02/28/2015 01:12:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Peter\Downloads\DownloadApp_1_8_0_209r_Setup-26087280.exeC:\Users\Peter\Downloads\DownloadApp_1_8_0_209r_Setup-26087280.exe0

Error: (02/28/2015 01:07:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (02/28/2015 01:07:25 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (02/28/2015 01:01:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL

Error: (02/28/2015 01:01:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 00:59:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567abc01d05386f46e3b470C:\Windows\Explorer.EXEecb32ff6-bf7b-11e4-8c4b-240a64ded1ff


CodeIntegrity Errors:
===================================
  Date: 2014-10-16 22:00:00.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 22:00:00.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 22:00:00.933
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 21:40:18.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 21:40:18.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 21:40:18.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 15:18:25.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 15:18:25.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 15:18:25.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-16 15:18:25.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4820K CPU @ 3.70GHz
Percentage of memory in use: 17%
Total physical RAM: 32706.9 MB
Available physical RAM: 27032.54 MB
Total Pagefile: 65411.99 MB
Available Pagefile: 59182.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:214.62 GB) (Free:66.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (New Volume) (Fixed) (Total:931.51 GB) (Free:861.98 GB) NTFS
Drive p: (RAMDISK) (Fixed) (Total:0.02 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 79EA2D58)
Partition 1: (Active) - (Size=214.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 348709AE)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 01 March 2015 - 05:38 AM

Are you running "monitoring software" (webwatcher, keylogger, etc.) on purpose?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 01 March 2015 - 10:22 AM

I was, awhile back. but now there is no reason to keep it on here.



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 01 March 2015 - 10:31 AM

OK. Thanks for letting me know. We will remove it in the end. For now, please do the following:

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Google Chrome
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

If needed, install the latest version from here.
 


Step 2


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 01 March 2015 - 02:06 PM

I uninstalled Google Chrome with the first step.

 

Hitman log follows:

 

HitmanPro 3.7.9.238
www.hitmanpro.com

   Computer name . . . . : PETER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Peter-PC\Peter
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-03-01 11:02:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 5s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 21
   Traces  . . . . . . . : 198

   Objects scanned . . . : 1,885,449
   Files scanned . . . . : 50,505
   Remnants scanned  . . : 605,691 files / 1,229,253 keys

Malware _____________________________________________________________________

   C:\Windows\SysWOW64\lhkadefom\ccp_atlxixfqt.dll
      Size . . . . . . . : 362,816 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 7AA28809A9A124412FEA4F85510C286D735F37D861291B5D7374E38803B64613
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Keylogger.WebWatcher.35
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\Director_wnktlzkw.dll
      Size . . . . . . . : 2,636,096 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 99BDB1CBC22DFE2472626509609322C63AC890AA55AA4AA3BB1D6EA89756EB60
      Publisher
      Version  . . . . . : 8.2.31.1154
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\dprx_xeepsuox.dll
      Size . . . . . . . : 325,952 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 3407EF0FFF693FF7FE4462A2581CBBC114D62D32F10AF5848D421191BF80C4E5
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Keylogger.WebWatcher.37
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mca_eddnekewu.dll
      Size . . . . . . . : 538,944 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : BB496E046B46F652952EF9732C7226ADC6070B8A276D1B6F434488273A2BDF06
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Keylogger.WebWatcher.10
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcapp_wrywflfh.dll
      Size . . . . . . . : 239,936 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : A899D5D7FEE76D7945969F09DE768C05EE69C6D69E7AAC0148AF7AE27BB4B317
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcff_jrsekkve.dll
      Size . . . . . . . : 563,520 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : F59B0860A710D952CC31BC3CDD12CEADAA6886469A8487DD00B1C73A01EDC923
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcgc_guwaiddr.dll
      Size . . . . . . . : 3,332,416 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 93A4AE5AABCFC1CC81BC4EFF6C3FE95A99A678CCDFA756B89D086B2A1ADAD797
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcie_lpkiaepa.dll
      Size . . . . . . . : 2,971,968 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : BF04CAD1DEBE46EF8E78027E8EE72BEF59F346823846AB343F0EB7785947781B
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mck_mqcbvigoz.dll
      Size . . . . . . . : 2,816,320 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 6B7551CD85446C696B548D3C712F28D72C092934578A3BFF63801DEBB004FE61
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mclmd_nkmowkzi.dll
      Size . . . . . . . : 248,128 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : C4C28864351DB2D7F387D2110E1D2A9518F7C243C83D19D7E6CEAB11C30FC40A
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Keylogger.WebWatcher.40
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcmsg_wdfcbyea.dll
      Size . . . . . . . : 231,744 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 557D880ACED85BDD208C2D4388B0E4C7548D4D125040E5B2E26E98C435E63388
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mco_rxgjfftve.dll
      Size . . . . . . . : 309,568 bytes
      Age  . . . . . . . : 2.1 days (2015-02-27 07:50:46)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : A6B1AA22958CAA8ED54127A8324DDBD83DED66012B760A743DDFCA84633285AC
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 100.0
      Forensic Cluster
         -10.4s C:\ProgramData\AVAST Software\Avast\Spamconf\init.tmp.b.a02252
         -10.4s C:\ProgramData\AVAST Software\Avast\Spamconf\init.tmp.b.a02252
         -10.2s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\
         -10.2s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\g2svc.log
         -10.0s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\g2host_00.log
         -7.5s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.gthr
         -7.5s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.Crwl
         -7.5s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.Crwl
         -3.6s C:\ProgramData\Real\RPDS\Logs\error.log.20150227075042
         -1.4s C:\Windows\SysWOW64\lhkadefom\ws_bdhfwxhyu.exe
         -1.2s C:\Windows\SysWOW64\lhkadefom\mcgc64_enrvzefi.dll
          0.0s C:\Windows\SysWOW64\lhkadefom\mco_rxgjfftve.dll
          0.4s C:\Windows\SysWOW64\lhkadefom\npffplg_hcbbdddz.dll

