Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows 7 Maleware "anywhere access" keeps wanting to install


  • This topic is locked This topic is locked
9 replies to this topic

#1 elbruceo

elbruceo

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 09 April 2015 - 11:00 PM

"Anywhere Access" and "Optimizer pro" and different files keep installing can uninstall and then a different batch insatll.

I have tried many different anti malware /virus tools but no help. cannot install "emsisoht" get not compatable error



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 10 April 2015 - 08:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 elbruceo

elbruceo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 10 April 2015 - 12:56 PM

as i was running farbar scan all sorts of maleware started installing but here is the info...

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/10/2015
Scan Time: 9:27:37 AM
Logfile: mbam41015.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.10.05
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Win7_Pro64
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395103
Time Elapsed: 18 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 13
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64, Quarantined, [38db391369210135996e41a6dd26bb45], 
PUP.Optional.Flashbeat.A, HKLM\SOFTWARE\Flashbeat, Quarantined, [64af2626c1c9be781941e0e79d667789], 
PUP.Optional.Flashbeat.A, HKLM\SOFTWARE\WOW6432NODE\Flashbeat, Quarantined, [8f84aca02e5c6dc95a001fa89a6940c0], 
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [6da61b31f79359dd57bd440e4cb97d83], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [df3452fa78122214d63362ed20e52dd3], 
PUP.Optional.GeniusBox.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\geniusboxinstalled, Quarantined, [30e3c686eb9f0036d20a3987f90a9070], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\I - Cinema-nv, Quarantined, [b55e5af2d3b735011776d31044bfb54b], 
PUP.Optional.ICinema.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\I - Cinema-nv-ie, Quarantined, [41d2014b7a101b1b602d7e6558abd22e], 
PUP.Optional.UnicoBrowser.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\UnicoBrowser, Quarantined, [c053e369cebc04326ee436873fc49e62], 
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [ab686ce0e1a92214a8c74e6eb74cdc24], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25257, Quarantined, [4dc6e66691f9dc5a05cc4697e221d927], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iCinema, Quarantined, [a76cb894b9d124125187289d4cb7fe02], 
PUP.Optional.GeniusBox.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, Quarantined, [b65d83c9395168ce08d3467ab44f649c], 
 
Registry Values: 5
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_422, Quarantined, [a66dcc80beccc472c942d5fc0003be42], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 583E6EBC-EFF6-4F8B-8EA3-CA7C0B6AAF0A, Quarantined, [df3452fa78122214d63362ed20e52dd3]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [ab686ce0e1a92214a8c74e6eb74cdc24]
PUP.Optional.SocialPrivacy, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|sp2@sp.com, C:\Program Files (x86)\Social Privacy\FF\, Quarantined, [819295b704861c1a84f07ac8a2637e82]
PUP.Optional.GeniusBox.A, HKU\S-1-5-21-861961308-2404378247-3874497544-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|GeniusBox, 1, Quarantined, [b65d83c9395168ce08d3467ab44f649c]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat, Quarantined, [57bcc389a2e849ed7d64c4f133d0619f], 
 
Files: 12
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64.sys, Delete-on-Reboot, [89c3a5dddf30aad7ee6d5bbfff96252c], 
PUP.Optional.SmartWeb.A, C:\Users\Win7_Pro64\AppData\Local\SmartWeb\__u.exe, Quarantined, [1df6c08c791154e24de6c33e18eabf41], 
PUP.Optional.ClientConnect, C:\Users\Win7_Pro64\Desktop\New folder\WinRAR_TSV170THN.exe, Quarantined, [9f74fe4edcaef83e5552b030c839e917], 
PUP.Optional.Gambali.A, C:\Windows\System32\GambaliOff.ini, Quarantined, [ca49a2aa35550e2884994c7749ba4db3], 
PUP.Optional.Gambali.A, C:\Windows\SysWOW64\GambaliOff.ini, Quarantined, [5bb8123a8bffa69068b509baaf5449b7], 
PUP.Optional.Gambali.A, C:\Windows\temp\Gambali.log, Quarantined, [fa19a7a537531026021c3b884bb8c23e], 
PUP.Optional.Gambali.A, C:\Users\Win7_Pro64\AppData\Local\Temp\Gambalir.log, Quarantined, [cb481438f59588ae29f60ab91de68080], 
PUP.Optional.Gambali.A, C:\Windows\temp\Gambalir.log, Quarantined, [2fe4f755cac002341807eed5ab58a858], 
PUP.Optional.SmartWeb.A, C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task, Quarantined, [69aab498d9b1e1554d5b30a247bc7a86], 
PUP.Optional.Winsock.Hijack, C:\Windows\SysWOW64\Gambali.dll, Quarantined, [46cd113b98f2c76f343e0c44fd08748c], 
PUP.Optional.Winsock.Hijack, C:\Windows\System32\Gambali64.dll, Quarantined, [5db66ddffb8f4de97102aba561a41ee2], 
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\SoftConfigTest.exe, Quarantined, [57bcc389a2e849ed7d64c4f133d0619f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end
-------------------------------------------------------------------------------------
 
# AdwCleaner v4.201 - Logfile created 10/04/2015 at 10:13:42
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Win7_Pro64 - WIN7_PRO64-PC
# Running from : C:\Users\Win7_Pro64\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdatem
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\65f34fd000006e7b
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\VCL
Folder Deleted : C:\Users\Win7_Pro64\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Win7_Pro64\AppData\Local\SmartWeb
File Deleted : C:\Users\WIN7_P~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\user.js
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Check Updates
Task Deleted : GeniusBox
Task Deleted : LaunchSignup
Task Deleted : MyTurboPC.com Registration3
Task Deleted : PostPoneInstall
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : Validate Installation
Task Deleted : Run_Browser
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\67f33ecb-c680-4eab-ad85-64b69a29be9f
Key Deleted : HKLM\SOFTWARE\6dbab77b-8df7-430e-b11b-b8d86a52bbb7
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\IGS
Key Deleted : HKLM\SOFTWARE\GeniusBox
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v41.0.2272.118
 
