Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack, unwanted addons (akamaihd, pctuner, weatherapp)


  • This topic is locked This topic is locked
22 replies to this topic

#1 iwanturCAT

iwanturCAT

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 07 March 2015 - 11:34 PM

I am not sure what specific topic title this should be, perhaps we can update once determined.

 

Here are the original details I posted on TechSupportAlert (http://www.techsupportalert.com/freeware-forum/general-computer-support/14996-malware-issue-with-akamaihd-net.html) and they referred me here.

 

Problem has unfolded as such:

 

I inserted a USB Bluetooth key and the cd to load the drivers as my computer doesn't have bluetooth. The cd opened a browser to the Insignia website to download the driver it seemed, and started to redirect and every minute or so open a new browser to some other site.

I've run superantispyware, my virus scan, and removed what came up.  Then malwarebytes which produced the attached screen which was sending me to a URL for some casinoo I won't post. Computer needed restarting.
 

It seems that using NoScript prevents the screenshots - when I installed Waterfox, NoScript was not installed right away and this may have allowed something to install. I also have a screenshot of the NoScript Options list showing what it is blocking if this helps narrow down the problem.

 

Please see next post for additional screenshots and info...

 

 
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 07 March 2015 - 11:45 PM

I have downloaded WinPatrol as suggested.  I was prompted to update my Adobe Flash which I aborted midway as I noticed other addons, and now have pctuner and weatherapp shortcuts on my desktop.  Ran SuperAntiSpyware again, and Malwarebytes (screenshots available). 

 

I also noted in waterfox under advanced, network, Offline Web Content and User Data

The following websites are allowed to store data for offline use:

content.sphere.com

which I've removed.

 

Here is the FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by The House Cat (administrator) on THEHOUSECAT-HP on 07-03-2015 21:17:04
Running from C:\Users\The House Cat\Downloads
Loaded Profiles: The House Cat (Available profiles: The House Cat & Alley Cat & A Stray Cat & Fat Cat & Smelly Cat & Tom Cat & pussy cat & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
() C:\ProgramData\{bbdc71d6-c390-96fb-bbdc-c71d6c39c75b}\As I Lay Dying-An Ocean Between Us-(2007).exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dropbox, Inc.) C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Super PC Tools Ltd) C:\ProgramData\{676245f0-aae0-d96c-6762-245f0aae17c2}\SuperOptimizer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
(Ruiware LLC) C:\Program Files (x86)\WinPatrol\WinPatrol\WinPatrol.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2013-04-04] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2011-02-07] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-02-25] (Hewlett-Packard)
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-10] (SUPERAntiSpyware)
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\...\Run: [Gadwin PrintScreen Pro] => C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [1869552 2012-05-29] (Gadwin Systems, Inc)
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\The House Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\As I Lay Dying-An Ocean Between Us-(2007).lnk
ShortcutTarget: As I Lay Dying-An Ocean Between Us-(2007).lnk -> C:\ProgramData\{bbdc71d6-c390-96fb-bbdc-c71d6c39c75b}\As I Lay Dying-An Ocean Between Us-(2007).exe ()
Startup: C:\Users\The House Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\The House Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SuperOptimizer.lnk
ShortcutTarget: SuperOptimizer.lnk -> C:\ProgramData\{676245f0-aae0-d96c-6762-245f0aae17c2}\SuperOptimizer.exe (Super PC Tools Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\The House Cat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://mp.siriuscanada.ca/sirius/ca/servlet/MediaPlayer
HKU\S-1-5-21-1172863099-1928398988-3374251491-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
SearchScopes: HKLM -> DefaultScope {313DBD21-38C3-45B6-92EF-B78846ACA232} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {313DBD21-38C3-45B6-92EF-B78846ACA232} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {31DD2B7B-D71B-44C7-A688-5D423DC10BEF} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {521C97B1-29CC-475A-BD85-87E12C2A33B4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKLM -> {7F6C4DBD-2024-4DF0-8135-A1C51B346670} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {313DBD21-38C3-45B6-92EF-B78846ACA232} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {313DBD21-38C3-45B6-92EF-B78846ACA232} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {31DD2B7B-D71B-44C7-A688-5D423DC10BEF} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {521C97B1-29CC-475A-BD85-87E12C2A33B4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKLM-x32 -> {7F6C4DBD-2024-4DF0-8135-A1C51B346670} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1172863099-1928398988-3374251491-1001 -> DefaultScope {313DBD21-38C3-45B6-92EF-B78846ACA232} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1172863099-1928398988-3374251491-1001 -> {313DBD21-38C3-45B6-92EF-B78846ACA232} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1172863099-1928398988-3374251491-1001 -> {31DD2B7B-D71B-44C7-A688-5D423DC10BEF} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-1172863099-1928398988-3374251491-1001 -> {521C97B1-29CC-475A-BD85-87E12C2A33B4} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpl
SearchScopes: HKU\S-1-5-21-1172863099-1928398988-3374251491-1001 -> {7F6C4DBD-2024-4DF0-8135-A1C51B346670} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: DeaalEXpraesss -> {15738f1c-ca3b-4076-9c37-537cb6c10813} -> C:\Program Files (x86)\DeaalEXpraesss\zKo9M5MnJVkUz6.x64.dll [2015-03-05] ()
BHO-x32: DeaalEXpraesss -> {15738f1c-ca3b-4076-9c37-537cb6c10813} -> C:\Program Files (x86)\DeaalEXpraesss\zKo9M5MnJVkUz6.dll [2015-03-05] ()
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-30] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-07-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{C4E825D6-2B94-4CF5-9C52-02DB04A2D897}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\The House Cat\AppData\Roaming\Mozilla\Firefox\Profiles\rvl6297l.default-1422815713866
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.techsupportalert.com/SecWiz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-07-27] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-08-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-05-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-05-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-05-13] (RealPlayer)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll [2011-09-01] ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-05-17] ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll [2013-10-15] (Nuance Communications Inc.)
FF user.js: detected! => C:\Users\The House Cat\AppData\Roaming\Mozilla\Firefox\Profiles\rvl6297l.default-1422815713866\user.js [2015-03-07]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-05-13] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2011-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2011-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2011-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2011-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2011-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2011-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2011-11-09] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-05-13] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-05-13] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Extension: NetoCCouupOn - C:\Users\The House Cat\AppData\Roaming\Mozilla\Firefox\Profiles\rvl6297l.default-1422815713866\Extensions\bNHf1X@Q.net [2015-02-21]
FF Extension: FunDeaLs - C:\Users\The House Cat\AppData\Roaming\Mozilla\Firefox\Profiles\rvl6297l.default-1422815713866\Extensions\GU@K.org [2015-02-21]
FF Extension: WOT - C:\Users\The House Cat\AppData\Roaming\Mozilla\Firefox\Profiles\rvl6297l.default-1422815713866\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-02-08]
FF Extension: NoScript - C:\Users\The House Cat\AppData\Roaming\Mozilla\Firefox\Profiles\rvl6297l.default-1422815713866\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-21]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-11-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: No Name - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013-10-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-01-18]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SaveeLotts) - C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldldgbggpajlfohbjbcfpkgdpohekoe [2015-02-16]
CHR Extension: (YouTube) - C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-11]
CHR Extension: (Google Search) - C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-11]
CHR Extension: (avast! WebRep) - C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-06-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-06-11]
CHR Extension: (HostCabinet  Who is hosting that website) - C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljhfacjpknfplpagpnillgkiepplbjd [2015-02-16]
CHR Extension: (Gmail) - C:\Users\The House Cat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-22]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2013-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 41218fb7; c:\Program Files (x86)\SystemPromote\SystemPromote.dll [1980416 2015-02-16] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-13] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-13] () [File not signed]
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-13] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-02-21] (Broadcom Corporation.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64; C:\Windows\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64.sys [48784 2015-03-07] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 21:17 - 2015-03-07 21:17 - 00032936 _____ () C:\Users\The House Cat\Downloads\FRST.txt
2015-03-07 21:16 - 2015-03-07 21:17 - 00000000 ____D () C:\FRST
2015-03-07 21:15 - 2015-03-07 21:15 - 02094592 _____ (Farbar) C:\Users\The House Cat\Downloads\FRST64.exe
2015-03-07 20:30 - 2015-03-07 20:31 - 00000000 ____D () C:\Users\The House Cat\AppData\Roaming\WinPatrol
2015-03-07 20:30 - 2015-03-07 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-03-07 20:30 - 2015-03-07 20:30 - 00000000 ____D () C:\ProgramData\InstallMate
2015-03-07 20:30 - 2015-03-07 20:30 - 00000000 ____D () C:\Program Files (x86)\WinPatrol
2015-03-07 20:29 - 2015-03-07 20:30 - 01081688 _____ (WinPatrol) C:\Users\The House Cat\Downloads\wpsetup.exe
2015-03-07 14:33 - 2015-03-07 14:33 - 00003712 _____ () C:\Windows\System32\Tasks\boosterpop
2015-03-07 14:33 - 2015-03-07 14:33 - 00003710 _____ () C:\Windows\System32\Tasks\IEError
2015-03-07 14:33 - 2015-03-07 14:33 - 00003526 _____ () C:\Windows\System32\Tasks\AI_Updater
2015-03-07 14:31 - 2015-03-07 14:33 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer
2015-03-07 14:31 - 2015-03-07 14:31 - 00001927 _____ () C:\Users\Public\Desktop\PCTuner.lnk
2015-03-07 14:31 - 2015-03-07 14:31 - 00000000 ____D () C:\Users\The House Cat\AppData\Local\PCTuner
2015-03-07 13:35 - 2015-03-07 13:35 - 00000000 ____D () C:\ProgramData\c0f113b00003f1a
2015-03-07 13:08 - 2015-03-07 13:08 - 00000000 ____D () C:\Users\The House Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-03-07 12:12 - 2015-03-07 12:12 - 00001174 _____ () C:\Users\The House Cat\Desktop\Continue Adobe Flash Player Installation.lnk
2015-03-07 12:02 - 2015-03-07 05:16 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64.sys
2015-03-07 12:01 - 2015-03-07 12:01 - 00003680 _____ () C:\Windows\System32\Tasks\IE_ERR4WDR
2015-03-07 12:01 - 2015-03-07 12:01 - 00003656 _____ () C:\Windows\System32\Tasks\HDNINSTSCHD
2015-03-07 12:01 - 2015-03-07 12:01 - 00003522 _____ () C:\Windows\System32\Tasks\UPDTEXE4_WDR
2015-03-07 12:00 - 2015-03-07 12:00 - 00000000 __SHD () C:\Users\The House Cat\AppData\Local\EmieBrowserModeList
2015-03-07 11:59 - 2015-03-07 13:08 - 00000000 ____D () C:\ProgramData\{676245f0-aae0-d96c-6762-245f0aae17c2}
2015-03-07 11:59 - 2015-03-07 11:59 - 00001969 _____ () C:\Users\Public\Desktop\Weather Widget.lnk
2015-03-07 11:59 - 2015-03-07 11:59 - 00000000 ____D () C:\Windows\PCBHDNW
2015-03-07 11:58 - 2015-02-21 14:00 - 01055936 _____ (Adobe) C:\Users\The House Cat\Downloads\flash_setup.exe
2015-03-07 11:40 - 2015-03-07 11:41 - 00779608 _____ (Application ) C:\Users\The House Cat\Downloads\adobe_flash_setup(1).exe
2015-03-05 20:17 - 2015-03-05 20:19 - 00000000 ____D () C:\Program Files (x86)\DeaalEXpraesss
2015-02-27 21:33 - 2015-02-27 21:45 - 00000000 ____D () C:\ProgramData\BtCrashDumps
2015-02-26 07:18 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-26 07:18 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-26 07:18 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 07:18 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-24 19:07 - 2015-02-24 19:07 - 00000000 ____D () C:\Users\The House Cat\AppData\Roaming\Oracle
2015-02-24 18:52 - 2015-01-08 16:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 18:52 - 2015-01-08 16:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 18:48 - 2015-02-24 18:47 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-24 18:47 - 2015-02-24 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-24 18:47 - 2015-02-24 18:47 - 00000000 ____D () C:\Program Files\Java
2015-02-24 18:42 - 2015-02-24 18:42 - 00000000 ____D () C:\Users\The House Cat\AppData\Local\CrashDumps
2015-02-24 18:39 - 2015-02-24 18:40 - 93427112 _____ (Oracle Corporation) C:\Users\The House Cat\Downloads\jre-8u31-windows-x64(1).exe
2015-02-21 22:28 - 2015-02-21 22:30 - 93427112 _____ (Oracle Corporation) C:\Users\The House Cat\Downloads\jre-8u31-windows-x64.exe
2015-02-21 13:58 - 2015-02-21 13:58 - 00775560 _____ (CoinisRS) C:\Users\The House Cat\Downloads\adobe_flash_setup.exe
2015-02-21 12:07 - 2015-02-21 12:07 - 00000000 ____D () C:\Users\The House Cat\Documents\Bluetooth Exchange Folder
2015-02-21 12:07 - 2015-02-21 12:07 - 00000000 ____D () C:\Users\The House Cat\AppData\Local\Broadcom
2015-02-21 12:07 - 2015-02-21 11:56 - 00599288 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2015-02-21 12:01 - 2015-02-21 12:01 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Problem Report.lnk
2015-02-21 11:58 - 2015-02-21 11:56 - 00210984 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2015-02-21 11:58 - 2015-02-21 11:56 - 00184144 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2015-02-21 11:58 - 2015-02-21 11:56 - 00172760 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2015-02-21 11:58 - 2015-02-21 11:56 - 00071703 _____ () C:\Windows\system32\Drivers\BCM20702B0_002.001.014.0527.0607.hex
2015-02-21 11:58 - 2015-02-21 11:56 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2015-02-21 11:58 - 2015-02-21 11:56 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2015-02-21 11:57 - 2015-02-21 11:57 - 00000000 ____D () C:\Program Files\WIDCOMM
2015-02-21 11:48 - 2015-02-21 11:48 - 04171576 _____ (Broadcom Corporation.) C:\Users\The House Cat\Downloads\SetupBtwDownloadSE(2).exe
2015-02-21 11:47 - 2015-02-21 11:47 - 04171576 _____ (Broadcom Corporation.) C:\Users\The House Cat\Downloads\SetupBtwDownloadSE(1).exe
2015-02-21 11:46 - 2015-02-21 11:46 - 04171576 _____ (Broadcom Corporation.) C:\Users\The House Cat\Downloads\SetupBtwDownloadSE.exe
2015-02-21 01:44 - 2015-03-07 19:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 01:43 - 2015-02-21 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-21 01:43 - 2015-02-21 01:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-21 01:43 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 01:43 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 01:40 - 2015-02-21 01:43 - 00000000 ____D () C:\Users\The House Cat\AppData\Roaming\Malwarebytes
2015-02-17 21:05 - 2015-02-17 21:05 - 00000000 ____D () C:\ProgramData\Extreme Blocker
2015-02-16 16:48 - 2015-03-05 20:17 - 00000000 ____D () C:\Program Files (x86)\MiIenimummPricce
2015-02-16 16:48 - 2015-02-16 16:48 - 00000000 ____D () C:\Program Files (x86)\SaveeLotts
2015-02-16 16:47 - 2015-03-05 20:17 - 00000000 ____D () C:\ProgramData\6776180668476817970
2015-02-16 16:47 - 2015-03-05 20:17 - 00000000 ____D () C:\Program Files (x86)\GReuatSauve44Uu
2015-02-16 16:47 - 2015-02-16 16:48 - 00000000 ____D () C:\Program Files (x86)\NetoCCouupOn
2015-02-16 16:47 - 2015-02-16 16:48 - 00000000 ____D () C:\Program Files (x86)\HostCabinet  Who is hosting that website
2015-02-16 16:47 - 2015-02-16 16:48 - 00000000 ____D () C:\Program Files (x86)\FunDeaLs
2015-02-16 16:26 - 2015-02-16 16:26 - 00000000 ____D () C:\Program Files (x86)\SystemPromote
2015-02-11 22:36 - 2015-01-22 21:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 22:36 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 22:36 - 2015-01-22 20:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 22:36 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 21:55 - 2015-02-03 20:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 21:55 - 2015-02-03 20:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 21:55 - 2015-02-03 20:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 21:55 - 2015-02-03 20:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 21:55 - 2015-02-03 20:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 21:55 - 2015-02-03 20:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 21:55 - 2015-02-03 20:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 21:55 - 2015-01-27 16:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 21:55 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 21:55 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 21:55 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 21:55 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 21:55 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 21:55 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 21:55 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 21:55 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 21:55 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 21:55 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 21:55 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 21:55 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 21:55 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 21:55 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 21:55 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 21:55 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 21:55 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 21:55 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 21:55 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 21:55 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 21:55 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 21:55 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 21:55 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 21:55 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 21:55 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 21:55 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 21:55 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 21:55 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 21:55 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 21:55 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 21:55 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 21:55 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 21:55 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 21:55 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 21:55 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 21:55 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 21:55 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 21:55 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 21:55 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 21:55 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 21:55 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 21:55 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 21:55 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 21:55 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 21:55 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 21:55 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 21:55 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 21:55 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 21:55 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 21:55 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 21:55 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 21:55 - 2014-10-03 19:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 21:55 - 2014-10-03 18:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 21:55 - 2014-10-03 18:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 21:54 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 21:54 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 21:54 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 21:54 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 21:54 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 21:54 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 21:54 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 21:54 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 21:54 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 21:54 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 21:54 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 21:54 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 21:54 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 21:54 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 21:54 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 21:54 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 21:54 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 21:53 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 21:53 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 21:53 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 21:53 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 21:53 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 21:53 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 21:53 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 21:53 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 21:53 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 21:53 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 21:53 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 21:53 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 21:53 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 21:53 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 21:53 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 21:53 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 21:53 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 21:53 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 21:53 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 21:53 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 21:52 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:52 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 21:52 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 21:51 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 21:51 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 21:50 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 21:50 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 21:50 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 21:50 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 21:50 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 21:50 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 21:50 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-06 23:44 - 2015-02-06 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 21:17 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 21:17 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 20:45 - 2013-03-14 23:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 14:09 - 2013-08-19 18:27 - 00000000 ___RD () C:\Users\The House Cat\Dropbox
2015-03-07 14:09 - 2013-08-19 17:18 - 00000000 ____D () C:\Users\The House Cat\AppData\Roaming\Dropbox
2015-03-07 14:08 - 2011-08-08 12:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-07 14:07 - 2010-11-07 01:46 - 01745194 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 13:07 - 2009-07-13 22:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 13:02 - 2014-03-13 21:01 - 00032564 _____ () C:\Windows\setupact.log
2015-03-07 13:02 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 12:08 - 2009-07-13 19:34 - 00000757 _____ () C:\Windows\win.ini
2015-03-07 11:49 - 2010-12-29 17:49 - 00000000 ____D () C:\Users\The House Cat\Documents\Master Files
2015-03-03 18:57 - 2012-06-10 20:07 - 00005313 _____ () C:\Users\The House Cat\AppData\Roaming\Rim.Transcoder.Exception.log
2015-03-03 18:57 - 2011-09-10 18:49 - 00006391 _____ () C:\Users\The House Cat\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-03-03 18:57 - 2011-09-10 18:49 - 00006314 _____ () C:\Users\The House Cat\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-03 08:15 - 2012-01-11 17:04 - 00071168 _____ () C:\Users\The House Cat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-03 06:17 - 2010-12-13 18:22 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 23:40 - 2015-01-26 23:23 - 00000000 ____D () C:\Users\The House Cat\Documents\CoolIt
2015-03-01 22:59 - 2011-01-10 21:01 - 00000000 ____D () C:\Users\The House Cat\AppData\Roaming\Audacity
2015-03-01 22:47 - 2013-09-12 17:50 - 00000000 ____D () C:\Users\The House Cat\Documents\Acquisitions Lean
2015-02-27 18:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-02-26 22:56 - 2010-12-29 17:47 - 00000000 ____D () C:\Users\The House Cat\Documents\Lean resources
2015-02-24 18:54 - 2014-03-13 21:01 - 00074756 _____ () C:\Windows\PFRO.log
2015-02-24 18:20 - 2014-08-30 18:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-22 11:35 - 2011-08-29 15:05 - 00000000 ____D () C:\Users\The House Cat\Documents\lululemon
2015-02-21 22:38 - 2014-08-24 18:21 - 00000000 ____D () C:\Users\The House Cat\AppData\Local\Adobe
2015-02-21 22:33 - 2014-01-28 21:27 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-21 12:07 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-21 01:43 - 2014-03-13 19:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-21 01:43 - 2014-03-13 19:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-02-17 22:48 - 2015-01-18 07:15 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-16 16:26 - 2015-02-01 21:31 - 00000000 ____D () C:\ProgramData\{bbdc71d6-c390-96fb-bbdc-c71d6c39c75b}
2015-02-16 14:19 - 2011-10-12 13:14 - 00000000 ____D () C:\Users\The House Cat\AppData\Local\CutePDF Writer
2015-02-14 21:29 - 2013-08-19 18:20 - 00000000 ____D () C:\Users\The House Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 20:45 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 21:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 22:16 - 2009-07-13 21:45 - 05062456 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 22:13 - 2014-12-11 21:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 22:13 - 2014-05-01 18:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-10 23:22 - 2014-03-13 18:51 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-10 23:21 - 2014-03-13 18:49 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-10 23:21 - 2014-03-13 18:49 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-10 23:21 - 2014-03-13 18:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-10 23:20 - 2013-08-14 17:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 23:04 - 2010-12-13 20:47 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 21:00 - 2010-12-29 17:47 - 00000000 ____D () C:\Users\The House Cat\Documents\Recipes