   C:\Windows\SysWOW64\lhkadefom\mcoexp_frcmpzqd.dll
      Size . . . . . . . : 313,664 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 4A4088BA5FE92966AACEEC51C35C984D5D6950CD8EFF65D6BDD9AD5EAC7AC544
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Keylogger.WebWatcher.33
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcsc_redyplab.dll
      Size . . . . . . . : 2,767,168 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : CD646D433E04A37F08A3566627E8379A99CD02BC1FFE172A7D55E69D7C0DE5E0
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Keylogger.WebWatcher.8
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcsky_bjwbgnvo.dll
      Size . . . . . . . : 1,390,912 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : D3AA6CEF302841CEC4E33023A8FCC8BD0C7BE26A0A1E832D5EFD36B0A12E3AB2
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\mcy_ocxehdgjb.dll
      Size . . . . . . . : 231,744 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 9F4B97F18C4D99CDB6161990242AC5B8C93A701379960A17631D40287CB664CE
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Gen:Variant.Application.Keylogger.WebWatcher.18
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\npffplg_hcbbdddz.dll
      Size . . . . . . . : 3,469,312 bytes
      Age  . . . . . . . : 2.1 days (2015-02-27 07:50:46)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 427D4D5A148264DE38DB6F7848D615D556A2179D9C39FDE9DB851D9DCF6C2DFC
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 110.0
      Forensic Cluster
         -10.8s C:\ProgramData\AVAST Software\Avast\Spamconf\init.tmp.b.a02252
         -10.8s C:\ProgramData\AVAST Software\Avast\Spamconf\init.tmp.b.a02252
         -10.6s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\
         -10.6s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\g2svc.log
         -10.4s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\g2host_00.log
         -7.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.gthr
         -7.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.Crwl
         -7.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.Crwl
         -4.0s C:\ProgramData\Real\RPDS\Logs\error.log.20150227075042
         -1.8s C:\Windows\SysWOW64\lhkadefom\ws_bdhfwxhyu.exe
         -1.6s C:\Windows\SysWOW64\lhkadefom\mcgc64_enrvzefi.dll
         -0.4s C:\Windows\SysWOW64\lhkadefom\mco_rxgjfftve.dll
          0.0s C:\Windows\SysWOW64\lhkadefom\npffplg_hcbbdddz.dll

   C:\Windows\SysWOW64\lhkadefom\proxy.dll
      Size . . . . . . . : 313,664 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : B753AFBFA2BC19362D657D44FA2E46D5F9B2A49586C76AAA90D0141BBBB078C9
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   C:\Windows\SysWOW64\lhkadefom\shim_dhwvomoq.dll
      Size . . . . . . . : 2,775,360 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 45B3B09D039E9CF5B855A24B3EBEA286D584EA78DC0B5279EF906081946876B1
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0

   c:\windows\syswow64\lhkadefom\svcboot_bjoaclgs.dll
      Size . . . . . . . : 239,936 bytes
      Age  . . . . . . . : 171.6 days (2014-09-10 19:29:22)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : BBACE3F57220221AEF53B2ABC5E033455F0CC855EB2C02391EAC2206BB2BD180
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      Service  . . . . . : svcboot_bjoaclgs
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 101.0
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\svcboot_bjoaclgs\