 
-\\ Chromium v
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [6034 bytes] - [10/04/2015 09:52:55]
AdwCleaner[S0].txt - [5952 bytes] - [10/04/2015 10:13:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6011  bytes] ##########
---------------------------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Win7_Pro64 (administrator) on WIN7_PRO64-PC on 10-04-2015 10:21:50
Running from C:\Users\Win7_Pro64\Downloads
Loaded Profiles: Win7_Pro64 (Available profiles: Win7_Pro64)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(PastaLeads) C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe
() C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs
(Webar) C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-10.exe
(Webar) C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-6.exe
(Quick Ref) C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files (x86)\Hatchiho\updateHatchiho.exe
() C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
() C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
() C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.PurBrowse64.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.expext.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Goobzo) C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe
(                                                            ) C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\Download\majmp_gentleeeuu.exe
() C:\Users\Win7_Pro64\AppData\Local\Temp\is-MK6TJ.tmp\majmp_gentleeeuu.tmp
(                                                            ) C:\Users\Win7_Pro64\AppData\Local\Temp\is-5FK1B.tmp\gentlemjmp_ieeuu.exe
() C:\Users\Win7_Pro64\AppData\Local\Temp\is-6A1RN.tmp\gentlemjmp_ieeuu.tmp
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Goobzo) C:\Program Files (x86)\ShopperPro\Updater.exe
(Goobzo) C:\Program Files (x86)\YTDownloader\Updater.exe
(Goobzo) C:\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe
(Goobzo LTD) C:\Program Files (x86)\ShopperPro\ShopperPro.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Farbar) C:\Users\Win7_Pro64\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe [3224576 2015-04-09] ()
HKLM-x32\...\RunOnce: [upgmsd_us_422.exe] => C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe [3307464 2015-04-09] ()
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [DeskBar] => C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe [1549096 2015-03-30] (Goobzo)
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe [3224576 2015-04-09] ()
Startup: C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-861961308-2404378247-3874497544-1000 -> {721C4A24-955D-4B75-9E13-2F25C7D31A34} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-04-09] (Goobzo Ltd.)
BHO-x32: Hatchiho 1.0.0.7 -> {0569f0df-cce6-43e9-aecb-5c5cf431e3b4} -> C:\Program Files (x86)\Hatchiho\Hatchihobho.dll [2015-04-10] (Hatchiho)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-04-09] (Goobzo Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://192.168.2.17:85/HiDvrOcx.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\searchplugins\inbox-search.xml [2013-11-26]
FF Extension: Cinema PlusV31.03 - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-04]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\iobitascsurfingprotection@iobit.com [2015-04-04]
FF Extension: Ge-Force - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-04-10]
FF Extension: youtubeunblockerunblockeryt - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\youtubeunblocker@unblocker.yt [2015-03-12]
FF Extension: Shopper-Pro - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-04-10]
FF Extension: Zoom It - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{76540169-abcf-6127-d94f-849a8742bb01} [2015-03-22]
FF Extension: anonymoX - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\client@anonymox.net.xpi [2014-02-15]
FF Extension: Adblock Plus - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-10]
FF Extension: Hatchiho 1.0.1 - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}.xpi [2015-04-10]
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2015-04-06]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\{c645e00e-f796-4f6f-a777-e6af60acca44}.xpi [Not Found]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\veggy@veggyAddon.com [Not Found]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\MGKN37049485@ACPSC11936960.com [Not Found]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> 9745AA1DE7D42D49AA7BF807909B03577BCF667629806E6923EC7B37D705902D
CHR DefaultSearchURL: Default -> 8A0615265C19F44A5810C4863D2816720AEE5C752298082EB46F828C76F988B6
CHR Profile: C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-09]
CHR Extension: (Google Drive) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-09]
CHR Extension: (YouTube) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-09]
CHR Extension: (Google Search) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-09]
CHR Extension: (Google Quick Scroll) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-04-09]