==================== Files in the root of some directories =======

2011-01-12 10:19 - 2011-09-14 10:14 - 0001854 _____ () C:\Users\The House Cat\AppData\Roaming\GhostObjGAFix.xml
2011-09-10 18:49 - 2015-03-03 18:57 - 0006314 _____ () C:\Users\The House Cat\AppData\Roaming\Rim.Desktop.Exception.log
2011-08-29 05:17 - 2012-06-10 19:29 - 0002257 _____ () C:\Users\The House Cat\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-09-10 18:49 - 2015-03-03 18:57 - 0006391 _____ () C:\Users\The House Cat\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-10 20:07 - 2015-03-03 18:57 - 0005313 _____ () C:\Users\The House Cat\AppData\Roaming\Rim.Transcoder.Exception.log
2012-11-03 00:06 - 2014-07-12 12:15 - 0002275 _____ () C:\Users\The House Cat\AppData\Roaming\SAS7_000.DAT
2012-01-11 17:04 - 2015-03-03 08:15 - 0071168 _____ () C:\Users\The House Cat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-16 16:55 - 2013-03-16 16:55 - 0000731 _____ () C:\Users\The House Cat\AppData\Local\recently-used.xbel
2011-02-10 11:09 - 2011-02-10 11:09 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-11-07 01:56 - 2010-11-07 01:56 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-13 13:51 - 2010-07-13 13:52 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-11-07 01:56 - 2010-11-07 01:56 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-13 13:46 - 2010-07-13 13:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-07 01:55 - 2010-11-07 01:55 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-11-07 01:56 - 2010-11-07 01:56 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-07-13 13:45 - 2010-07-13 13:45 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-07-13 13:47 - 2010-07-13 13:51 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-11-07 01:56 - 2010-11-07 01:57 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Some content of TEMP:
====================
C:\Users\A Stray Cat\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator.TheHouseCat-HP\AppData\Local\Temp\promote-upx.exe
C:\Users\Administrator.TheHouseCat-HP\AppData\Local\Temp\Resource_AcceptRate.exe
C:\Users\Administrator.TheHouseCat-HP\AppData\Local\Temp\Resource_Toolbar.exe
C:\Users\Administrator.TheHouseCat-HP\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Alley Cat\AppData\Local\Temp\AskSLib.dll
C:\Users\The House Cat\AppData\Local\Temp\3567978720678199482.exe
C:\Users\The House Cat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgckjk1.dll
C:\Users\The House Cat\AppData\Local\Temp\f9679.exe
C:\Users\The House Cat\AppData\Local\Temp\ICReinstall_adobe_flash_setup(1).exe
C:\Users\The House Cat\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe
C:\Users\The House Cat\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\The House Cat\AppData\Local\Temp\promote-upx.exe
C:\Users\The House Cat\AppData\Local\Temp\SAS6_Update.exe
C:\Users\The House Cat\AppData\Local\Temp\SkypeSetup.exe
C:\Users\The House Cat\AppData\Local\Temp\supoptsetup.exe
C:\Users\The House Cat\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\The House Cat\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 06:46

==================== End Of Log ============================

 
 
 

Attached Files


Edited by iwanturCAT, 07 March 2015 - 11:47 PM.