   C:\Windows\SysWOW64\lhkadefom\ws_bdhfwxhyu.exe
      Size . . . . . . . : 2,894,144 bytes
      Age  . . . . . . . : 2.1 days (2015-02-27 07:50:44)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 86AE6D28D49BA1F5AB1DDBF1541F2D73E53BA3DD304A74E830CA864227439314
      Product
      Publisher
      Description
      Version  . . . . . : 8.2.31.1154
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win32.WebWatcher.gen
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -9.0s C:\ProgramData\AVAST Software\Avast\Spamconf\init.tmp.b.a02252
         -9.0s C:\ProgramData\AVAST Software\Avast\Spamconf\init.tmp.b.a02252
         -8.8s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\
         -8.8s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\g2svc.log
         -8.6s C:\ProgramData\CitrixLogs\GoToMyPC\1470\2015-02-27_07.50.36.113\g2host_00.log
         -6.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.gthr
         -6.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.Crwl
         -6.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.176.Crwl
         -2.3s C:\ProgramData\Real\RPDS\Logs\error.log.20150227075042
          0.0s C:\Windows\SysWOW64\lhkadefom\ws_bdhfwxhyu.exe
          0.2s C:\Windows\SysWOW64\lhkadefom\mcgc64_enrvzefi.dll
          1.4s C:\Windows\SysWOW64\lhkadefom\mco_rxgjfftve.dll
          1.8s C:\Windows\SysWOW64\lhkadefom\npffplg_hcbbdddz.dll


Suspicious files ____________________________________________________________

   C:\Users\Peter\Desktop\FRST64.exe
      Size . . . . . . . : 2,087,936 bytes
      Age  . . . . . . . : 3.8 days (2015-02-25 14:47:00)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 552DE6F30FD0E9BEF5519659E35FD23FD20645DE092DBA24F8551CCEBE000FD1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}\ (UniDeals)
   HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}\ (UniDeals)
   HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}\ (UniDeals)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}\ (UniDeals)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}\ (UniDeals)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}\ (UniDeals)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}\ (Unisales)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}\ (MultiPlug)
   HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals)
   HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\ (UniDeals)
   HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-1439322100-2213096863-3173725656-1000\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals)
   HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals)
   HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals)
   HKU\S-1-5-21-1439322100-2213096863-3173725656-1000_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)

Cookies _____________________________________________________________________

   C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\cookies.sqlite:doubleclick.net
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\1S9V553Y.txt
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\96A0RUS2.txt
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\G0IQRJ18.txt
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\I00H8TJN.txt
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\SBXC2C8Y.txt
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\V5Y5BA5E.txt
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\WDPSPRRQ.txt
   C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\ZBDM03K1.txt
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:2o7.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ad.360yield.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.ad-center.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.garden.org
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.p161.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.servebom.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ads.undertone.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:adtech.de
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:adtechus.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:advertising.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:at.atwola.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:atdmt.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:bonniercorp.122.2o7.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:burstnet.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:casalemedia.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:collective-media.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:dmtracker.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:doubleclick.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:fastclick.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:in.getclicky.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:interclick.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:media6degrees.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:multiview.122.2o7.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:pointroll.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:revsci.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:ru4.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:serving-sys.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:smartadserver.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:stats.adotube.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:track.adform.net
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:tribalfusion.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:www.burstnet.com
   C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\cbh7h5vl.default\cookies.sqlite:www.googleadservices.com
 

 

Eset Log follows:

 

C:\AdwCleaner\Quarantine\C\ProgramData\ocmjiknefpedlilmagjpbekfkdfpldbi\IkqQxx6.js.vir JS/Kryptik.ATB trojan

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe            a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll  a variant of Win32/Systweak.N potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe           a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe         a variant of Win32/Systweak potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe        a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe              a variant of Win32/Systweak.L potentially unwanted application

C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe            a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\Program Files (x86)\NCH Software\ExpressZip\expresszipsetup_v2.28.exe   a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\73bBq@3.edu\content\bg.js                JS/Kryptik.ATB trojan

C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\gzq@RdBN.org\content\bg.js                JS/Kryptik.ATB trojan

C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\O6@qmw.edu\content\bg.js                JS/Kryptik.ATL trojan

C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\Y@iBxfg6ItHO.net\content\bg.js                JS/Kryptik.ATL trojan

C:\Users\Peter\Downloads\guiminer-20121203.exe       Python/CoinMiner.B potentially unsafe application

C:\Users\Peter\Downloads\guiminer\library.zip               Python/CoinMiner.B potentially unsafe application