CHR Extension: (Gmail) - C:\Users\Win7_Pro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [22376 2015-01-08] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-10-05] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-10-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pastaleadsupd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe [1082880 2015-02-16] (PastaLeads) [File not signed]
R2 qrsvc_1.10.0.12; C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe [278592 2015-03-26] (Quick Ref)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [527488 2010-01-29] (Cisco Consumer Products LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2717992 2015-03-30] (Search Module Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-08] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2011-07-18] (Ulead Systems, Inc.) [File not signed]
R2 Update Hatchiho; C:\Program Files (x86)\Hatchiho\updateHatchiho.exe [404712 2015-04-10] ()
R2 Util Hatchiho; C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe [404712 2015-04-10] ()
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-09-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 xyhigysy; C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp [151552 2015-04-03] () [File not signed]
S2 AdvancedSystemCareService8; No ImagePath
S2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [X]
S2 Gambali; C:\ProgramData\FlashBeat\Gambali.exe [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
R2 powywejy; C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-01-20] (Ralink Technology Corp.)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-03] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MRV6X64U; C:\Windows\System32\DRIVERS\MRVW24C.sys [340480 2007-10-28] (Marvell Semiconductor, Inc)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 NSNDIS5; C:\Windows\SysWOW64\NSNDIS5.SYS [17280 2004-03-23] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 OV550I; C:\Windows\System32\Drivers\FilmScan.sys [196992 2008-02-21] (Omnivision Technologies, Inc.)
R1 PastaLUpdd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys [61872 2015-02-16] ()
R1 qrnfd_1_10_0_12; C:\Windows\System32\drivers\qrnfd_1_10_0_12.sys [58224 2015-03-26] (Quick Ref)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation                           )
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-08] (YTDownloader)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42656 2015-03-30] ()
R2 SPDRIVER_1.38.1.1738; C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.sys [52376 2015-04-09] ()
S3 StkTMini; C:\Windows\System32\Drivers\StkTMini.sys [528256 2007-11-15] (Syntek)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2010-11-29] (TuneUp Software)
S3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)
R1 {d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64; C:\Windows\System32\drivers\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64.sys [48776 2015-04-10] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 cpuz134; \??\C:\Users\WIN7_P~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 10:21 - 2015-04-10 10:21 - 02095616 _____ (Farbar) C:\Users\Win7_Pro64\Downloads\FRST64 (1).exe
2015-04-10 10:16 - 2015-04-10 05:29 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64.sys
2015-04-10 10:13 - 2015-04-10 10:15 - 00004478 _____ () C:\Windows\Tasks\360edbe2-65db-4595-a09c-035030ee10d2-4.job
2015-04-10 10:13 - 2015-04-10 10:13 - 00009218 _____ () C:\Windows\System32\Tasks\360edbe2-65db-4595-a09c-035030ee10d2-6
2015-04-10 10:13 - 2015-04-10 10:13 - 00007508 _____ () C:\Windows\System32\Tasks\360edbe2-65db-4595-a09c-035030ee10d2-4
2015-04-10 10:13 - 2015-04-10 10:13 - 00004528 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-04-10 10:13 - 2015-04-10 10:13 - 00003910 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-04-10 10:13 - 2015-04-10 10:13 - 00003588 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-04-10 10:13 - 2015-04-10 10:13 - 00003514 _____ () C:\Windows\System32\Tasks\SPDriver
2015-04-10 10:13 - 2015-04-10 10:13 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-04-10 10:13 - 2015-04-10 10:13 - 00000000 ____D () C:\ProgramData\ShopperPro
2015-04-10 10:13 - 2015-04-10 10:13 - 00000000 ____D () C:\ProgramData\Documents\ShopperPro
2015-04-10 10:13 - 2015-04-10 10:13 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2015-04-10 10:12 - 2015-04-10 10:17 - 00000912 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-04-10 10:12 - 2015-04-10 10:17 - 00000908 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-04-10 10:12 - 2015-04-10 10:15 - 00006190 _____ () C:\Windows\Tasks\360edbe2-65db-4595-a09c-035030ee10d2-6.job
2015-04-10 10:12 - 2015-04-10 10:15 - 00005846 _____ () C:\Windows\Tasks\360edbe2-65db-4595-a09c-035030ee10d2-7.job
2015-04-10 10:12 - 2015-04-10 10:15 - 00002096 _____ () C:\Windows\Tasks\360edbe2-65db-4595-a09c-035030ee10d2-10_user.job
2015-04-10 10:12 - 2015-04-10 10:13 - 00000000 ____D () C:\Program Files (x86)\Ge-Force
2015-04-10 10:12 - 2015-04-10 10:13 - 00000000 ____D () C:\Program Files (x86)\a72c640a-a168-4987-b6b1-234340b84351
2015-04-10 10:12 - 2015-04-10 10:12 - 00613255 _____ (CMI Limited) C:\Users\Win7_Pro64\AppData\Local\nsx257F.tmp
2015-04-10 10:12 - 2015-04-10 10:12 - 00008876 _____ () C:\Windows\System32\Tasks\360edbe2-65db-4595-a09c-035030ee10d2-7