#3 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 07 March 2015 - 11:52 PM

Malwarebytes list needed to be done over 3 screen shots as follows in these postsAttached File  non malware items mar 7 1.jpg   146.59KB   0 downloads

 
 
 


#4 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 08 March 2015 - 01:23 PM

I also ran herdProtect, which gave this report:

 

Saved date:          07/03/2015 11:54:19 PM
Files detected:     82
Files scanned:         10,402
Processes scanned:     74
Modules scanned:     804
ASEPs scanned:         518
Downloads scanned:     1
Deep analysis:         28/5
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\agent.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             0826f139e35edbe6064797a68564812e
SHA-1:             a79deea5204929e8ddbe81e976dc7704a01f281a
Created:         13/10/2011 12:11:32 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\isuspm.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             6f5c9785c05d23dabe407653c12b8a05
SHA-1:             9e313a150259997ce22029d3c42eae1521904468
Created:         13/10/2011 12:11:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Kingsoft AntiVirus as Win32.Heur.KVMF81.hy.(kcloud)

---------------------------------------------------------------------------------

File path:         c:\programdata\{676245f0-aae0-d96c-6762-245f0aae17c2}\superoptimizer.exe
Publisher:         Super PC Tools Ltd
Signer:         Super PC Tools Limited
MD5:             977df691dc5aa5b4faf50ad2f0901f07
SHA-1:             06a9ed445eddcec3d7d3634fd41ba8acc1de46b7
Created:         01/01/0001 12:00:00 AM
Detections:         35
Determination:         Adware
            - Agnitum Outpost as Riskware.SpeedingUpMyPC (Adware)
            - Dr.Web as Program.Unwanted.134 (Adware)
            - Avira AntiVirus as Adware/SpdUpMyPC.5478976 (Adware)
            - G Data as Win32.Application.OptimizerPro (Undefined)
            - McAfee as Artemis!7945F1044656 (Undefined)
            - AVG as SuperPCTools (Undefined)
            - Reason Heuristics as PUP.PC Utilities (Adware)
            - Clam AntiVirus as Win.Trojan.Optimizerpro-18 (Undefined)
            - Rising Antivirus as PE:Trojan.Win32.Generic.17876B26!394750758 (Undefined)
            - F-Secure as Gen:Variant.Strictor.66909 (Undefined)
            - Emsisoft Anti-Malware as Gen:Variant.Strictor.66909 (Undefined)
            - MicroWorld eScan as Gen:Variant.Strictor.66909 (Undefined)
            - avast! as Agent-AUUH [PUP] (Adware)
            - Panda Antivirus as Trj/CI.A (Undefined)
            - Lavasoft Ad-Aware as Application.Generic.1029263 (Undefined)
            - Bitdefender as Gen:Variant.Strictor.66909 (Undefined)
            - Trend Micro as TROJ_GEN.R02KC0OK314 (Undefined)
            - VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
            - Comodo Security as ApplicUnwnt (Undefined)
            - Trend Micro House Call as TROJ_GEN.R02KC0OK314 (Undefined)
            - Qihoo 360 Security as HEUR/QVM41.1.Malware.Gen (Undefined)
            - Fortinet FortiGate as Riskware/OptimizerPro (Undefined)
            - ESET NOD32 as Win32/Adware.SpeedingUpMyPC.U application (Adware)
            - AhnLab V3 Security as PUP/Win32.Optimizer (Adware)
            - Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)
            - McAfee Web Gateway as Artemis (Undefined)
            - NANO AntiVirus as Riskware.Win32.OptimizerPro.dgmsiw (Adware)
            - Kaspersky as not-a-virus:RiskTool.Win32.OptimizerPro (Adware)
            - Total Defense as Win32/Tnega.SZHEWKB (Undefined)
            - F-Prot as W32/A-fcdc4a04 (Undefined)
            - K7 AntiVirus as Adware  (Adware)
            - K7 Gateway Antivirus as Adware  (Adware)
            - Zillya! Antivirus as Trojan.Black.Win32.18731 (Undefined)
            - IKARUS anti.virus as PUA.SpeedingUpMyPC (Adware)
            - Baidu Antivirus as PUA.Win32.Rezimitpo (Adware)

---------------------------------------------------------------------------------

File path:         c:\programdata\{bbdc71d6-c390-96fb-bbdc-c71d6c39c75b}\as i lay dying-an ocean between us-(2007).exe
Publisher:         
MD5:             0f2ea66bda97b586ec320384890ef50e
SHA-1:             bdfcee293a3393a801bfeb9e88e570465829b538
Created:         01/01/0001 12:00:00 AM
Detections:         27
Determination:         Adware
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)
            - Lavasoft Ad-Aware as Gen:Variant.Adware.Mplug.28 (Adware)
            - avast! as Win32:MultiPlug-SK [PUP] (Adware)
            - ESET NOD32 as Win32/Adware.MultiPlug.EP application (Adware)
            - McAfee as Program.MultiPlug-FVQ (Adware)
            - Dr.Web as Trojan.Crossrider.36840 (Adware)
            - F-Secure as Gen:Variant.Adware.Mplug (Adware)
            - Emsisoft Anti-Malware as Gen:Variant.Adware.Mplug.28 (Adware)
            - AVG as Adware Generic6.LSG (Adware)
            - Sophos as PUA 'MultiPlug' (of type Adware) (Adware)
            - Bkav FE as HW32.Packed (Undefined)
            - MicroWorld eScan as Gen:Variant.Adware.Mplug.28 (Adware)
            - K7 Gateway Antivirus as Unwanted-Program  (Adware)
            - K7 AntiVirus as Unwanted-Program  (Adware)
            - NANO AntiVirus as Trojan.Win32.Crossrider.dnjowy (Adware)
            - F-Prot as W32/S-f6576d9c (Undefined)
            - Bitdefender as Gen:Variant.Adware.Mplug.28 (Adware)
            - Agnitum Outpost as Trojan.Badur (Undefined)
            - Comodo Security as Application.Win32.AdWare.MultiPlug.VA (Adware)
            - McAfee Web Gateway as MultiPlug-FVQ (Undefined)
            - Avira AntiVirus as ADWARE/MultiPlug.Gen7 (Adware)
            - Antiy Labs AVL as Trojan/Win32.Badur (Undefined)
            - G Data as Gen:Variant.Adware.Mplug.28 (Adware)
            - AhnLab V3 Security as PUP/Win32.MultiPlug (Adware)
            - Vba32 AntiVirus as Heur.Malware-Cryptor.Multiplug (Undefined)
            - Panda Antivirus as Trj/Genetic.gen (Undefined)
            - Fortinet FortiGate as Adware/MultiPlug (Adware)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\common files\lightscribe\lssrvc.exe
Publisher:         Hewlett-Packard Company
MD5:             7550d101bf49fdb1f92666a233ee36c4
SHA-1:             c4052e38a0e643f8a89f66e7aa58f416f7157f49
Created:         19/05/2010 11:44:14 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.Service.HewlettPackardCompany.G

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\hp games\hp game console\gameconsoleservice.exe
Publisher:         WildTangent, Inc.
Signer:         WildTangent Inc
MD5:             ce16683cfd11fe70bde435dda5ea1fca
SHA-1:             ff1041c97622b81d6fd03e3a7f17c8884cc2e8c2
Created:         03/04/2010 5:01:24 PM
Detections:         3
Determination:         Ignore detections (false positive)
            - Dr.Web as MULDROP.Trojan (Undefined)
            - Boost by Reason as Optional.Service.WildTangent.S
            - Antiy Labs AVL as Trojan/Win32.Mufanom.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe
Publisher:         Macrovision Corporation
MD5:             daf66902f08796f9c694901660e5a64a
SHA-1:             ca96dc67dd8adeb4d0fd93cbc2bf41a477d3be18
Created:         13/11/2005 11:06:04 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.Clod9d9.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe
Publisher:         Advanced Micro Devices, Inc.
MD5:             7d4e51421fe39b98f21ed28ef900bbb1
SHA-1:             16e400bf1a2dcc94e7ae3c53e17395585b69faef
Created:         17/06/2010 9:48:12 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - The Hacker as Trojan/Kryptik.apb (Undefined)
            - Boost by Reason as Optional.Startup.AdvancedMicroDevices.I

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\\isuspm.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             6f5c9785c05d23dabe407653c12b8a05
SHA-1:             9e313a150259997ce22029d3c42eae1521904468
Created:         13/10/2011 12:11:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Kingsoft AntiVirus as Win32.Heur.KVMF81.hy.(kcloud)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\nuance\naturallyspeaking12\ereg\ereg.exe
Publisher:         Nuance Communications, Inc.
Signer:         Nuance Communications, Inc.
MD5:             63c0c3c8a846cb655cd512234959196f
SHA-1:             5033c3936d1c022afce71f75f65dd89a14c978a8
Created:         27/10/2010 12:44:38 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.NuanceCommunications.E

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\tuneup computer\updater.exe
Publisher:         Tuneup computer
Signer:         M3R Global Services
MD5:             9d1f8c925adf10bbf0068934aae510a5
SHA-1:             4db8722eb489a4bbd4519a42d6762f45ac54bcc3
Created:         03/02/2015 4:59:24 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Zillya! Antivirus as Trojan.Agent.Win32.491207 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\pcbhdnw\hdninstaller.exe
Publisher:         
Signer:         JH Software Private Limited
MD5:             c8f9c9be3aac1ebf4ed67cd563304bef
SHA-1:             53d1950af1713edb1d28c6d1ed62a93a87df32a9
Created:         01/01/0001 12:00:00 AM
Detections:         1
Determination:         Inconclusive
            - Reason Heuristics as PUP.Task.JHSoftwarePrivate (Adware)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\real\realupgrade\realupgrade.exe
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             d412ac27fe3c9f8bc19741dac0e0329d
SHA-1:             c1d332748242ab726d648ec12ce06fb467ecd323
Created:         30/04/2012 7:21:22 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Task.RealNetworks.L

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\real\realplayer\\rpshellsearch.dll
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             1fb759442bec1bd6ab5194a79e121192
SHA-1:             85a6b60e5c32abc6192d4f8bbf1d5bdc98a9b19a
Created:         13/05/2012 11:21:47 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Handler.RealNetworks.N

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\real\realplayer\rpshell.dll
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             0683583f5fa5bf440ab5c9361ea47ee3
SHA-1:             de22edde3ebd3247e7cea66d43598967a6c89fe8
Created:         13/05/2012 11:21:18 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.RealNetworks.H

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\google\chrome\user data\default\extensions\bldldgbggpajlfohbjbcfpkgdpohekoe\6.3\manifest.json
Publisher:         
MD5:             bda2f74e893bacee9d40e56497d23794
SHA-1:             febe4e52fcca514f0c208da564a1f4a40ad8c184
Created:         01/01/0001 12:00:00 AM
Detections:         1
Determination:         Adware
            - Reason Heuristics as Adware.Obscure.WebPick.ChromePlugin (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\google\chrome\user data\default\extensions\lljhfacjpknfplpagpnillgkiepplbjd\205\manifest.json
Publisher:         
MD5:             4862c0bcbaf3cadf2369c7070a29b941
SHA-1:             c803d0ea88c2ddea888377fcb304808b02cf2956
Created:         01/01/0001 12:00:00 AM
Detections:         1
Determination:         Adware
            - Reason Heuristics as PUP.Chrome.Extension (Adware)

---------------------------------------------------------------------------------