C:\Users\Peter\Downloads\guiminer\poclbm.exe          Python/CoinMiner.A potentially unsafe application

C:\Windows\Installer\484bc.msi               a variant of Win32/Systweak.L potentially unwanted application

C:\Windows\System32\lhkadefom\ccp_atlxixfqt.dll       a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\Director_wnktlzkw.dll           a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\dprx_xeepsuox.dll a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcapp_wrywflfh.dll               a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mca_eddnekewu.dll              a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcff_jrsekkve.dll    a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcfile_qqvzydck.dll               a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcgc_guwaiddr.dll a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcie_lpkiaepa.dll    a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mck_mqcbvigoz.dll a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mclmd_nkmowkzi.dll            a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcmsg_wdfcbyea.dll            a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcoexp_frcmpzqd.dll           a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mco_rxgjfftve.dll    a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcsc_redyplab.dll   a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcsky_bjwbgnvo.dll              a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\mcy_ocxehdgjb.dll a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\nbm_pokfxsbbv.dll                a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\npffplg_hcbbdddz.dll            a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\proxy.dll      a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\shim_dhwvomoq.dll              a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\svcboot_bjoaclgs.dll              a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\System32\lhkadefom\ws_bdhfwxhyu.exe               a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\ccp_atlxixfqt.dll    a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\Director_wnktlzkw.dll       a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\dprx_xeepsuox.dll              a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcapp_wrywflfh.dll           a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mca_eddnekewu.dll          a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcff_jrsekkve.dll a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcfile_qqvzydck.dll            a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcgc_guwaiddr.dll              a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcie_lpkiaepa.dll a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mck_mqcbvigoz.dll             a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mclmd_nkmowkzi.dll         a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcmsg_wdfcbyea.dll         a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcoexp_frcmpzqd.dll       a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mco_rxgjfftve.dll a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcsc_redyplab.dll               a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcsky_bjwbgnvo.dll          a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\mcy_ocxehdgjb.dll             a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\nbm_pokfxsbbv.dll            a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\npffplg_hcbbdddz.dll        a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\proxy.dll  a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\shim_dhwvomoq.dll          a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\svcboot_bjoaclgs.dll           a variant of Win32/WebWatcher.A potentially unsafe application

C:\Windows\SysWOW64\lhkadefom\ws_bdhfwxhyu.exe           a variant of Win32/WebWatcher.A potentially unsafe application

Operating memory         a variant of Win32/WebWatcher.A potentially unsafe application