2015-04-10 10:12 - 2015-04-10 10:12 - 00003924 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-04-10 10:12 - 2015-04-10 10:12 - 00003742 _____ () C:\Windows\System32\Tasks\SMupdate1
2015-04-10 10:12 - 2015-04-10 10:12 - 00003656 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-04-10 10:12 - 2015-04-10 10:12 - 00003602 _____ () C:\Windows\System32\Tasks\YTDownloader
2015-04-10 10:12 - 2015-04-10 10:12 - 00001949 _____ () C:\Users\Win7_Pro64\Desktop\YTDownloader.lnk
2015-04-10 10:12 - 2015-04-10 10:12 - 00000000 __SHD () C:\Users\Win7_Pro64\AppData\Roaming\AnyProtectEx
2015-04-10 10:12 - 2015-04-10 10:12 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-04-10 10:12 - 2015-04-10 10:12 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2015-04-10 10:12 - 2015-04-10 10:12 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-04-10 10:11 - 2015-04-10 10:11 - 00004334 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313038343234373034392d574a324178345a2a376c455a
2015-04-10 10:11 - 2015-04-10 10:11 - 00004270 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_313038343234373034392d574a324178345a2a376c455a
2015-04-10 10:11 - 2015-04-10 10:11 - 00003860 _____ () C:\Windows\System32\Tasks\Smp
2015-04-10 10:11 - 2015-04-10 10:11 - 00003612 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-04-10 10:11 - 2015-04-10 10:11 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Local\DeskBar
2015-04-10 10:11 - 2015-04-10 10:11 - 00000000 ____D () C:\ProgramData\SearchModule
2015-04-10 10:11 - 2015-04-10 10:11 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-04-10 10:11 - 2015-04-10 10:11 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-04-10 10:11 - 2015-04-10 10:11 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2015-04-10 10:11 - 2015-04-10 10:11 - 00000000 ____D () C:\Program Files (x86)\QuickRef_1.10.0.12
2015-04-10 10:10 - 2015-04-10 10:10 - 00003570 _____ () C:\Windows\System32\Tasks\Inst_Rep
2015-04-10 09:59 - 2015-04-10 09:59 - 00000000 ____D () C:\Program Files (x86)\IGS
2015-04-10 09:58 - 2015-04-10 10:03 - 00000000 ____D () C:\Program Files (x86)\Hatchiho
2015-04-10 09:58 - 2015-04-10 09:58 - 00003588 _____ () C:\Windows\System32\Tasks\IOQGEM
2015-04-10 09:58 - 2015-04-10 09:58 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Local\3E872980-1428659919-1016-AB1E-D9913A7F87B5
2015-04-10 09:57 - 2015-04-10 10:18 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422
2015-04-10 09:57 - 2015-04-10 09:57 - 00000000 ____D () C:\ProgramData\8811dc1280674d76a0f99384d242a792
2015-04-10 09:57 - 2015-04-10 09:57 - 00000000 ____D () C:\ProgramData\1e663b080feb4f97819bd9c56fb5612b
2015-04-10 09:57 - 2015-04-10 09:57 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_422
2015-04-10 09:54 - 2015-04-10 09:54 - 00001103 _____ () C:\Users\Win7_Pro64\Desktop\Continue Live Installation.lnk
2015-04-10 09:52 - 2015-04-10 10:17 - 00000000 ____D () C:\AdwCleaner
2015-04-10 09:52 - 2015-04-10 09:52 - 02217984 _____ () C:\Users\Win7_Pro64\Downloads\adwcleaner_4.201.exe
2015-04-10 09:47 - 2015-04-10 09:49 - 00005756 _____ () C:\Users\Win7_Pro64\Desktop\mbam41015.txt
2015-04-09 21:50 - 2015-04-09 21:50 - 00000273 _____ () C:\Users\Win7_Pro64\Documents\HARD RESET.txt
2015-04-09 21:09 - 2015-04-09 21:09 - 00033787 _____ () C:\Users\Win7_Pro64\Downloads\Addition.txt
2015-04-09 21:08 - 2015-04-10 10:21 - 00020440 _____ () C:\Users\Win7_Pro64\Downloads\FRST.txt
2015-04-09 21:08 - 2015-04-10 10:21 - 00000000 ____D () C:\FRST
2015-04-09 21:07 - 2015-04-09 21:07 - 02095616 _____ (Farbar) C:\Users\Win7_Pro64\Downloads\FRST64.exe
2015-04-09 20:18 - 2015-04-09 20:18 - 00003588 _____ () C:\Windows\System32\Tasks\JKUGPELH
2015-04-09 20:18 - 2015-04-09 20:18 - 00000000 ____D () C:\ProgramData\efe30e7967304d318f6c75a53147af8a
2015-04-09 20:18 - 2015-04-09 20:18 - 00000000 ____D () C:\ProgramData\0e86c1166fb544ee99961d9ba816c663
2015-04-09 19:58 - 2015-04-09 19:58 - 00002159 _____ () C:\Users\Win7_Pro64\Desktop\Tweaking.com - Windows Repair.lnk
2015-04-09 19:57 - 2015-04-09 19:57 - 12849424 _____ () C:\Users\Win7_Pro64\Downloads\tweaking.com_windows_repair_aio_setup (2).exe
2015-04-09 19:57 - 2015-04-09 19:57 - 00003672 _____ () C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-04-09 19:54 - 2015-04-09 19:54 - 00895544 _____ (SlimWare Utilities, Inc.) C:\Users\Win7_Pro64\Downloads\DriverUpdate-setup (1).exe
2015-04-09 19:52 - 2015-04-09 19:57 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-09 19:52 - 2015-04-09 19:53 - 06118384 _____ () C:\Users\Win7_Pro64\Downloads\tweaking.com_technicians_toolbox_setup (1).exe
2015-04-09 19:52 - 2015-04-09 19:52 - 00002250 _____ () C:\Users\Win7_Pro64\Desktop\Tweaking.com - Technicians Toolbox.lnk
2015-04-08 21:45 - 2015-04-08 21:45 - 00023903 _____ () C:\ComboFix.txt
2015-04-08 21:24 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-08 21:24 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-08 21:24 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-08 21:24 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-08 21:24 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-08 21:24 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-08 21:24 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-08 21:24 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-08 21:14 - 2015-04-08 21:46 - 00000000 ____D () C:\Qoobox