File path:         c:\windows\temp\avg_a08548\progdata\avg secure search\firefoxext\18.0.0.248\install.rdf
Publisher:         
MD5:             989842a1bd5a89f73f9438062a38415d
SHA-1:             1e7d59ebcea7d6e381948f49aabbe120d53c6fed
Created:         01/01/0001 12:00:00 AM
Detections:         1
Determination:         Adware
            - Reason as Threat.iSearch.Mozilla.Extension (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\3567978720678199482.exe
Publisher:         
MD5:             83be6020cc96d0e2511f5ea47e36f3b5
SHA-1:             157d9430c3a7dd855c56ba39a5cbeb7db5949dcf
Created:         01/01/0001 12:00:00 AM
Detections:         18
Determination:         Adware
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)
            - Emsisoft Anti-Malware as Gen:Variant.Kazy.553069 (Undefined)
            - avast! as Win32:Malware-gen (Undefined)
            - F-Secure as Gen:Variant.Kazy.553069 (Undefined)
            - Lavasoft Ad-Aware as Gen:Variant.Kazy.553069 (Undefined)
            - Norman as Gen:Trojan.Heur.JP.YsX@a0T9UDl (Undefined)
            - MicroWorld eScan as Gen:Variant.Kazy.553069 (Undefined)
            - K7 AntiVirus as Riskware  (Undefined)
            - K7 Gateway Antivirus as Riskware  (Undefined)
            - Trend Micro House Call as TROJ_GEN.R0C1H09BD15 (Undefined)
            - Bitdefender as Gen:Variant.Kazy.553069 (Undefined)
            - Sophos as MultiPlug (Undefined)
            - Avira AntiVirus as TR/Spy.Agent.2927104.2 (Undefined)
            - AhnLab V3 Security as PUP/Win32.MultiPlug (Adware)
            - G Data as Gen:Variant.Kazy.553069 (Undefined)
            - Vba32 AntiVirus as BScope.Worm.Slenfbot.07 (Undefined)
            - Panda Antivirus as Generic Suspicious (Undefined)
            - Baidu Antivirus as Adware.Win32.MultiPlug (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\f9679.exe
Publisher:         
MD5:             0f2ea66bda97b586ec320384890ef50e
SHA-1:             bdfcee293a3393a801bfeb9e88e570465829b538
Created:         01/01/0001 12:00:00 AM
Detections:         27
Determination:         Adware
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)
            - Lavasoft Ad-Aware as Gen:Variant.Adware.Mplug.28 (Adware)
            - avast! as Win32:MultiPlug-SK [PUP] (Adware)
            - ESET NOD32 as Win32/Adware.MultiPlug.EP application (Adware)
            - McAfee as Program.MultiPlug-FVQ (Adware)
            - Dr.Web as Trojan.Crossrider.36840 (Adware)
            - F-Secure as Gen:Variant.Adware.Mplug (Adware)
            - Emsisoft Anti-Malware as Gen:Variant.Adware.Mplug.28 (Adware)
            - AVG as Adware Generic6.LSG (Adware)
            - Sophos as PUA 'MultiPlug' (of type Adware) (Adware)
            - Bkav FE as HW32.Packed (Undefined)
            - MicroWorld eScan as Gen:Variant.Adware.Mplug.28 (Adware)
            - K7 Gateway Antivirus as Unwanted-Program  (Adware)
            - K7 AntiVirus as Unwanted-Program  (Adware)
            - NANO AntiVirus as Trojan.Win32.Crossrider.dnjowy (Adware)
            - F-Prot as W32/S-f6576d9c (Undefined)
            - Bitdefender as Gen:Variant.Adware.Mplug.28 (Adware)
            - Agnitum Outpost as Trojan.Badur (Undefined)
            - Comodo Security as Application.Win32.AdWare.MultiPlug.VA (Adware)
            - McAfee Web Gateway as MultiPlug-FVQ (Undefined)
            - Avira AntiVirus as ADWARE/MultiPlug.Gen7 (Adware)
            - Antiy Labs AVL as Trojan/Win32.Badur (Undefined)
            - G Data as Gen:Variant.Adware.Mplug.28 (Adware)
            - AhnLab V3 Security as PUP/Win32.MultiPlug (Adware)
            - Vba32 AntiVirus as Heur.Malware-Cryptor.Multiplug (Undefined)
            - Panda Antivirus as Trj/Genetic.gen (Undefined)
            - Fortinet FortiGate as Adware/MultiPlug (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\icreinstall_adobe_flash_setup.exe
Publisher:         CoinisRS
Signer:         Advertaizing Grupp
MD5:             b7004a715e2f116d8b54dd2abb6e293b
SHA-1:             dbf4314621e247892174e10646297aaafd874901
Created:         01/01/0001 12:00:00 AM
Detections:         14
Determination:         Adware
            - Reason Heuristics as PUP.Bundler.installCore (Adware)
            - VIPRE Antivirus as Threat.4150696 (Undefined)
            - avast! as Rootkit-gen [Rtk] (Undefined)
            - Dr.Web as Trojan.InstallCore.57 (Adware)
            - ESET NOD32 as Win32/InstallCore.XN potentially unwanted application (Adware)
            - Clam AntiVirus as Win.Trojan.Installcore-432 (Adware)
            - K7 AntiVirus as Trojan  (Undefined)
            - K7 Gateway Antivirus as Trojan  (Undefined)
            - Total Defense as Win32/Tnega.MFNTaRB (Undefined)
            - NANO AntiVirus as Riskware.Win32.InstallCore.dnxkbc (Adware)
            - Avira AntiVirus as Adware/InstallCo.zlz (Adware)
            - AhnLab V3 Security as PUP/Win32.InstallCore (Adware)
            - AVG as Generic (Undefined)
            - Agnitum Outpost as PUA.InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\supoptsetup.exe
Publisher:         Super PC Tools ltd                                          
Signer:         Super PC Tools Limited
MD5:             7945f1044656b39232f78c0068dd6327
SHA-1:             153982efb9550dd1a5c7bad4209531826bacf3e7
Created:         01/01/0001 12:00:00 AM
Detections:         18
Determination:         Adware
            - Agnitum Outpost as Riskware.SpeedingUpMyPC (Adware)
            - Dr.Web as Program.Unwanted.134 (Adware)
            - ESET NOD32 as Win32/SpeedingUpMyPC (variant) (Undefined)
            - AVG as SuperPCTools (Undefined)
            - Reason Heuristics as PUP.Installer.PC Utilities (Adware)
            - McAfee as Artemis!A0269184E842 (Undefined)
            - K7 Gateway Antivirus as Trojan  (Undefined)
            - NANO AntiVirus as Riskware.Win32.OptimizerPro.dllldz (Adware)
            - Comodo Security as ApplicUnwnt (Undefined)
            - McAfee Web Gateway as Artemis (Undefined)
            - Avira AntiVirus as Adware/SpdUpMyPC.5740344 (Adware)
            - Antiy Labs AVL as RiskWare[RiskTool:not-a-virus]/Win32.OptimizerPro (Adware)
            - Fortinet FortiGate as Riskware/SpeedingUpMyPC (Undefined)
            - Trend Micro House Call as Suspicious_GEN.F47V1125 (Undefined)
            - G Data as Win32.Trojan.Agent.DWGUU0 (Undefined)
            - Trend Micro as ADW_SPEEDUPMYPC (Adware)
            - Baidu Antivirus as Adware.Win32.SpeedingUpMyPC (Adware)
            - avast! as Win32:Malware-gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\15092905f11a4\temp\as i lay dying-an ocean between us-(2007).exe
Publisher:         
MD5:             0f2ea66bda97b586ec320384890ef50e
SHA-1:             bdfcee293a3393a801bfeb9e88e570465829b538
Created:         01/01/0001 12:00:00 AM
Detections:         27
Determination:         Adware
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)
            - Lavasoft Ad-Aware as Gen:Variant.Adware.Mplug.28 (Adware)
            - avast! as Win32:MultiPlug-SK [PUP] (Adware)
            - ESET NOD32 as Win32/Adware.MultiPlug.EP application (Adware)
            - McAfee as Program.MultiPlug-FVQ (Adware)
            - Dr.Web as Trojan.Crossrider.36840 (Adware)
            - F-Secure as Gen:Variant.Adware.Mplug (Adware)
            - Emsisoft Anti-Malware as Gen:Variant.Adware.Mplug.28 (Adware)
            - AVG as Adware Generic6.LSG (Adware)
            - Sophos as PUA 'MultiPlug' (of type Adware) (Adware)
            - Bkav FE as HW32.Packed (Undefined)
            - MicroWorld eScan as Gen:Variant.Adware.Mplug.28 (Adware)
            - K7 Gateway Antivirus as Unwanted-Program  (Adware)
            - K7 AntiVirus as Unwanted-Program  (Adware)
            - NANO AntiVirus as Trojan.Win32.Crossrider.dnjowy (Adware)
            - F-Prot as W32/S-f6576d9c (Undefined)
            - Bitdefender as Gen:Variant.Adware.Mplug.28 (Adware)
            - Agnitum Outpost as Trojan.Badur (Undefined)
            - Comodo Security as Application.Win32.AdWare.MultiPlug.VA (Adware)
            - McAfee Web Gateway as MultiPlug-FVQ (Undefined)
            - Avira AntiVirus as ADWARE/MultiPlug.Gen7 (Adware)
            - Antiy Labs AVL as Trojan/Win32.Badur (Undefined)
            - G Data as Gen:Variant.Adware.Mplug.28 (Adware)
            - AhnLab V3 Security as PUP/Win32.MultiPlug (Adware)
            - Vba32 AntiVirus as Heur.Malware-Cryptor.Multiplug (Undefined)
            - Panda Antivirus as Trj/Genetic.gen (Undefined)
            - Fortinet FortiGate as Adware/MultiPlug (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is1751165634\12634862_stp\icc.dll
Publisher:         
MD5:             f03d8375c6696a85d58aad9adce7f702
SHA-1:             65f1f0d076fec3a794f84fe5cb355e525054128e
Created:         17/03/2014 2:19:02 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Vba32 AntiVirus as Downware.InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is599662386\21a4461e_stp.exe
Publisher:         
Signer:         Round World
MD5:             95554c1bf0e57a6aea651e396df6cf2f
SHA-1:             48a567573dba21c61641563b251ce3db7825fe1f
Created:         01/01/0001 12:00:00 AM
Detections:         12
Determination:         Adware
            - Reason Heuristics as PUP.Installer.Yontoo (Adware)
            - ESET NOD32 as Win32/BrowseFox.C potentially unwanted application (Adware)
            - Dr.Web as infected with Trojan.Siggen6.31097 (Undefined)
            - K7 AntiVirus as Unwanted-Program  (Adware)
            - K7 Gateway Antivirus as Unwanted-Program  (Adware)
            - NANO AntiVirus as Trojan.Nsis.BrowseFox.dnxihk (Undefined)
            - Avira AntiVirus as ADWARE/BrowseFox.Gen (Adware)
            - G Data as NSIS.Application.BrowseFox (Undefined)
            - Baidu Antivirus as Adware.Win32.BrowseFox (Adware)
            - Rising Antivirus as NS:PUF.SilenceInstaller!1.9DDF (Undefined)
            - AVG as Generic (Undefined)
            - Qihoo 360 Security as HEUR/QVM42.0.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is599662386\0494758a_stp\weatherapp.exe
Publisher:         Portable WeatherApp
Signer:         JH Software Private Limited
MD5:             d2c335984bf52b9f7db5eec0ccd61fd7
SHA-1:             61b33e497f469709ac46a49f7eca751fa45b52c4
Created:         01/01/0001 12:00:00 AM
Detections:         3
Determination:         Adware
            - Dr.Web as riskware program Program.Unwanted.64 (Undefined)
            - Zillya! Antivirus as Trojan.Agent.Win32.490696 (Undefined)
            - Reason Heuristics as PUP.Installer.JHSoftwarePrivate (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is599662386\152cf1ba_stp\icc.dll
Publisher:         
MD5:             c050c3976ac8e15e27220450f40165d6
SHA-1:             35881f8101cc5f34c7e0a0bce17f848f38a91e58
Created:         16/02/2015 1:59:32 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Vba32 AntiVirus as Downware.InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is599662386\152cf1ba_stp\sqlite3.dll
Publisher:         
MD5:             2db34c7d07707168429b0b2633ff75c0
SHA-1:             0b29505703900208db71e8d8ae0e675fac2c4d57
Created:         02/12/2014 4:09:00 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is599662386\1a756fc0_stp\superoptimizer.exe
Publisher:         Super PC Tools Ltd
Signer:         Super PC Tools Limited
MD5:             977df691dc5aa5b4faf50ad2f0901f07
SHA-1:             06a9ed445eddcec3d7d3634fd41ba8acc1de46b7
Created:         01/01/0001 12:00:00 AM
Detections:         35
Determination:         Adware
            - Agnitum Outpost as Riskware.SpeedingUpMyPC (Adware)
            - Dr.Web as Program.Unwanted.134 (Adware)
            - Avira AntiVirus as Adware/SpdUpMyPC.5478976 (Adware)
            - G Data as Win32.Application.OptimizerPro (Undefined)
            - McAfee as Artemis!7945F1044656 (Undefined)
            - AVG as SuperPCTools (Undefined)
            - Reason Heuristics as PUP.PC Utilities (Adware)
            - Clam AntiVirus as Win.Trojan.Optimizerpro-18 (Undefined)
            - Rising Antivirus as PE:Trojan.Win32.Generic.17876B26!394750758 (Undefined)
            - F-Secure as Gen:Variant.Strictor.66909 (Undefined)
            - Emsisoft Anti-Malware as Gen:Variant.Strictor.66909 (Undefined)
            - MicroWorld eScan as Gen:Variant.Strictor.66909 (Undefined)
            - avast! as Agent-AUUH [PUP] (Adware)
            - Panda Antivirus as Trj/CI.A (Undefined)
            - Lavasoft Ad-Aware as Application.Generic.1029263 (Undefined)
            - Bitdefender as Gen:Variant.Strictor.66909 (Undefined)
            - Trend Micro as TROJ_GEN.R02KC0OK314 (Undefined)
            - VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
            - Comodo Security as ApplicUnwnt (Undefined)
            - Trend Micro House Call as TROJ_GEN.R02KC0OK314 (Undefined)
            - Qihoo 360 Security as HEUR/QVM41.1.Malware.Gen (Undefined)
            - Fortinet FortiGate as Riskware/OptimizerPro (Undefined)
            - ESET NOD32 as Win32/Adware.SpeedingUpMyPC.U application (Adware)
            - AhnLab V3 Security as PUP/Win32.Optimizer (Adware)
            - Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)
            - McAfee Web Gateway as Artemis (Undefined)
            - NANO AntiVirus as Riskware.Win32.OptimizerPro.dgmsiw (Adware)
            - Kaspersky as not-a-virus:RiskTool.Win32.OptimizerPro (Adware)
            - Total Defense as Win32/Tnega.SZHEWKB (Undefined)
            - F-Prot as W32/A-fcdc4a04 (Undefined)
            - K7 AntiVirus as Adware  (Adware)
            - K7 Gateway Antivirus as Adware  (Adware)
            - Zillya! Antivirus as Trojan.Black.Win32.18731 (Undefined)
            - IKARUS anti.virus as PUA.SpeedingUpMyPC (Adware)
            - Baidu Antivirus as PUA.Win32.Rezimitpo (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\669396-install_powerbullet1.44_2.exe_setup.exe
Publisher:         
Signer:         BH Media
MD5:             740c0f6beba9c2620218a587e954dd53
SHA-1:             8e59ffe53a018198475360e124767397a8f54611
Created:         28/10/2011 3:45:12 PM
Detections:         3
Determination:         Ignore detections (false positive)
            - Trend Micro House Call as HV_ZYX_CA250210.TOMC (Undefined)
            - Vba32 AntiVirus as suspected of Trojan.Downloader.gen.h (Undefined)
            - AVG as MalSign.Generic (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\ac3filter_1_63b.exe
Publisher:         Alexander Vigovsky                                          
MD5:             5afe025aad0383fb66dcade8d1572356
SHA-1:             d7b58766b6f58ab05b10c8112088f6285cb419ed
Created:         08/05/2011 4:57:51 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - The Hacker as Trojan/Dropper.FrauDrop.jl (Undefined)
            - ViRobot as Worm.Win32.A.VBNA.2661254 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\adobe_flash_setup.exe
Publisher:         CoinisRS
Signer:         Advertaizing Grupp
MD5:             b7004a715e2f116d8b54dd2abb6e293b
SHA-1:             dbf4314621e247892174e10646297aaafd874901
Created:         01/01/0001 12:00:00 AM
Detections:         14
Determination:         Adware
            - Reason Heuristics as PUP.Bundler.installCore (Adware)
            - VIPRE Antivirus as Threat.4150696 (Undefined)
            - avast! as Rootkit-gen [Rtk] (Undefined)
            - Dr.Web as Trojan.InstallCore.57 (Adware)
            - ESET NOD32 as Win32/InstallCore.XN potentially unwanted application (Adware)
            - Clam AntiVirus as Win.Trojan.Installcore-432 (Adware)
            - K7 AntiVirus as Trojan  (Undefined)
            - K7 Gateway Antivirus as Trojan  (Undefined)
            - Total Defense as Win32/Tnega.MFNTaRB (Undefined)
            - NANO AntiVirus as Riskware.Win32.InstallCore.dnxkbc (Adware)
            - Avira AntiVirus as Adware/InstallCo.zlz (Adware)
            - AhnLab V3 Security as PUP/Win32.InstallCore (Adware)
            - AVG as Generic (Undefined)
            - Agnitum Outpost as PUA.InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\aegisub-2.1.8-setup.exe
Publisher:         Aegisub Team                                                
MD5:             9dd26d603ec757058773ba57e67e0409
SHA-1:             f5ea89d7df1f0d7217083b7a26d1c35f71289ec8
Created:         02/01/2012 6:06:03 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Trojan/Win32.Tgenic (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\as i lay dying-an ocean between us-(2007).exe
Publisher:         
MD5:             0f2ea66bda97b586ec320384890ef50e
SHA-1:             bdfcee293a3393a801bfeb9e88e570465829b538
Created:         01/01/0001 12:00:00 AM
Detections:         27
Determination:         Adware
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)
            - Lavasoft Ad-Aware as Gen:Variant.Adware.Mplug.28 (Adware)
            - avast! as Win32:MultiPlug-SK [PUP] (Adware)
            - ESET NOD32 as Win32/Adware.MultiPlug.EP application (Adware)
            - McAfee as Program.MultiPlug-FVQ (Adware)
            - Dr.Web as Trojan.Crossrider.36840 (Adware)
            - F-Secure as Gen:Variant.Adware.Mplug (Adware)
            - Emsisoft Anti-Malware as Gen:Variant.Adware.Mplug.28 (Adware)
            - AVG as Adware Generic6.LSG (Adware)
            - Sophos as PUA 'MultiPlug' (of type Adware) (Adware)
            - Bkav FE as HW32.Packed (Undefined)
            - MicroWorld eScan as Gen:Variant.Adware.Mplug.28 (Adware)
            - K7 Gateway Antivirus as Unwanted-Program  (Adware)
            - K7 AntiVirus as Unwanted-Program  (Adware)
            - NANO AntiVirus as Trojan.Win32.Crossrider.dnjowy (Adware)
            - F-Prot as W32/S-f6576d9c (Undefined)
            - Bitdefender as Gen:Variant.Adware.Mplug.28 (Adware)
            - Agnitum Outpost as Trojan.Badur (Undefined)
            - Comodo Security as Application.Win32.AdWare.MultiPlug.VA (Adware)
            - McAfee Web Gateway as MultiPlug-FVQ (Undefined)
            - Avira AntiVirus as ADWARE/MultiPlug.Gen7 (Adware)
            - Antiy Labs AVL as Trojan/Win32.Badur (Undefined)
            - G Data as Gen:Variant.Adware.Mplug.28 (Adware)
            - AhnLab V3 Security as PUP/Win32.MultiPlug (Adware)
            - Vba32 AntiVirus as Heur.Malware-Cryptor.Multiplug (Undefined)
            - Panda Antivirus as Trj/Genetic.gen (Undefined)
            - Fortinet FortiGate as Adware/MultiPlug (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\cutewriter.exe
Publisher:         Acro Software Inc.                                          
Signer:         Acro Software Inc
MD5:             b9010329b2f4134cc29ecdb4ba57025f
SHA-1:             91ec186153fb33a4562204e4be5631168c2ba206
Created:         12/10/2011 2:10:55 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)
            - Trend Micro House Call as TROJ_GEN.F47V0321 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\divxwebplayerinstallerv15.exe
Publisher:         DivX, Inc.
Signer:         DivX, Inc.
MD5:             e688fdff1480069df4cfc06d497613aa
SHA-1:             47186229647016cfde6716702afa640fdb02e6be
Created:         08/05/2011 4:53:21 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Vba32 AntiVirus as suspected of Trojan.Downloader.gen.h (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\filezilla_3.8.0_win32-setup.exe
Publisher:                                                                     
Signer:         IC-Forge
MD5:             80195ca24db8352edc0fa44a795994e1
SHA-1:             852d6a6b6aa25d162fe97bc3037c68668409fb39
Created:         01/01/0001 12:00:00 AM
Detections:         14
Determination:         Adware
            - Reason Heuristics as PUP.Optional.Installer (Adware)
            - Dr.Web as Trojan.InstallCore.37 (Adware)
            - ESET NOD32 as Win32/InstallCore.NE potentially unwanted application (Adware)
            - VIPRE Antivirus as Threat.4786018 (Undefined)
            - AVG as Adware InstallCore.Gen (Adware)
            - Sophos as PUA 'Install Core Click run software' (Undefined)
            - K7 Gateway Antivirus as Unwanted-Program  (Adware)
            - K7 AntiVirus as Unwanted-Program  (Adware)
            - NANO AntiVirus as Riskware.Win32.InstallCore.dmfosa (Adware)
            - F-Prot as W32/A-dbe1ec51 (Undefined)
            - Agnitum Outpost as PUA.InstallCore (Adware)
            - Avira AntiVirus as ADWARE/InstallCore.Gen7 (Adware)
            - G Data as Win32.Application.InstallCore.CZ (Adware)
            - Vba32 AntiVirus as Downware.InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\freescreensharing_installer.exe
Publisher:         
Signer:         Free Conferencing Corporation
MD5:             5211ba43dadac2aea258c527bf5d70ad
SHA-1:             d407c861d3d7d9966081d34132c11f234f43ece9
Created:         03/09/2013 5:02:19 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Jiangmin as TrojanDownloader.Generic.anar (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\frst64.exe
Publisher:         Farbar
MD5:             0cec5d30350dd4487cb46cbc766168fe
SHA-1:             f33d29525308189a003638798c3273e24c7ec7ea
Created:         07/03/2015 9:15:36 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\pcsu_db78040869a14f67ba7a43bd9046d8e6_.exe
Publisher:         Speedchecker Limited                                        
Signer:         Safe Download Limited
MD5:             e76a7e9fc9b44b59e79f628648782a73
SHA-1:             b96dfe8c24616bd38fefec9fad981dcc94d69338
Created:         01/01/0001 12:00:00 AM
Detections:         3
Determination:         Adware
            - Kingsoft AntiVirus as VIRUS_UNKNOWN (Undefined)
            - ESET NOD32 as Win32/Speedchecker (variant) (Undefined)
            - Reason Heuristics as PUP.SafeDownloadLimited.N (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\set_up_outlookset.exe
Publisher:         
Signer:         Starfield Technologies, Inc.
MD5:             00800243034ddcf594ae5914bf83c9a5
SHA-1:             a1d3f1304eb350a958d6671387f4b905036348b7
Created:         03/09/2014 9:20:30 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\vlc-1.1.11-win32.exe
Publisher:         
MD5:             11b9f1e66ee67f0c765c5895a99755dd
SHA-1:             7bbb0c3dc8f88e1bcd3e358a5ffaa4aa53e89dbb
Created:         07/11/2011 8:28:20 AM
Detections:         3
Determination:         Inconclusive
            - Emsisoft Anti-Malware as Gen:Variant.Kazy.303531 (Undefined)
            - Antiy Labs AVL as Trojan/Win32.Generic.gen (Undefined)
            - Rising Antivirus as PE:Trojan.Dropper!6.3CE (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\pazera_video_converters_suite\pazera_video_converters_suite\zune_video\ffmpeg.exe
Publisher:         
MD5:             2478d46f4d4832d34b270fa59fdcdfec
SHA-1:             0b37e69a0dfcaf15fc98255f1d03b877671fe97a
Created:         06/01/2009 12:17:14 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:         c:\windows\system32\registrydefragboottime.exe
Publisher:         IObit
Signer:         IObit Information Technology
MD5:             2a99f3410342f2b058109cfeedf45f64
SHA-1:             fce475b15e702b3490a11f3d122649f18244380d
Created:         13/03/2014 9:39:18 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Emsisoft Anti-Malware as Gen:Trojan.Heur.0q0@umJwE0j (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\syswow64\athprxy.dll
Publisher:         Microsoft Corporation
MD5:             0e41294877a54b9ac1718934589e4033
SHA-1:             d000ea9e2fd9d05ec728b9c20bb897d9764e0654
Created:         22/01/2001 12:25:24 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\syswow64\iscsicpl.dll
Publisher:         Microsoft Corporation
MD5:             f945adcef203e6104aec8ec9c337cfd0
SHA-1:             85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created:         13/07/2009 5:46:13 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\syswow64\quicktimevr.qtx
Publisher:         Apple Inc.
MD5:             97a90e7845335c6ab21f9fad72595563
SHA-1:             8a793b6dc73b5895bb0da74b8871269192567198
Created:         24/10/2011 1:29:02 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - AVG as Suspicion: unknown virus