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 01 March 2015 - 02:09 PM

Please try to post the ESET Log as instructed.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 01 March 2015 - 03:23 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3311eb43d420e3499443f423fc8e32a6
# engine=22668
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-01 05:47:10
# local_time=2015-03-01 11:47:10 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 176775480 0 0
# scanned=371576
# found=64
# cleaned=0
# scan_time=2242
sh=0860F787A9C3523DD5B324E7624E507FA16AB16A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ocmjiknefpedlilmagjpbekfkdfpldbi\IkqQxx6.js.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=7C3EEF14F8725A9F33798AEBDF7730EA32A3DB19 ft=1 fh=2e81074635f131f3 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe"
sh=EDB29113FB0F407CA54D5720FB74221F7D9A4B98 ft=1 fh=55c6c996bc3a5060 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files (x86)\NCH Software\ExpressZip\expresszipsetup_v2.28.exe"
sh=BA0EB37522C289CFBC8C38C4F5FF90C895F44337 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\73bBq@3.edu\content\bg.js"
sh=913F474AC54A2321A6C51F74FA787AB2F354DC97 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\gzq@RdBN.org\content\bg.js"
sh=441F14FEC9D53CC9CA2336375B0C067A7BC21F57 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\O6@qmw.edu\content\bg.js"
sh=5A9C576A394329D597E56E6A00F08154D5B90BCF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\Y@iBxfg6ItHO.net\content\bg.js"
sh=D869EA86CBFB0EC1DB2A8BDE6FA697A612BDB20F ft=1 fh=71fa698234ce1153 vn="Python/CoinMiner.B potentially unsafe application" ac=I fn="C:\Users\Peter\Downloads\guiminer-20121203.exe"
sh=A276332E32B46159CF62CD81E03C2FA424A45FEF ft=0 fh=0000000000000000 vn="Python/CoinMiner.B potentially unsafe application" ac=I fn="C:\Users\Peter\Downloads\guiminer\library.zip"
sh=AF8C29D072D8D032DA8FC4B94710F5CCAE438A93 ft=1 fh=4e633eb794d637cf vn="Python/CoinMiner.A potentially unsafe application" ac=I fn="C:\Users\Peter\Downloads\guiminer\poclbm.exe"
sh=730F6734A10317E9966800B92B2F0AC7D2E05B7B ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\484bc.msi"
sh=15FAFE98EB2D8E558DB594422DA810F496D19CB8 ft=1 fh=da0fb3f1961a9061 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\ccp_atlxixfqt.dll"
sh=28BD92289B65AB1550AFAA25E58D14C68DB32B8A ft=1 fh=cfd34bcb286f1966 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\Director_wnktlzkw.dll"
sh=289B461884AB80B4F1ADA984ED5B1F9337969DA2 ft=1 fh=27587b40f1c46950 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\dprx_xeepsuox.dll"
sh=483191116E3F11264E65875E1DEBB58D6C13706A ft=1 fh=6d6579dc18be39ae vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcapp_wrywflfh.dll"
sh=2ACE0F42638C9FF8DA61220710892A89B57314F5 ft=1 fh=067b753f1f5d2e3d vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mca_eddnekewu.dll"
sh=759C77D0A50C367DAD010479AB4BFE9EB19E9747 ft=1 fh=024b8e9caf62a2ec vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcff_jrsekkve.dll"
sh=8FAD1802753CA8F3950F80AB78CCFD5C06A095DC ft=1 fh=677489cd99920e1f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcfile_qqvzydck.dll"
sh=71953F3C7226759F47656A10FDA26C8CE4B36017 ft=1 fh=424b47cf5175b4a9 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcgc_guwaiddr.dll"
sh=C5FAB54342EF8E23D5E0A9C6AE98F0F30C976958 ft=1 fh=c2eedc019419f53f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcie_lpkiaepa.dll"
sh=957009C66EBFC13CC7011E1069CE2A294546670F ft=1 fh=34c8fd9d3c7e80fc vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mck_mqcbvigoz.dll"
sh=E3FDB9C4C88B59BF5EBAC8E7205F056F8F0EEA32 ft=1 fh=8b24c3b946d2ea90 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mclmd_nkmowkzi.dll"
sh=A9D0640241CAE62FAA32A8F9D649F6664287CA55 ft=1 fh=771fef1705ddd541 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcmsg_wdfcbyea.dll"
sh=E52A23F56426508B76F611A885348031C3EDE8C7 ft=1 fh=33dbf72c33d7543b vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcoexp_frcmpzqd.dll"
sh=435C040E682E8CC06B0C5E8145BE7A0770E480D7 ft=1 fh=23e20bfc75ee8675 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mco_rxgjfftve.dll"
sh=9592B99412A2DFBE0A62B75EDF0935C08920990C ft=1 fh=c589bf68fa5b4414 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcsc_redyplab.dll"
sh=FC8F5BB76CCA34FA42A581D6D66830F2CC17ACBB ft=1 fh=05e7a6d5b403a907 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcsky_bjwbgnvo.dll"