2015-04-08 21:14 - 2015-04-08 21:44 - 00000000 ____D () C:\Windows\erdnt
2015-04-08 21:13 - 2015-04-07 11:18 - 05617096 ____R (Swearware) C:\Users\Win7_Pro64\Desktop\ComboFix.exe
2015-04-08 20:56 - 2015-04-08 20:57 - 176521736 _____ () C:\Users\Win7_Pro64\Downloads\EmsisoftAntiMalwareSetup (1).exe
2015-04-08 20:11 - 2015-04-10 09:50 - 00001826 _____ () C:\sc-cleaner.txt
2015-04-08 20:11 - 2015-04-08 19:55 - 00443208 _____ (Bleeping Computer, LLC) C:\Users\Win7_Pro64\Desktop\sc-cleaner.exe
2015-04-07 22:31 - 2015-04-07 22:31 - 00000088 _____ () C:\Users\Win7_Pro64\AppData\Local\e2bf1031f3fc85ce748342fdbbc0f175
2015-04-07 22:30 - 2015-04-10 10:13 - 00000000 ____D () C:\Program Files (x86)\7222a586-0f90-4d21-b3fe-ed465623c67d
2015-04-07 20:52 - 2015-04-07 22:44 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-07 20:49 - 2015-04-07 20:49 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Win7_Pro64\Downloads\tdssk.exe
2015-04-07 20:47 - 2015-04-07 20:47 - 12840520 _____ () C:\Users\Win7_Pro64\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2015-04-07 20:46 - 2015-04-07 20:46 - 06080840 _____ () C:\Users\Win7_Pro64\Downloads\tweaking.com_technicians_toolbox_setup.exe
2015-04-07 20:26 - 2015-04-07 20:27 - 176521736 _____ () C:\Users\Win7_Pro64\Downloads\EmsisoftAntiMalwareSetup.exe
2015-04-07 17:44 - 2015-04-10 10:15 - 00002362 _____ () C:\Users\Win7_Pro64\Desktop\chrome.lnk
2015-04-07 09:32 - 2015-04-07 09:32 - 00003588 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 09:01 - 2015-04-07 09:01 - 00000000 ____D () C:\Program Files\Realtek
2015-04-06 20:56 - 2015-04-06 20:57 - 157903104 _____ (Microsoft Corporation) C:\Users\Win7_Pro64\Desktop\msert.exe
2015-04-06 13:49 - 2015-04-06 14:11 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\jellylam
2015-04-06 13:49 - 2015-04-06 13:49 - 00003796 _____ () C:\Windows\System32\Tasks\keepup
2015-04-05 20:19 - 2015-04-05 20:19 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Local\3E872980-1428265160-1016-AB1E-D9913A7F87B5
2015-04-05 19:27 - 2015-04-05 19:27 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428287257-1016-AB1E-D9913A7F87B5
2015-04-05 18:46 - 2015-04-05 19:07 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Local\Alerts_LLC
2015-04-05 18:45 - 2015-04-05 18:45 - 00000000 ____D () C:\Users\Win7_Pro64\Documents\DreamVideoSoft
2015-04-05 18:45 - 2015-04-05 18:45 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-05 13:20 - 2015-04-05 13:20 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-04 22:48 - 2015-04-04 22:48 - 00002892 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_Win7_Pro64
2015-04-04 22:48 - 2015-04-04 22:48 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-04 22:41 - 2015-04-04 23:22 - 00000000 ____D () C:\ProgramData\kKIVZQJAqx
2015-04-04 22:41 - 2015-04-04 22:41 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\Itibiti
2015-04-04 22:40 - 2015-04-04 22:40 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\PDFConvert
2015-04-04 20:31 - 2015-04-28 11:51 - 337383168 _____ () C:\Users\Win7_Pro64\Desktop\SMOV0006.AVI
2015-04-04 20:30 - 2015-04-08 21:35 - 00000000 ____D () C:\Program Files (x86)\9eb08200-8451-400f-a40b-8b18a34bc5a6
2015-04-03 22:17 - 2015-04-03 22:17 - 02472136 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr28x.sys
2015-04-03 22:17 - 2015-04-03 22:17 - 00332080 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2015-04-03 22:17 - 2015-04-03 22:17 - 00013973 _____ () C:\Windows\system32\RaCoInst.dat
2015-04-03 22:12 - 2015-04-03 22:12 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-04-03 22:12 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-04-03 22:12 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-04-03 21:44 - 2015-04-03 21:44 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-04-03 21:12 - 2015-04-03 21:12 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 21:12 - 2015-04-03 21:12 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 13:27 - 2015-04-07 20:53 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5
2015-04-02 21:58 - 2015-04-03 22:10 - 00003538 _____ () C:\Users\Win7_Pro64\Documents\Beatles Extended 45.txt
2015-04-01 21:09 - 2015-04-01 21:09 - 07536712 _____ (DeskShare Inc. ) C:\Users\Win7_Pro64\Desktop\IPCameraViewer.exe
2015-04-01 14:05 - 2015-04-01 14:05 - 00001445 _____ () C:\Users\Win7_Pro64\Documents\sony HTSS Ubit.txt
2015-04-01 13:02 - 2015-04-10 10:15 - 00003893 _____ () C:\Windows\setupact.log
2015-04-01 13:02 - 2015-04-10 10:14 - 00509010 _____ () C:\Windows\PFRO.log
2015-04-01 13:02 - 2015-04-01 13:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-29 21:01 - 2015-04-10 09:48 - 00000000 ____D () C:\Users\Win7_Pro64\Desktop\New folder
2015-03-29 20:55 - 2015-04-01 13:03 - 00000000 ____D () C:\Users\Win7_Pro64\Desktop\WDTV-SoftwarePack
2015-03-29 20:55 - 2015-03-29 20:56 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\Notepad++
2015-03-29 20:55 - 2015-03-29 20:55 - 00001045 _____ () C:\Users\Public\Desktop\Notepad++.lnk
2015-03-29 20:55 - 2015-03-29 20:55 - 00001045 _____ () C:\ProgramData\Desktop\Notepad++.lnk