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.1\17778\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.1\7481\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.4\1663\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.4\24174\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.4\26360\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.1\17778\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.1\7481\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.4\1663\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.4\24174\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.4\26360\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\flexnet\connect\11\agent.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             0826f139e35edbe6064797a68564812e
SHA-1:             a79deea5204929e8ddbe81e976dc7704a01f281a
Created:         13/10/2011 12:11:32 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\flexnet\connect\11\issch.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             3e490f5054840c8fc9a38ff752af36ae
SHA-1:             87a73d4146fb687331ecd96a8eb0836d6602abb2
Created:         13/10/2011 12:11:36 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\flexnet\connect\11\isuspm.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             6f5c9785c05d23dabe407653c12b8a05
SHA-1:             9e313a150259997ce22029d3c42eae1521904468
Created:         13/10/2011 12:11:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Kingsoft AntiVirus as Win32.Heur.KVMF81.hy.(kcloud)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\iobit\ascdownloader\ascsetup.exe
Publisher:         IObit                                                       
Signer:         IObit Information Technology
MD5:             2f1e5ac54c72fabffd5276e37560c809
SHA-1:             db538cf6735e34eb91fe154cd59a490aeb6f1730
Created:         13/03/2014 8:29:35 PM
Detections:         1
Determination:         Inconclusive
            - ESET NOD32 as Win32/Toolbar.Widgi (variant) (Adware)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\macrovision\flexnet connect\11\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             4ac0793e7bee325c2219f714036a63b8
SHA-1:             7856a4e5e0d845a040dd0494b5cb04c6d93a9608
Created:         13/10/2011 12:11:44 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\macrovision\flexnet connect\6\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             a8af2d9085359365f3f0ff62bdf3effb
SHA-1:             8d3f9bef8cb04c53ada8df074ebac5dc8220aa52
Created:         13/10/2011 12:11:42 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\temp\{01fb4998-33c4-4431-85ed-079e3eefe75d}\postbuild.exe
Publisher:         
MD5:             11b0c4f03d271213ff01fe2a81bc7c6a
SHA-1:             03dd1973f24b6085a24487291876297ccd3e24d9
Created:         07/11/2010 1:57:16 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\{676245f0-aae0-d96c-6762-245f0aae17c2}\superoptimizer.exe
Publisher:         Super PC Tools Ltd
Signer:         Super PC Tools Limited
MD5:             977df691dc5aa5b4faf50ad2f0901f07
SHA-1:             06a9ed445eddcec3d7d3634fd41ba8acc1de46b7
Created:         01/01/0001 12:00:00 AM
Detections:         35
Determination:         Adware
            - Agnitum Outpost as Riskware.SpeedingUpMyPC (Adware)
            - Dr.Web as Program.Unwanted.134 (Adware)
            - Avira AntiVirus as Adware/SpdUpMyPC.5478976 (Adware)
            - G Data as Win32.Application.OptimizerPro (Undefined)
            - McAfee as Artemis!7945F1044656 (Undefined)
            - AVG as SuperPCTools (Undefined)
            - Reason Heuristics as PUP.PC Utilities (Adware)
            - Clam AntiVirus as Win.Trojan.Optimizerpro-18 (Undefined)
            - Rising Antivirus as PE:Trojan.Win32.Generic.17876B26!394750758 (Undefined)
            - F-Secure as Gen:Variant.Strictor.66909 (Undefined)
            - Emsisoft Anti-Malware as Gen:Variant.Strictor.66909 (Undefined)
            - MicroWorld eScan as Gen:Variant.Strictor.66909 (Undefined)
            - avast! as Agent-AUUH [PUP] (Adware)
            - Panda Antivirus as Trj/CI.A (Undefined)
            - Lavasoft Ad-Aware as Application.Generic.1029263 (Undefined)
            - Bitdefender as Gen:Variant.Strictor.66909 (Undefined)
            - Trend Micro as TROJ_GEN.R02KC0OK314 (Undefined)
            - VIPRE Antivirus as Trojan.Win32.Generic (Undefined)
            - Comodo Security as ApplicUnwnt (Undefined)
            - Trend Micro House Call as TROJ_GEN.R02KC0OK314 (Undefined)
            - Qihoo 360 Security as HEUR/QVM41.1.Malware.Gen (Undefined)
            - Fortinet FortiGate as Riskware/OptimizerPro (Undefined)
            - ESET NOD32 as Win32/Adware.SpeedingUpMyPC.U application (Adware)
            - AhnLab V3 Security as PUP/Win32.Optimizer (Adware)
            - Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)
            - McAfee Web Gateway as Artemis (Undefined)
            - NANO AntiVirus as Riskware.Win32.OptimizerPro.dgmsiw (Adware)
            - Kaspersky as not-a-virus:RiskTool.Win32.OptimizerPro (Adware)
            - Total Defense as Win32/Tnega.SZHEWKB (Undefined)
            - F-Prot as W32/A-fcdc4a04 (Undefined)
            - K7 AntiVirus as Adware  (Adware)
            - K7 Gateway Antivirus as Adware  (Adware)
            - Zillya! Antivirus as Trojan.Black.Win32.18731 (Undefined)
            - IKARUS anti.virus as PUA.SpeedingUpMyPC (Adware)
            - Baidu Antivirus as PUA.Win32.Rezimitpo (Adware)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\{bbdc71d6-c390-96fb-bbdc-c71d6c39c75b}\as i lay dying-an ocean between us-(2007).exe
Publisher:         
MD5:             0f2ea66bda97b586ec320384890ef50e
SHA-1:             bdfcee293a3393a801bfeb9e88e570465829b538
Created:         01/01/0001 12:00:00 AM
Detections:         27
Determination:         Adware
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)
            - Lavasoft Ad-Aware as Gen:Variant.Adware.Mplug.28 (Adware)
            - avast! as Win32:MultiPlug-SK [PUP] (Adware)
            - ESET NOD32 as Win32/Adware.MultiPlug.EP application (Adware)
            - McAfee as Program.MultiPlug-FVQ (Adware)
            - Dr.Web as Trojan.Crossrider.36840 (Adware)
            - F-Secure as Gen:Variant.Adware.Mplug (Adware)
            - Emsisoft Anti-Malware as Gen:Variant.Adware.Mplug.28 (Adware)
            - AVG as Adware Generic6.LSG (Adware)
            - Sophos as PUA 'MultiPlug' (of type Adware) (Adware)
            - Bkav FE as HW32.Packed (Undefined)
            - MicroWorld eScan as Gen:Variant.Adware.Mplug.28 (Adware)
            - K7 Gateway Antivirus as Unwanted-Program  (Adware)
            - K7 AntiVirus as Unwanted-Program  (Adware)
            - NANO AntiVirus as Trojan.Win32.Crossrider.dnjowy (Adware)
            - F-Prot as W32/S-f6576d9c (Undefined)
            - Bitdefender as Gen:Variant.Adware.Mplug.28 (Adware)
            - Agnitum Outpost as Trojan.Badur (Undefined)
            - Comodo Security as Application.Win32.AdWare.MultiPlug.VA (Adware)
            - McAfee Web Gateway as MultiPlug-FVQ (Undefined)
            - Avira AntiVirus as ADWARE/MultiPlug.Gen7 (Adware)
            - Antiy Labs AVL as Trojan/Win32.Badur (Undefined)
            - G Data as Gen:Variant.Adware.Mplug.28 (Adware)
            - AhnLab V3 Security as PUP/Win32.MultiPlug (Adware)
            - Vba32 AntiVirus as Heur.Malware-Cryptor.Multiplug (Undefined)
            - Panda Antivirus as Trj/Genetic.gen (Undefined)
            - Fortinet FortiGate as Adware/MultiPlug (Adware)