sh=5B8E6E3FE907EEAB3851C229EB890B3CA61F70CA ft=1 fh=cf120df3f5182d9c vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcy_ocxehdgjb.dll"
sh=36CF439583D50D1828EB16B8806D3BCB64AE5EC1 ft=1 fh=e2f428c685696776 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\nbm_pokfxsbbv.dll"
sh=6235463045233D1F44515139FD2606F75CCA6DA4 ft=1 fh=c71c0011af097807 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\npffplg_hcbbdddz.dll"
sh=169EFCED82E11DA1C00BFF9E9295D9AE0BFAA5FC ft=1 fh=34abafa0e29a550e vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\proxy.dll"
sh=60D6676F9F615FEFAEB7374A6D1FBD849E82405A ft=1 fh=4488c940760fce11 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\shim_dhwvomoq.dll"
sh=0AB3143814D5604780AB4357842F136E25F735CB ft=1 fh=15c922dc6697c312 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\svcboot_bjoaclgs.dll"
sh=1E8209D3C64BD73400D982841A8E34D9B11B3CE2 ft=1 fh=abef4f2b97ede3c5 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\ws_bdhfwxhyu.exe"
sh=15FAFE98EB2D8E558DB594422DA810F496D19CB8 ft=1 fh=da0fb3f1961a9061 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\ccp_atlxixfqt.dll"
sh=28BD92289B65AB1550AFAA25E58D14C68DB32B8A ft=1 fh=cfd34bcb286f1966 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\Director_wnktlzkw.dll"
sh=289B461884AB80B4F1ADA984ED5B1F9337969DA2 ft=1 fh=27587b40f1c46950 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\dprx_xeepsuox.dll"
sh=483191116E3F11264E65875E1DEBB58D6C13706A ft=1 fh=6d6579dc18be39ae vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcapp_wrywflfh.dll"
sh=2ACE0F42638C9FF8DA61220710892A89B57314F5 ft=1 fh=067b753f1f5d2e3d vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mca_eddnekewu.dll"
sh=759C77D0A50C367DAD010479AB4BFE9EB19E9747 ft=1 fh=024b8e9caf62a2ec vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcff_jrsekkve.dll"
sh=8FAD1802753CA8F3950F80AB78CCFD5C06A095DC ft=1 fh=677489cd99920e1f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcfile_qqvzydck.dll"
sh=71953F3C7226759F47656A10FDA26C8CE4B36017 ft=1 fh=424b47cf5175b4a9 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcgc_guwaiddr.dll"
sh=C5FAB54342EF8E23D5E0A9C6AE98F0F30C976958 ft=1 fh=c2eedc019419f53f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcie_lpkiaepa.dll"
sh=957009C66EBFC13CC7011E1069CE2A294546670F ft=1 fh=34c8fd9d3c7e80fc vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mck_mqcbvigoz.dll"
sh=E3FDB9C4C88B59BF5EBAC8E7205F056F8F0EEA32 ft=1 fh=8b24c3b946d2ea90 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mclmd_nkmowkzi.dll"
sh=A9D0640241CAE62FAA32A8F9D649F6664287CA55 ft=1 fh=771fef1705ddd541 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcmsg_wdfcbyea.dll"
sh=E52A23F56426508B76F611A885348031C3EDE8C7 ft=1 fh=33dbf72c33d7543b vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcoexp_frcmpzqd.dll"
sh=435C040E682E8CC06B0C5E8145BE7A0770E480D7 ft=1 fh=23e20bfc75ee8675 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mco_rxgjfftve.dll"
sh=9592B99412A2DFBE0A62B75EDF0935C08920990C ft=1 fh=c589bf68fa5b4414 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcsc_redyplab.dll"
sh=FC8F5BB76CCA34FA42A581D6D66830F2CC17ACBB ft=1 fh=05e7a6d5b403a907 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcsky_bjwbgnvo.dll"
sh=5B8E6E3FE907EEAB3851C229EB890B3CA61F70CA ft=1 fh=cf120df3f5182d9c vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcy_ocxehdgjb.dll"
sh=36CF439583D50D1828EB16B8806D3BCB64AE5EC1 ft=1 fh=e2f428c685696776 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\nbm_pokfxsbbv.dll"
sh=6235463045233D1F44515139FD2606F75CCA6DA4 ft=1 fh=c71c0011af097807 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\npffplg_hcbbdddz.dll"
sh=169EFCED82E11DA1C00BFF9E9295D9AE0BFAA5FC ft=1 fh=34abafa0e29a550e vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\proxy.dll"
sh=60D6676F9F615FEFAEB7374A6D1FBD849E82405A ft=1 fh=4488c940760fce11 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\shim_dhwvomoq.dll"
sh=0AB3143814D5604780AB4357842F136E25F735CB ft=1 fh=15c922dc6697c312 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\svcboot_bjoaclgs.dll"
sh=1E8209D3C64BD73400D982841A8E34D9B11B3CE2 ft=1 fh=abef4f2b97ede3c5 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\ws_bdhfwxhyu.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3311eb43d420e3499443f423fc8e32a6
# engine=22704
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-01 08:03:44