2015-03-29 20:55 - 2015-03-29 20:55 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-29 20:55 - 2015-03-29 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-03-29 20:55 - 2015-03-29 20:55 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-03-29 20:26 - 2015-03-30 10:50 - 00089952 _____ () C:\Users\Win7_Pro64\Desktop\VOICE150330002.WMA
2015-03-29 20:26 - 2015-03-30 10:29 - 56139322 _____ () C:\Users\Win7_Pro64\Desktop\VOICE150330001.WMA
2015-03-28 20:58 - 2015-04-21 11:52 - 350669000 _____ () C:\Users\Win7_Pro64\Desktop\SMOV0004.AVI
2015-03-28 20:58 - 2015-04-21 09:40 - 00383140 _____ () C:\Users\Win7_Pro64\Desktop\SMOV0003.AVI
2015-03-28 20:55 - 2015-03-22 11:18 - 238266775 _____ () C:\Users\Win7_Pro64\Desktop\SDV_0019.MP4
2015-03-28 20:54 - 2015-03-22 11:12 - 1937900526 _____ () C:\Users\Win7_Pro64\Desktop\SDV_0018.MP4
2015-03-28 20:52 - 2015-03-22 10:23 - 1937985818 _____ () C:\Users\Win7_Pro64\Desktop\SDV_0017.MP4
2015-03-28 20:50 - 2015-03-23 10:28 - 57695752 _____ () C:\Users\Win7_Pro64\Desktop\VOICE150323001.WMA
2015-03-28 20:50 - 2015-03-16 10:25 - 47194322 _____ () C:\Users\Win7_Pro64\Desktop\VOICE150316001.WMA
2015-03-26 21:38 - 2015-03-26 21:38 - 00274424 _____ () C:\Windows\Minidump\032615-22510-01.dmp
2015-03-26 12:14 - 2015-03-26 12:14 - 00005542 _____ () C:\Users\Win7_Pro64\AppData\Roaming\QYVZCU
2015-03-26 12:14 - 2015-03-26 12:14 - 00005542 _____ () C:\Users\Win7_Pro64\AppData\Roaming\FTKEM
2015-03-26 12:14 - 2015-03-26 12:14 - 00005542 _____ () C:\Users\Win7_Pro64\AppData\Roaming\FHZAML
2015-03-26 12:14 - 2015-03-26 12:14 - 00004185 _____ () C:\Users\Win7_Pro64\AppData\Roaming\VJJ
2015-03-26 12:14 - 2015-03-26 12:14 - 00004185 _____ () C:\Users\Win7_Pro64\AppData\Roaming\NG
2015-03-26 12:14 - 2015-03-26 12:14 - 00004185 _____ () C:\Users\Win7_Pro64\AppData\Roaming\MUTVAB
2015-03-26 11:44 - 2015-03-26 11:44 - 00058224 _____ (Quick Ref) C:\Windows\system32\Drivers\qrnfd_1_10_0_12.sys
2015-03-25 07:33 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 07:33 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 07:33 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 07:33 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 07:33 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 07:33 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 07:33 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 07:33 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 19:47 - 2015-03-22 19:47 - 00002531 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-03-22 19:47 - 2015-03-22 19:47 - 00002531 _____ () C:\ProgramData\Desktop\TurboTax 2014.lnk
2015-03-22 19:47 - 2015-03-22 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-03-18 21:57 - 2015-03-18 21:57 - 00000000 ____D () C:\Users\Win7_Pro64\Desktop\100VIDEO
2015-03-18 20:53 - 2015-03-18 20:53 - 00000000 ____D () C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
2015-03-18 20:52 - 2015-03-18 20:52 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\ProductData
2015-03-18 20:44 - 2015-03-18 21:07 - 00000000 ____D () C:\Users\Win7_Pro64\Downloads\iSpy_6_3_4_0
2015-03-18 20:27 - 2015-03-18 20:27 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\OpenOffice
2015-03-18 20:26 - 2015-03-18 20:26 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-03-18 20:26 - 2015-03-18 20:26 - 00001112 _____ () C:\ProgramData\Desktop\OpenOffice 4.1.1.lnk
2015-03-18 20:26 - 2015-03-18 20:26 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-03-18 20:25 - 2015-03-18 20:26 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-03-18 20:24 - 2015-03-18 21:07 - 00000000 ____D () C:\Users\Win7_Pro64\Downloads\OpenOffice 4.1.1 (en-US) Installation Files
2015-03-15 21:10 - 2015-03-29 21:23 - 00054156 ____H () C:\Windows\QTFont.qfn
2015-03-15 20:57 - 2015-03-15 20:57 - 00000000 ____D () C:\Users\Win7_Pro64\Desktop\orig sermons
2015-03-11 16:25 - 2015-03-11 16:25 - 00271112 _____ () C:\Windows\Minidump\031115-23446-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 10:20 - 2009-07-13 21:45 - 00025424 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 10:20 - 2009-07-13 21:45 - 00025424 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 10:19 - 2013-09-08 20:38 - 01459850 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 10:19 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 10:16 - 2009-07-13 19:34 - 00000636 _____ () C:\Windows\win.ini
2015-04-10 10:15 - 2015-03-01 23:37 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-10 10:15 - 2014-07-27 21:28 - 00001329 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-10 10:15 - 2014-07-27 21:28 - 00001317 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-10 10:15 - 2014-07-27 21:28 - 00001317 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2015-04-10 10:15 - 2014-05-09 13:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 10:15 - 2013-09-08 20:45 - 00001583 _____ () C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-10 10:15 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 10:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-10 10:07 - 2014-05-14 21:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 10:03 - 2014-05-09 13:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-10 09:27 - 2014-10-14 20:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 22:53 - 2013-12-20 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