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\issch.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             3e490f5054840c8fc9a38ff752af36ae
SHA-1:             87a73d4146fb687331ecd96a8eb0836d6602abb2
Created:         13/10/2011 12:11:36 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\iobit\ascdownloader\ascsetup.exe
Publisher:         IObit                                                       
Signer:         IObit Information Technology
MD5:             2f1e5ac54c72fabffd5276e37560c809
SHA-1:             db538cf6735e34eb91fe154cd59a490aeb6f1730
Created:         13/03/2014 8:29:35 PM
Detections:         1
Determination:         Inconclusive
            - ESET NOD32 as Win32/Toolbar.Widgi (variant) (Adware)

---------------------------------------------------------------------------------

File path:         c:\programdata\macrovision\flexnet connect\11\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             4ac0793e7bee325c2219f714036a63b8
SHA-1:             7856a4e5e0d845a040dd0494b5cb04c6d93a9608
Created:         13/10/2011 12:11:44 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\macrovision\flexnet connect\6\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             a8af2d9085359365f3f0ff62bdf3effb
SHA-1:             8d3f9bef8cb04c53ada8df074ebac5dc8220aa52
Created:         13/10/2011 12:11:42 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\temp\{01fb4998-33c4-4431-85ed-079e3eefe75d}\postbuild.exe
Publisher:         
MD5:             11b0c4f03d271213ff01fe2a81bc7c6a
SHA-1:             03dd1973f24b6085a24487291876297ccd3e24d9
Created:         07/11/2010 1:57:16 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\freescreensharing\freescreensharing_uninstaller.exe
Publisher:         
Signer:         Free Conferencing Corporation
MD5:             bfb3823392f23dcfdbef2fd9912787ad
SHA-1:             605b4e5de9bb5accfe0751f9192ef4b1c1bc41d4
Created:         26/06/2013 6:28:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Jiangmin as TrojanDownloader.Generic.anar (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\pctuner\pctuner.exe
Publisher:         Tuneup computer
Signer:         M3R Global Services
MD5:             647a5254ed3d82350357c5538d17f1d4
SHA-1:             dbcaded63f2d2019c2bd7733d02332f400885386
Created:         01/01/0001 12:00:00 AM
Detections:         5
Determination:         Adware
            - ESET NOD32 as MSIL/RegProCleaner.A potentially unwanted application (Adware)
            - Zillya! Antivirus as Trojan.Agent.Win32.490696 (Undefined)
            - NANO AntiVirus as Riskware.Win32.Unwanted.dmkeox (Adware)
            - Agnitum Outpost as PUA.Downloader (Adware)
            - Jiangmin as Trojan/Agent.kjco (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\roaming\mozilla\firefox\profiles\rvl6297l.default-1422815713866\extensions\gu@k.org\install.rdf
Publisher:         
MD5:             64267d2bfdd99cec6a8d454c446ed84e
SHA-1:             f6f5899dbfbcda9877b2776402a6ae15dd3865bc
Created:         01/01/0001 12:00:00 AM
Detections:         1
Determination:         Adware
            - Reason Heuristics as Adware.Obscure.WebPick.MozillaPlugin (Adware)

---------------------------------------------------------------------------------

File path:         c:\Users\the house cat\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             6a05110733966830f85bc2fe957c79eb
SHA-1:             ba8113ef98f537f7b0c2c56c87968625cba49f9b
Created:         22/09/2012 12:38:34 AM
Detections:         5
Determination:         Inconclusive
            - Bkav FE as W32.Clod052.Trojan (Undefined)
            - nProtect as Trojan/W32.Agent.449176 (Undefined)
            - The Hacker as Trojan/Agent.bjvu (Undefined)
            - Trend Micro House Call as HV_AGENT_BK083C37.TOMC (Undefined)
            - Dr.Web as Trojan.Click2.59112 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files\avidemux 2.5\uninstall.exe
Publisher:         
MD5:             219863b2472cdfb5cf1a43963c4b9426
SHA-1:             fd843e1c882989cae776951e145da75dd99e4022
Created:         01/01/2012 9:25:37 PM
Detections:         1
Determination:         Inconclusive
            - nProtect as Trojan/W32.Agent.132239.C (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files\waterfox\uninstall\helper.exe
Publisher:         Waterfox Ltd
MD5:             5e909e6fc92fa3c5b98948a5078540dc
SHA-1:             7a1f0d3c4930471cddbdc06243d7a6a7419b3ade
Created:         31/01/2015 3:28:29 PM
Detections:         2
Determination:         UndefinedMalware
            - Clam AntiVirus as Win.Trojan.Agent-760447 (Undefined)
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\jsextensions\dwfile.dll
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems Incorporated
MD5:             8a8bc7e1879915662e82023d387f79b1
SHA-1:             7115a2347ea48e3728e6d73898726fe4f8fed7ae
Created:         31/03/2012 3:08:16 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\adobe\adobe dreamweaver cs6\jvm\bin\javaws.exe
Publisher:         Sun Microsystems, Inc.
Signer:         Sun Microsystems, Inc.
MD5:             bf5d27f8eb9f52a2b5e2e504afbae6d6
SHA-1:             15edcad18c0329b41fc4d1fc982620f07173108d
Created:         31/03/2012 1:27:20 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.Clodfa5.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\ati technologies\ati.ace\core-static\atiacmxx.dll
Publisher:         Advanced Micro Devices, Inc.
MD5:             078022e373a805048f927a2107aa588e
SHA-1:             be98268753f5dfd65a4039a5cf0689bced066c04
Created:         17/06/2010 9:49:36 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.AdvancedMicroDevices.I