# local_time=2015-03-01 02:03:44 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 176783674 0 0
# scanned=371663
# found=64
# cleaned=0
# scan_time=2297
sh=0860F787A9C3523DD5B324E7624E507FA16AB16A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ocmjiknefpedlilmagjpbekfkdfpldbi\IkqQxx6.js.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=7C3EEF14F8725A9F33798AEBDF7730EA32A3DB19 ft=1 fh=2e81074635f131f3 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe"
sh=EDB29113FB0F407CA54D5720FB74221F7D9A4B98 ft=1 fh=55c6c996bc3a5060 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files (x86)\NCH Software\ExpressZip\expresszipsetup_v2.28.exe"
sh=BA0EB37522C289CFBC8C38C4F5FF90C895F44337 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\73bBq@3.edu\content\bg.js"
sh=913F474AC54A2321A6C51F74FA787AB2F354DC97 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\gzq@RdBN.org\content\bg.js"
sh=441F14FEC9D53CC9CA2336375B0C067A7BC21F57 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\O6@qmw.edu\content\bg.js"
sh=5A9C576A394329D597E56E6A00F08154D5B90BCF ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Katiana\AppData\Roaming\Mozilla\Firefox\Profiles\000pxceh.default\extensions\staged\Y@iBxfg6ItHO.net\content\bg.js"
sh=D869EA86CBFB0EC1DB2A8BDE6FA697A612BDB20F ft=1 fh=71fa698234ce1153 vn="Python/CoinMiner.B potentially unsafe application" ac=I fn="C:\Users\Peter\Downloads\guiminer-20121203.exe"
sh=A276332E32B46159CF62CD81E03C2FA424A45FEF ft=0 fh=0000000000000000 vn="Python/CoinMiner.B potentially unsafe application" ac=I fn="C:\Users\Peter\Downloads\guiminer\library.zip"
sh=AF8C29D072D8D032DA8FC4B94710F5CCAE438A93 ft=1 fh=4e633eb794d637cf vn="Python/CoinMiner.A potentially unsafe application" ac=I fn="C:\Users\Peter\Downloads\guiminer\poclbm.exe"
sh=730F6734A10317E9966800B92B2F0AC7D2E05B7B ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\484bc.msi"
sh=15FAFE98EB2D8E558DB594422DA810F496D19CB8 ft=1 fh=da0fb3f1961a9061 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\ccp_atlxixfqt.dll"
sh=28BD92289B65AB1550AFAA25E58D14C68DB32B8A ft=1 fh=cfd34bcb286f1966 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\Director_wnktlzkw.dll"
sh=289B461884AB80B4F1ADA984ED5B1F9337969DA2 ft=1 fh=27587b40f1c46950 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\dprx_xeepsuox.dll"
sh=483191116E3F11264E65875E1DEBB58D6C13706A ft=1 fh=6d6579dc18be39ae vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcapp_wrywflfh.dll"
sh=2ACE0F42638C9FF8DA61220710892A89B57314F5 ft=1 fh=067b753f1f5d2e3d vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mca_eddnekewu.dll"
sh=759C77D0A50C367DAD010479AB4BFE9EB19E9747 ft=1 fh=024b8e9caf62a2ec vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcff_jrsekkve.dll"
sh=8FAD1802753CA8F3950F80AB78CCFD5C06A095DC ft=1 fh=677489cd99920e1f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcfile_qqvzydck.dll"
sh=71953F3C7226759F47656A10FDA26C8CE4B36017 ft=1 fh=424b47cf5175b4a9 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcgc_guwaiddr.dll"
sh=C5FAB54342EF8E23D5E0A9C6AE98F0F30C976958 ft=1 fh=c2eedc019419f53f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcie_lpkiaepa.dll"
sh=957009C66EBFC13CC7011E1069CE2A294546670F ft=1 fh=34c8fd9d3c7e80fc vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mck_mqcbvigoz.dll"
sh=E3FDB9C4C88B59BF5EBAC8E7205F056F8F0EEA32 ft=1 fh=8b24c3b946d2ea90 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mclmd_nkmowkzi.dll"
sh=A9D0640241CAE62FAA32A8F9D649F6664287CA55 ft=1 fh=771fef1705ddd541 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcmsg_wdfcbyea.dll"
sh=E52A23F56426508B76F611A885348031C3EDE8C7 ft=1 fh=33dbf72c33d7543b vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcoexp_frcmpzqd.dll"
sh=435C040E682E8CC06B0C5E8145BE7A0770E480D7 ft=1 fh=23e20bfc75ee8675 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mco_rxgjfftve.dll"
sh=9592B99412A2DFBE0A62B75EDF0935C08920990C ft=1 fh=c589bf68fa5b4414 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcsc_redyplab.dll"
sh=FC8F5BB76CCA34FA42A581D6D66830F2CC17ACBB ft=1 fh=05e7a6d5b403a907 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcsky_bjwbgnvo.dll"
sh=5B8E6E3FE907EEAB3851C229EB890B3CA61F70CA ft=1 fh=cf120df3f5182d9c vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\mcy_ocxehdgjb.dll"
sh=36CF439583D50D1828EB16B8806D3BCB64AE5EC1 ft=1 fh=e2f428c685696776 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\nbm_pokfxsbbv.dll"
sh=6235463045233D1F44515139FD2606F75CCA6DA4 ft=1 fh=c71c0011af097807 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\npffplg_hcbbdddz.dll"