2015-04-09 19:54 - 2013-09-10 19:49 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-04-09 19:54 - 2013-09-10 19:49 - 00000000 ____D () C:\ProgramData\Documents\Downloaded Installers
2015-04-09 19:52 - 2014-07-23 21:05 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-08 21:46 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Local\Apps\2.0
2015-04-08 21:40 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-08 21:36 - 2009-07-13 19:34 - 77594624 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-04-08 21:36 - 2009-07-13 19:34 - 23330816 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-04-08 21:36 - 2009-07-13 19:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-04-08 21:36 - 2009-07-13 19:34 - 00102400 _____ () C:\Windows\system32\config\SAM.bak
2015-04-08 21:36 - 2009-07-13 19:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak
2015-04-08 21:35 - 2015-03-04 14:33 - 00000000 ____D () C:\Program Files (x86)\79895804-9644-4e3c-ac82-e13993839b5a
2015-04-08 21:35 - 2015-03-04 14:31 - 00000000 ____D () C:\Program Files (x86)\02c20e35-1b28-4e5e-a1b8-a2b8a61de78b
2015-04-08 21:35 - 2013-09-10 22:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-08 21:31 - 2014-02-17 22:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-07 21:32 - 2014-04-07 16:39 - 00000000 ____D () C:\Users\Win7_Pro64\Documents\TurboTax
2015-04-07 21:31 - 2013-10-19 12:21 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-04-07 20:53 - 2015-03-01 23:24 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5
2015-04-07 20:13 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-07 20:13 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-07 20:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
2015-04-07 17:44 - 2014-05-09 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-07 09:01 - 2014-04-08 10:49 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-04-06 20:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA
2015-04-06 15:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss
2015-04-06 14:11 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-06 13:49 - 2014-09-26 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 13:49 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-06 13:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-05 19:42 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Local\Deployment
2015-04-05 19:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-04-05 19:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2015-04-04 22:48 - 2014-01-10 10:46 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-04 22:37 - 2014-01-10 10:45 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\IObit
2015-04-03 22:17 - 2013-09-08 21:09 - 00005332 _____ () C:\Windows\system32\RaCoInst.log
2015-04-03 22:12 - 2014-01-10 10:46 - 00000000 ____D () C:\ProgramData\IObit
2015-04-03 11:25 - 2014-05-12 22:30 - 00000000 ____D () C:\Users\Win7_Pro64\Desktop\trade items
2015-04-01 20:57 - 2013-11-16 22:48 - 00000986 _____ () C:\ProgramData\lxee.log
2015-04-01 20:57 - 2013-09-19 13:53 - 00074168 _____ () C:\ProgramData\lxeescan.log
2015-04-01 20:57 - 2013-09-19 13:27 - 00000000 ____D () C:\Program Files (x86)\Lexmark
2015-04-01 20:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-01 20:53 - 2014-06-26 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Argus Surveillance
2015-04-01 13:44 - 2014-04-03 21:57 - 00000000 ____D () C:\Users\Win7_Pro64\Desktop\100NIKON
2015-03-31 21:49 - 2015-03-01 23:27 - 00003427 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-03-30 21:39 - 2014-10-15 21:44 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-03-29 21:48 - 2014-08-25 20:44 - 00000000 ____D () C:\Users\Win7_Pro64\Desktop\sermons
2015-03-29 21:48 - 2013-10-19 13:16 - 00000000 ____D () C:\Users\Win7_Pro64\Documents\MAGIX_Audio_Cleaning_Lab_16_deluxe_Download_Version
2015-03-29 21:45 - 2013-10-20 14:36 - 00000000 __SHD () C:\Users\Win7_Pro64\wc
2015-03-29 21:39 - 2014-07-12 21:35 - 00021404 _____ () C:\Windows\system32\ScanResults.xml
2015-03-26 21:38 - 2014-08-21 17:12 - 00000000 ____D () C:\Windows\Minidump
2015-03-26 21:37 - 2014-08-21 17:12 - 279730875 _____ () C:\Windows\MEMORY.DMP
2015-03-26 12:13 - 2014-12-10 22:33 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 12:13 - 2014-05-06 10:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-22 19:48 - 2014-04-07 16:39 - 00000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-22 19:46 - 2014-04-07 16:36 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-03-19 21:27 - 2009-07-13 21:45 - 00317736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-18 22:04 - 2014-08-01 21:14 - 00000000 ____D () C:\Users\Win7_Pro64\AppData\Roaming\vlc
2015-03-18 20:54 - 2013-09-08 21:22 - 00078328 _____ () C:\Users\Win7_Pro64\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 17:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 14:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 14:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
 