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\audacity\unins000.exe
Publisher:         
MD5:             8bbcd78364faf1b1a1b52738a3940d6a
SHA-1:             d7edf7739eede01ce0174d0403c2f376527e804f
Created:         03/07/2014 5:41:37 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\citrix\ica client\module.src
Publisher:         
MD5:             e0f3ad0c14bdf2ba254b4ebbdb037982
SHA-1:             60aea5885d596e0bb0b5bd2e425a92acce7c3409
Created:         25/04/2012 9:03:04 AM
Detections:         1
Determination:         Inconclusive
            - Avira AntiVirus as TR/Drop.Softomat.AN (Undefined)
 

 

 

It requested I wait 30 min. for further analysis and run the scan again,

so I removed what seemed obvious to not belong,

and the second scan report is as follows:

 

Saved date:          08/03/2015 1:03:31 AM
Files detected:     64
Files scanned:         10,398
Processes scanned:     74
Modules scanned:     811
ASEPs scanned:         509
Downloads scanned:     1
Deep analysis:         0/1
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\agent.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             0826f139e35edbe6064797a68564812e
SHA-1:             a79deea5204929e8ddbe81e976dc7704a01f281a
Created:         13/10/2011 12:11:32 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\isuspm.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             6f5c9785c05d23dabe407653c12b8a05
SHA-1:             9e313a150259997ce22029d3c42eae1521904468
Created:         13/10/2011 12:11:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Kingsoft AntiVirus as Win32.Heur.KVMF81.hy.(kcloud)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\common files\lightscribe\lssrvc.exe
Publisher:         Hewlett-Packard Company
MD5:             7550d101bf49fdb1f92666a233ee36c4
SHA-1:             c4052e38a0e643f8a89f66e7aa58f416f7157f49
Created:         19/05/2010 11:44:14 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.Service.HewlettPackardCompany.G

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\hp games\hp game console\gameconsoleservice.exe
Publisher:         WildTangent, Inc.
Signer:         WildTangent Inc
MD5:             ce16683cfd11fe70bde435dda5ea1fca
SHA-1:             ff1041c97622b81d6fd03e3a7f17c8884cc2e8c2
Created:         03/04/2010 5:01:24 PM
Detections:         3
Determination:         Ignore detections (false positive)
            - Dr.Web as MULDROP.Trojan (Undefined)
            - Boost by Reason as Optional.Service.WildTangent.S
            - Antiy Labs AVL as Trojan/Win32.Mufanom.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe
Publisher:         Macrovision Corporation
MD5:             daf66902f08796f9c694901660e5a64a
SHA-1:             ca96dc67dd8adeb4d0fd93cbc2bf41a477d3be18
Created:         13/11/2005 11:06:04 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.Clod9d9.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe
Publisher:         Advanced Micro Devices, Inc.
MD5:             7d4e51421fe39b98f21ed28ef900bbb1
SHA-1:             16e400bf1a2dcc94e7ae3c53e17395585b69faef
Created:         17/06/2010 9:48:12 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - The Hacker as Trojan/Kryptik.apb (Undefined)
            - Boost by Reason as Optional.Startup.AdvancedMicroDevices.I

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\\isuspm.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             6f5c9785c05d23dabe407653c12b8a05
SHA-1:             9e313a150259997ce22029d3c42eae1521904468
Created:         13/10/2011 12:11:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Kingsoft AntiVirus as Win32.Heur.KVMF81.hy.(kcloud)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\nuance\naturallyspeaking12\ereg\ereg.exe
Publisher:         Nuance Communications, Inc.
Signer:         Nuance Communications, Inc.
MD5:             63c0c3c8a846cb655cd512234959196f
SHA-1:             5033c3936d1c022afce71f75f65dd89a14c978a8
Created:         27/10/2010 12:44:38 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.NuanceCommunications.E

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\tuneup computer\updater.exe
Publisher:         Tuneup computer
Signer:         M3R Global Services
MD5:             9d1f8c925adf10bbf0068934aae510a5
SHA-1:             4db8722eb489a4bbd4519a42d6762f45ac54bcc3
Created:         03/02/2015 4:59:24 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Zillya! Antivirus as Trojan.Agent.Win32.491207 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\real\realupgrade\realupgrade.exe
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             d412ac27fe3c9f8bc19741dac0e0329d
SHA-1:             c1d332748242ab726d648ec12ce06fb467ecd323
Created:         30/04/2012 7:21:22 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Task.RealNetworks.L

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\real\realplayer\\rpshellsearch.dll
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             1fb759442bec1bd6ab5194a79e121192
SHA-1:             85a6b60e5c32abc6192d4f8bbf1d5bdc98a9b19a
Created:         13/05/2012 11:21:47 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Handler.RealNetworks.N

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\real\realplayer\rpshell.dll
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             0683583f5fa5bf440ab5c9361ea47ee3
SHA-1:             de22edde3ebd3247e7cea66d43598967a6c89fe8
Created:         13/05/2012 11:21:18 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.RealNetworks.H

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\icreinstall_adobe_flash_setup(1).exe
Publisher:         Application                                                 
Signer:         OOO Creo Advert
MD5:             ea22aa64ff642837aa8e6ee44cd62c2e
SHA-1:             5fe5304bb2bc29e8067c526e386bdccd13b9e34d
Created:         07/03/2015 12:12:33 PM
Detections:         6
Determination:         Adware
            - VIPRE Antivirus as Threat.4150696 (Undefined)
            - avast! as Malware-gen (Undefined)
            - ESET NOD32 as Win32/InstallCore.XP potentially unwanted application (Adware)
            - K7 Gateway Antivirus as Trojan  (Undefined)
            - Avira AntiVirus as Adware/InstallCore.A.439 (Adware)
            - AVG as InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is1751165634\12634862_stp\icc.dll
Publisher:         
MD5:             f03d8375c6696a85d58aad9adce7f702
SHA-1:             65f1f0d076fec3a794f84fe5cb355e525054128e
Created:         17/03/2014 2:19:02 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Vba32 AntiVirus as Downware.InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is599662386\152cf1ba_stp\icc.dll
Publisher:         
MD5:             c050c3976ac8e15e27220450f40165d6
SHA-1:             35881f8101cc5f34c7e0a0bce17f848f38a91e58
Created:         16/02/2015 1:59:32 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Vba32 AntiVirus as Downware.InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\temp\is599662386\152cf1ba_stp\sqlite3.dll
Publisher:         
MD5:             2db34c7d07707168429b0b2633ff75c0
SHA-1:             0b29505703900208db71e8d8ae0e675fac2c4d57
Created:         02/12/2014 4:09:00 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\669396-install_powerbullet1.44_2.exe_setup.exe
Publisher:         
Signer:         BH Media
MD5:             740c0f6beba9c2620218a587e954dd53
SHA-1:             8e59ffe53a018198475360e124767397a8f54611
Created:         28/10/2011 3:45:12 PM
Detections:         3
Determination:         Ignore detections (false positive)
            - Trend Micro House Call as HV_ZYX_CA250210.TOMC (Undefined)
            - Vba32 AntiVirus as suspected of Trojan.Downloader.gen.h (Undefined)
            - AVG as MalSign.Generic (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\ac3filter_1_63b.exe
Publisher:         Alexander Vigovsky                                          
MD5:             5afe025aad0383fb66dcade8d1572356
SHA-1:             d7b58766b6f58ab05b10c8112088f6285cb419ed
Created:         08/05/2011 4:57:51 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - The Hacker as Trojan/Dropper.FrauDrop.jl (Undefined)
            - ViRobot as Worm.Win32.A.VBNA.2661254 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\adobe_flash_setup(1).exe
Publisher:         Application                                                 
Signer:         OOO Creo Advert
MD5:             ea22aa64ff642837aa8e6ee44cd62c2e
SHA-1:             5fe5304bb2bc29e8067c526e386bdccd13b9e34d
Created:         07/03/2015 11:40:44 AM
Detections:         6
Determination:         Adware
            - VIPRE Antivirus as Threat.4150696 (Undefined)
            - avast! as Malware-gen (Undefined)
            - ESET NOD32 as Win32/InstallCore.XP potentially unwanted application (Adware)
            - K7 Gateway Antivirus as Trojan  (Undefined)
            - Avira AntiVirus as Adware/InstallCore.A.439 (Adware)
            - AVG as InstallCore (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\aegisub-2.1.8-setup.exe
Publisher:         Aegisub Team                                                
MD5:             9dd26d603ec757058773ba57e67e0409
SHA-1:             f5ea89d7df1f0d7217083b7a26d1c35f71289ec8
Created:         02/01/2012 6:06:03 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Trojan/Win32.Tgenic (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\cutewriter.exe
Publisher:         Acro Software Inc.                                          
Signer:         Acro Software Inc
MD5:             b9010329b2f4134cc29ecdb4ba57025f
SHA-1:             91ec186153fb33a4562204e4be5631168c2ba206
Created:         12/10/2011 2:10:55 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - ESET NOD32 as Win32/Bundled.Toolbar.Ask (variant) (Undefined)
            - Trend Micro House Call as TROJ_GEN.F47V0321 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\divxwebplayerinstallerv15.exe
Publisher:         DivX, Inc.
Signer:         DivX, Inc.
MD5:             e688fdff1480069df4cfc06d497613aa
SHA-1:             47186229647016cfde6716702afa640fdb02e6be
Created:         08/05/2011 4:53:21 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Vba32 AntiVirus as suspected of Trojan.Downloader.gen.h (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\freescreensharing_installer.exe
Publisher:         
Signer:         Free Conferencing Corporation
MD5:             5211ba43dadac2aea258c527bf5d70ad
SHA-1:             d407c861d3d7d9966081d34132c11f234f43ece9
Created:         03/09/2013 5:02:19 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Jiangmin as TrojanDownloader.Generic.anar (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\frst64.exe
Publisher:         Farbar
MD5:             0cec5d30350dd4487cb46cbc766168fe
SHA-1:             f33d29525308189a003638798c3273e24c7ec7ea
Created:         07/03/2015 9:15:36 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Jiangmin as Trojan/PSW.Autoit.ic (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\set_up_outlookset.exe
Publisher:         
Signer:         Starfield Technologies, Inc.
MD5:             00800243034ddcf594ae5914bf83c9a5
SHA-1:             a1d3f1304eb350a958d6671387f4b905036348b7
Created:         03/09/2014 9:20:30 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - ByteHero BDV as Virus.Win32.Part.a (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\vlc-1.1.11-win32.exe
Publisher:         
MD5:             11b9f1e66ee67f0c765c5895a99755dd
SHA-1:             7bbb0c3dc8f88e1bcd3e358a5ffaa4aa53e89dbb
Created:         07/11/2011 8:28:20 AM
Detections:         3
Determination:         Inconclusive
            - Emsisoft Anti-Malware as Gen:Variant.Kazy.303531 (Undefined)
            - Antiy Labs AVL as Trojan/Win32.Generic.gen (Undefined)
            - Rising Antivirus as PE:Trojan.Dropper!6.3CE (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\downloads\pazera_video_converters_suite\pazera_video_converters_suite\zune_video\ffmpeg.exe
Publisher:         
MD5:             2478d46f4d4832d34b270fa59fdcdfec
SHA-1:             0b37e69a0dfcaf15fc98255f1d03b877671fe97a
Created:         06/01/2009 12:17:14 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.XPACK/RDM!5.1

---------------------------------------------------------------------------------

File path:         c:\windows\system32\registrydefragboottime.exe
Publisher:         IObit
Signer:         IObit Information Technology
MD5:             2a99f3410342f2b058109cfeedf45f64
SHA-1:             fce475b15e702b3490a11f3d122649f18244380d
Created:         13/03/2014 9:39:18 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Emsisoft Anti-Malware as Gen:Trojan.Heur.0q0@umJwE0j (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\syswow64\athprxy.dll
Publisher:         Microsoft Corporation
MD5:             0e41294877a54b9ac1718934589e4033
SHA-1:             d000ea9e2fd9d05ec728b9c20bb897d9764e0654
Created:         22/01/2001 12:25:24 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\syswow64\iscsicpl.dll
Publisher:         Microsoft Corporation
MD5:             f945adcef203e6104aec8ec9c337cfd0
SHA-1:             85fe50b2c2fcbec2c09c5039c8f8c1d38523780a
Created:         13/07/2009 5:46:13 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoA (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\syswow64\quicktimevr.qtx
Publisher:         Apple Inc.
MD5:             97a90e7845335c6ab21f9fad72595563
SHA-1:             8a793b6dc73b5895bb0da74b8871269192567198
Created:         24/10/2011 1:29:02 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - AVG as Suspicion: unknown virus