sh=169EFCED82E11DA1C00BFF9E9295D9AE0BFAA5FC ft=1 fh=34abafa0e29a550e vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\proxy.dll"
sh=60D6676F9F615FEFAEB7374A6D1FBD849E82405A ft=1 fh=4488c940760fce11 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\shim_dhwvomoq.dll"
sh=0AB3143814D5604780AB4357842F136E25F735CB ft=1 fh=15c922dc6697c312 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\svcboot_bjoaclgs.dll"
sh=1E8209D3C64BD73400D982841A8E34D9B11B3CE2 ft=1 fh=abef4f2b97ede3c5 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\System32\lhkadefom\ws_bdhfwxhyu.exe"
sh=15FAFE98EB2D8E558DB594422DA810F496D19CB8 ft=1 fh=da0fb3f1961a9061 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\ccp_atlxixfqt.dll"
sh=28BD92289B65AB1550AFAA25E58D14C68DB32B8A ft=1 fh=cfd34bcb286f1966 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\Director_wnktlzkw.dll"
sh=289B461884AB80B4F1ADA984ED5B1F9337969DA2 ft=1 fh=27587b40f1c46950 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\dprx_xeepsuox.dll"
sh=483191116E3F11264E65875E1DEBB58D6C13706A ft=1 fh=6d6579dc18be39ae vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcapp_wrywflfh.dll"
sh=2ACE0F42638C9FF8DA61220710892A89B57314F5 ft=1 fh=067b753f1f5d2e3d vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mca_eddnekewu.dll"
sh=759C77D0A50C367DAD010479AB4BFE9EB19E9747 ft=1 fh=024b8e9caf62a2ec vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcff_jrsekkve.dll"
sh=8FAD1802753CA8F3950F80AB78CCFD5C06A095DC ft=1 fh=677489cd99920e1f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcfile_qqvzydck.dll"
sh=71953F3C7226759F47656A10FDA26C8CE4B36017 ft=1 fh=424b47cf5175b4a9 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcgc_guwaiddr.dll"
sh=C5FAB54342EF8E23D5E0A9C6AE98F0F30C976958 ft=1 fh=c2eedc019419f53f vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcie_lpkiaepa.dll"
sh=957009C66EBFC13CC7011E1069CE2A294546670F ft=1 fh=34c8fd9d3c7e80fc vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mck_mqcbvigoz.dll"
sh=E3FDB9C4C88B59BF5EBAC8E7205F056F8F0EEA32 ft=1 fh=8b24c3b946d2ea90 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mclmd_nkmowkzi.dll"
sh=A9D0640241CAE62FAA32A8F9D649F6664287CA55 ft=1 fh=771fef1705ddd541 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcmsg_wdfcbyea.dll"
sh=E52A23F56426508B76F611A885348031C3EDE8C7 ft=1 fh=33dbf72c33d7543b vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcoexp_frcmpzqd.dll"
sh=435C040E682E8CC06B0C5E8145BE7A0770E480D7 ft=1 fh=23e20bfc75ee8675 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mco_rxgjfftve.dll"
sh=9592B99412A2DFBE0A62B75EDF0935C08920990C ft=1 fh=c589bf68fa5b4414 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcsc_redyplab.dll"
sh=FC8F5BB76CCA34FA42A581D6D66830F2CC17ACBB ft=1 fh=05e7a6d5b403a907 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcsky_bjwbgnvo.dll"
sh=5B8E6E3FE907EEAB3851C229EB890B3CA61F70CA ft=1 fh=cf120df3f5182d9c vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\mcy_ocxehdgjb.dll"
sh=36CF439583D50D1828EB16B8806D3BCB64AE5EC1 ft=1 fh=e2f428c685696776 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\nbm_pokfxsbbv.dll"
sh=6235463045233D1F44515139FD2606F75CCA6DA4 ft=1 fh=c71c0011af097807 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\npffplg_hcbbdddz.dll"
sh=169EFCED82E11DA1C00BFF9E9295D9AE0BFAA5FC ft=1 fh=34abafa0e29a550e vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\proxy.dll"
sh=60D6676F9F615FEFAEB7374A6D1FBD849E82405A ft=1 fh=4488c940760fce11 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\shim_dhwvomoq.dll"
sh=0AB3143814D5604780AB4357842F136E25F735CB ft=1 fh=15c922dc6697c312 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\svcboot_bjoaclgs.dll"
sh=1E8209D3C64BD73400D982841A8E34D9B11B3CE2 ft=1 fh=abef4f2b97ede3c5 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\lhkadefom\ws_bdhfwxhyu.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/WebWatcher.A potentially unsafe application" ac=I fn="${Memory}"



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:35 PM

Posted 01 March 2015 - 03:29 PM

Thank you.
 
Do you know how to uninstall the monitoring software?

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Thundergod67

Thundergod67
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 01 March 2015 - 04:03 PM

yes, I have the admin to unistall






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users