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.1\17778\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.1\7481\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.4\1663\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.4\24174\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\adobe\arm\reader_10.1.4\26360\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.1\17778\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.1\7481\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             b8e421c0890356cd4a793d8a346d9096
SHA-1:             30e85d80d9cefa4c55b33a1bfb6e0507a34267fa
Created:         03/01/2012 12:37:53 AM
Detections:         2
Determination:         Ignore detections (false positive)
            - Boost by Reason as UnneededApp.Startup.AdobeSystemsorporated.I
            - Antiy Labs AVL as Backdoor/Win32.Swrort.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.4\1663\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.4\24174\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\adobe\arm\reader_10.1.4\26360\adobearm.exe
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems, Incorporated
MD5:             3cb07566302bceeb898de270a0bec175
SHA-1:             3c79cfc02e2e9877e164d1a7e856fa6bddb34c2f
Created:         03/12/2012 12:35:28 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Malware.Sality!6.EDB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\flexnet\connect\11\agent.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             0826f139e35edbe6064797a68564812e
SHA-1:             a79deea5204929e8ddbe81e976dc7704a01f281a
Created:         13/10/2011 12:11:32 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\flexnet\connect\11\issch.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             3e490f5054840c8fc9a38ff752af36ae
SHA-1:             87a73d4146fb687331ecd96a8eb0836d6602abb2
Created:         13/10/2011 12:11:36 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\flexnet\connect\11\isuspm.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             6f5c9785c05d23dabe407653c12b8a05
SHA-1:             9e313a150259997ce22029d3c42eae1521904468
Created:         13/10/2011 12:11:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Kingsoft AntiVirus as Win32.Heur.KVMF81.hy.(kcloud)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\iobit\ascdownloader\ascsetup.exe
Publisher:         IObit                                                       
Signer:         IObit Information Technology
MD5:             2f1e5ac54c72fabffd5276e37560c809
SHA-1:             db538cf6735e34eb91fe154cd59a490aeb6f1730
Created:         13/03/2014 8:29:35 PM
Detections:         1
Determination:         Inconclusive
            - ESET NOD32 as Win32/Toolbar.Widgi (variant) (Adware)

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\macrovision\flexnet connect\11\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             4ac0793e7bee325c2219f714036a63b8
SHA-1:             7856a4e5e0d845a040dd0494b5cb04c6d93a9608
Created:         13/10/2011 12:11:44 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\macrovision\flexnet connect\6\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             a8af2d9085359365f3f0ff62bdf3effb
SHA-1:             8d3f9bef8cb04c53ada8df074ebac5dc8220aa52
Created:         13/10/2011 12:11:42 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\application data\temp\{01fb4998-33c4-4431-85ed-079e3eefe75d}\postbuild.exe
Publisher:         
MD5:             11b0c4f03d271213ff01fe2a81bc7c6a
SHA-1:             03dd1973f24b6085a24487291876297ccd3e24d9
Created:         07/11/2010 1:57:16 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\programdata\flexnet\connect\11\issch.exe
Publisher:         Flexera Software LLC.
Signer:         Flexera Software LLC
MD5:             3e490f5054840c8fc9a38ff752af36ae
SHA-1:             87a73d4146fb687331ecd96a8eb0836d6602abb2
Created:         13/10/2011 12:11:36 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\iobit\ascdownloader\ascsetup.exe
Publisher:         IObit                                                       
Signer:         IObit Information Technology
MD5:             2f1e5ac54c72fabffd5276e37560c809
SHA-1:             db538cf6735e34eb91fe154cd59a490aeb6f1730
Created:         13/03/2014 8:29:35 PM
Detections:         1
Determination:         Inconclusive
            - ESET NOD32 as Win32/Toolbar.Widgi (variant) (Adware)

---------------------------------------------------------------------------------

File path:         c:\programdata\macrovision\flexnet connect\11\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             4ac0793e7bee325c2219f714036a63b8
SHA-1:             7856a4e5e0d845a040dd0494b5cb04c6d93a9608
Created:         13/10/2011 12:11:44 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\macrovision\flexnet connect\6\agent.exe
Publisher:         Flexera Software, Inc.
Signer:         Flexera Software LLC
MD5:             a8af2d9085359365f3f0ff62bdf3effb
SHA-1:             8d3f9bef8cb04c53ada8df074ebac5dc8220aa52
Created:         13/10/2011 12:11:42 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.FlexeraSoftware.F

---------------------------------------------------------------------------------

File path:         c:\programdata\temp\{01fb4998-33c4-4431-85ed-079e3eefe75d}\postbuild.exe
Publisher:         
MD5:             11b0c4f03d271213ff01fe2a81bc7c6a
SHA-1:             03dd1973f24b6085a24487291876297ccd3e24d9
Created:         07/11/2010 1:57:16 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\the house cat\appdata\local\freescreensharing\freescreensharing_uninstaller.exe
Publisher:         
Signer:         Free Conferencing Corporation
MD5:             bfb3823392f23dcfdbef2fd9912787ad
SHA-1:             605b4e5de9bb5accfe0751f9192ef4b1c1bc41d4
Created:         26/06/2013 6:28:34 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Jiangmin as TrojanDownloader.Generic.anar (Undefined)

---------------------------------------------------------------------------------

File path:         c:\Users\the house cat\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
Publisher:         RealNetworks, Inc.
Signer:         RealNetworks, Inc.
MD5:             6a05110733966830f85bc2fe957c79eb
SHA-1:             ba8113ef98f537f7b0c2c56c87968625cba49f9b
Created:         22/09/2012 12:38:34 AM
Detections:         5
Determination:         Inconclusive
            - Bkav FE as W32.Clod052.Trojan (Undefined)
            - nProtect as Trojan/W32.Agent.449176 (Undefined)
            - The Hacker as Trojan/Agent.bjvu (Undefined)
            - Trend Micro House Call as HV_AGENT_BK083C37.TOMC (Undefined)
            - Dr.Web as Trojan.Click2.59112 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files\avidemux 2.5\uninstall.exe
Publisher:         
MD5:             219863b2472cdfb5cf1a43963c4b9426
SHA-1:             fd843e1c882989cae776951e145da75dd99e4022
Created:         01/01/2012 9:25:37 PM
Detections:         1
Determination:         Inconclusive
            - nProtect as Trojan/W32.Agent.132239.C (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files\waterfox\uninstall\helper.exe
Publisher:         Waterfox Ltd
MD5:             5e909e6fc92fa3c5b98948a5078540dc
SHA-1:             7a1f0d3c4930471cddbdc06243d7a6a7419b3ade
Created:         31/01/2015 3:28:29 PM
Detections:         2
Determination:         UndefinedMalware
            - Clam AntiVirus as Win.Trojan.Agent-760447 (Undefined)
            - Reason Heuristics as Threat.Win.Reputation.IMP (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\adobe\adobe dreamweaver cs6\configuration\jsextensions\dwfile.dll
Publisher:         Adobe Systems Incorporated
Signer:         Adobe Systems Incorporated
MD5:             8a8bc7e1879915662e82023d387f79b1
SHA-1:             7115a2347ea48e3728e6d73898726fe4f8fed7ae
Created:         31/03/2012 3:08:16 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\adobe\adobe dreamweaver cs6\jvm\bin\javaws.exe
Publisher:         Sun Microsystems, Inc.
Signer:         Sun Microsystems, Inc.
MD5:             bf5d27f8eb9f52a2b5e2e504afbae6d6
SHA-1:             15edcad18c0329b41fc4d1fc982620f07173108d
Created:         31/03/2012 1:27:20 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.Clodfa5.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\ati technologies\ati.ace\core-static\atiacmxx.dll
Publisher:         Advanced Micro Devices, Inc.
MD5:             078022e373a805048f927a2107aa588e
SHA-1:             be98268753f5dfd65a4039a5cf0689bced066c04
Created:         17/06/2010 9:49:36 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Boost by Reason as Optional.AdvancedMicroDevices.I

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\audacity\unins000.exe
Publisher:         
MD5:             8bbcd78364faf1b1a1b52738a3940d6a
SHA-1:             d7edf7739eede01ce0174d0403c2f376527e804f
Created:         03/07/2014 5:41:37 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - ByteHero BDV as Trojan.Malware.Obscu.Gen.001 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\citrix\ica client\module.src
Publisher:         
MD5:             e0f3ad0c14bdf2ba254b4ebbdb037982
SHA-1:             60aea5885d596e0bb0b5bd2e425a92acce7c3409
Created:         25/04/2012 9:03:04 AM
Detections:         1
Determination:         Inconclusive
            - Avira AntiVirus as TR/Drop.Softomat.AN (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\common files\adobe\adobe flash cs6\jre\bin\new_plugin\npjp2.dll
Publisher:         Sun Microsystems, Inc.
MD5:             1040bd9bf3ddab7cda2346f8375480a2
SHA-1:             1920ed533271d7db18359b7d083692b1ca136a86
Created:         30/03/2012 5:20:10 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as Virus/Win32.Xpaj.gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files (x86)\common files\adobe\adobe flash cs6\jre\lib\deploy\jqs\ie\jqs_plugin.dll
Publisher:         Sun Microsystems, Inc.
Signer:         Sun Microsystems, Inc.
MD5:             2c003d049cd5e45bb88b6f8583561035
SHA-1:             d1fcd8542654089e5574210979361b64eb312e1e
Created:         30/03/2012 5:20:10 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)
 

 

I'm not sure if some of these are required,

awaiting further direction

Attached Files



#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:26 AM

Posted 09 March 2015 - 02:27 PM

Hello and welcome to Bleeping Computer.
 
Please do the following:


Download the attached fixlist.txt file and save it to the Downloads folder, whereFRST64.exe is saved.
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log in the same folder as where FRST is saved. (Fixlog.txt). Please attach it to your reply.


Attached File  FixList.txt   2.93KB   3 downloads


NEXT

Please completely uninstall, then re-install your Chrome browser (it's currently installed in Development mode)

Please let me know if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 09 March 2015 - 11:55 PM

When I look in the control panel --> programs --> programs and features  to uninstall a program, I do not see Chrome as suggested, and do not have Chrome installed on this machine.

 

When I try to delete pctuner and weather app, a pop up appears saying "do you wish to allow pctuner to make changes" and I respond NO - at which point the window closes and it is not removed.  I hesitate to say yes as it may trigger another action.

 

Fixlog attached as requested.

Thank you

Attached Files



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:26 AM

Posted 10 March 2015 - 10:06 AM

ok,

adwcleaner may be able to remover the PCTuner, if not, we can script out any remnants

please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Cleaning button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 10 March 2015 - 08:47 PM

AdwCleaner log as requested.  PCTuner and WeatherApp still appear in programs to uninstall list.  Thank you

Attached Files



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:26 AM

Posted 11 March 2015 - 08:20 AM


Try running the FixIt here

http://support.microsoft.com/mats/program_install_and_uninstall/en

That should remove those entries from the installed programs list.

If not, please run a fresh scan with FRST and attach the new log.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 11 March 2015 - 01:38 PM

I get a pop up I'm unable to upload when I opened the computer this time, not sure if it's the from the program you suggested or not.  Computer opened up internet explorer to pctuner again, and a microsoft window popped up regarding trojans, which I also can't upload the screen shot of.  Will post scan log shortly



#11 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 11 March 2015 - 07:23 PM

I suspect the pop up was malware (attached). 

Ran ms fixit and was able to remove pctuner.

repeated and removed weatherapp.

Any suggestions for further action?

Thank you

Attached Files



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:26 AM

Posted 11 March 2015 - 07:36 PM

yes, that was definitely malware.

Please run the following and then follow up with a fresh FRST scan as well:

Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
○ Scan archives
○ Scan for potentially unsafe applications
○ Enable Anti-Stealth technology
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Attach the log as a reply to your next reply..
• Close the ESET online scan, and let me know how things are now.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 12 March 2015 - 07:52 AM

eset scan log attached - the 'IObit\ASCDownloader' items I am not familiar with, the remainder refer to programs I'm familiear with.  I've left ESET open pending further direction.

Thank you

Attached Files


Edited by iwanturCAT, 12 March 2015 - 07:53 AM.


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:26 AM

Posted 12 March 2015 - 09:23 AM

The detections are noting that the installation files are bundled with adware (the type that will install an unwanted toolbar unless you remember to "opt out" of the additional install)

If you no longer need those installation files, then I would remove them.

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 iwanturCAT

iwanturCAT
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Earth
  • Local time:05:26 AM

Posted 12 March 2015 - 06:48 PM

I've gone into the folders and deleted the files except for IObit\ASCDownloader, which I cannot find.  Am trying searches.  I do not have an "All Users" folder that I can see.

Will use computer a bit more to see how it's operating.

Thank you






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users