==================== Files in the root of some directories =======
 
2013-10-19 13:42 - 2013-10-19 13:42 - 0000268 ____R () C:\Users\Win7_Pro64\AppData\Roaming\Ambient
2013-10-19 13:44 - 2013-10-19 13:44 - 0000268 ____R () C:\Users\Win7_Pro64\AppData\Roaming\Animals
2015-01-25 09:12 - 2015-01-25 09:12 - 0002086 _____ () C:\Users\Win7_Pro64\AppData\Roaming\EKYIDR
2015-01-25 09:12 - 2015-01-25 09:12 - 0001248 _____ () C:\Users\Win7_Pro64\AppData\Roaming\FAOBE
2015-03-26 12:14 - 2015-03-26 12:14 - 0005542 _____ () C:\Users\Win7_Pro64\AppData\Roaming\FHZAML
2015-03-26 12:14 - 2015-03-26 12:14 - 0005542 _____ () C:\Users\Win7_Pro64\AppData\Roaming\FTKEM
2015-01-25 09:12 - 2015-01-25 09:12 - 0002086 _____ () C:\Users\Win7_Pro64\AppData\Roaming\MTUH
2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\Win7_Pro64\AppData\Roaming\MUTVAB
2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\Win7_Pro64\AppData\Roaming\NG
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Win7_Pro64\AppData\Roaming\QJNFZ
2015-03-26 12:14 - 2015-03-26 12:14 - 0005542 _____ () C:\Users\Win7_Pro64\AppData\Roaming\QYVZCU
2014-06-19 14:11 - 2014-06-19 14:11 - 0000024 _____ () C:\Users\Win7_Pro64\AppData\Roaming\temp.ini
2014-02-08 20:41 - 2014-02-17 22:25 - 0000919 _____ () C:\Users\Win7_Pro64\AppData\Roaming\trace_FilterInstaller.1.txt
2014-02-08 20:41 - 2014-02-08 20:41 - 0001181 _____ () C:\Users\Win7_Pro64\AppData\Roaming\trace_FilterInstaller.2.txt
2014-02-08 20:41 - 2014-02-08 20:41 - 0001181 _____ () C:\Users\Win7_Pro64\AppData\Roaming\trace_FilterInstaller.3.txt
2014-02-08 20:41 - 2014-02-17 22:44 - 0000919 _____ () C:\Users\Win7_Pro64\AppData\Roaming\trace_FilterInstaller.txt
2014-02-08 20:41 - 2014-02-17 22:44 - 0000000 _____ () C:\Users\Win7_Pro64\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\Win7_Pro64\AppData\Roaming\VJJ
2014-08-25 22:17 - 2014-10-14 12:22 - 0000095 _____ () C:\Users\Win7_Pro64\AppData\Roaming\WB.CFG
2015-01-25 09:12 - 2015-01-25 09:12 - 0001248 _____ () C:\Users\Win7_Pro64\AppData\Roaming\YYSYEWMQ
2015-04-07 22:31 - 2015-04-07 22:31 - 0000088 _____ () C:\Users\Win7_Pro64\AppData\Local\e2bf1031f3fc85ce748342fdbbc0f175
2015-04-10 10:12 - 2015-04-10 10:12 - 0613255 _____ (CMI Limited) C:\Users\Win7_Pro64\AppData\Local\nsx257F.tmp
2013-10-19 13:42 - 2013-10-19 13:42 - 0000268 ____R () C:\ProgramData\Analog Sync
2013-10-19 13:44 - 2013-10-19 13:44 - 0000268 ____R () C:\ProgramData\Applications
2013-10-19 13:42 - 2013-10-19 13:42 - 0000012 ____R () C:\ProgramData\Audio
2013-10-19 13:44 - 2013-10-19 13:44 - 0000012 ____R () C:\ProgramData\Bass
2013-09-19 13:25 - 2013-09-19 13:25 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2013-09-19 13:59 - 2013-09-19 13:59 - 0000252 _____ () C:\ProgramData\FastPics.log
2013-11-16 22:48 - 2015-04-01 20:57 - 0000986 _____ () C:\ProgramData\lxee.log
2013-09-22 22:55 - 2014-09-06 23:10 - 0034988 _____ () C:\ProgramData\lxeeJSW.log
2013-09-19 13:53 - 2015-04-01 20:57 - 0074168 _____ () C:\ProgramData\lxeescan.log
2013-09-19 13:25 - 2013-09-19 13:25 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-04-07 16:39 - 2015-03-22 19:48 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-10-19 13:42 - 2013-11-01 23:17 - 0000020 _____ () C:\ProgramData\PKP_DLdu.DAT
2013-10-19 13:44 - 2013-10-19 13:44 - 0000020 _____ () C:\ProgramData\PKP_DLer.DAT
2013-09-19 13:25 - 2013-09-19 13:25 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Files to move or delete:
====================
C:\Users\Administrator\Rn5b3241.dat
C:\Users\Guest\Rn5b3241.dat
C:\Users\Public\Rn5b3241.dat
 
 
Some content of TEMP:
====================
C:\Users\Win7_Pro64\AppData\Local\Temp\NetVersionVerify.exe
C:\Users\Win7_Pro64\AppData\Local\Temp\Quarantine.exe
C:\Users\Win7_Pro64\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 21:07
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Win7_Pro64 at 2015-04-09 21:09:11
Running from C:\Users\Win7_Pro64\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
35mm Film Scanner X64  (HKLM-x32\...\{A90C9F22-68A4-4704-BB4F-FE205F416B9C}) (Version: 1.00.0000 - 35mm Film Scanner)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ACDSee Pro 6 (HKLM-x32\...\{D40B2C78-30CA-4A8F-A157-C86B491C73AF}) (Version: 6.0.169 - ACD Systems International Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aimersoft Player(Build 1.0.0) (HKLM-x32\...\Aimersoft Player_is1) (Version: 1.0.0.0 - Aimersoft)
ArcSoft Panorama Maker 4 (HKLM-x32\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{D5F3ED63-272E-4C35-9771-601C906C19D0}) (Version: 6.1.56.148 - ArcSoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Audio Music Lab 2014 Premium Update (Version: 20.0.1.42 - MAGIX AG) Hidden
Cisco Valet Connector (HKLM-x32\...\Cisco Valet Connector) (Version: 1.0.10028.0 - Cisco Consumer Products LLC)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Console (HKLM-x32\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Dell Digital Jukebox Driver (HKLM-x32\...\Dell Digital Jukebox Driver) (Version:  - )
Dell DJ Explorer (HKLM-x32\...\Dell File Manager) (Version:  - )
DuckDns Updater version 1.0.2 (HKLM-x32\...\{F4D03CB7-3B18-44CB-AA4A-4F83FBAEBE8A}_is1) (Version: 1.0.2 - ETX Software Inc.)
Essentiel b USB Webcam (HKLM-x32\...\{5884B50D-AF23-483B-B9EF-61164345978B}) (Version: 3299_20100227 - Vimicro)
EZ CD Audio Converter (64-bit) (HKLM-x32\...\EZ CD Audio Converter (64-bit)) (Version: 2.0.5 - Poikosoft)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.1.1 - Nikon)
FREE Hi-Q Recorder 1.95 (HKLM-x32\...\FREE Hi-Q Recorder_is1) (Version:  - Rick Roemer, (Roemer Software))
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jihosoft ISO Maker version 3.0 (HKLM-x32\...\{FA289A40-0F71-428E-B3A2-546EDC04DB93}_is1) (Version: 3.0 - Jihosoft Studio)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
MAGIX Audio & Music Lab 2014 Premium (HKLM-x32\...\MX.{3F4F0F87-3805-4E2F-9139-2528B8746A45}) (Version: 20.0.0.36 - MAGIX Software GmbH)
MAGIX Audio & Music Lab 2014 Premium (Version: 20.0.0.36 - MAGIX Software GmbH) Hidden
MAGIX Audio Cleaning Lab 16 deluxe Download Version (HKLM-x32\...\MAGIX_MSI_mclab_16dlx) (Version: 16.0.0.0 - MAGIX AG)
MAGIX Audio Cleaning Lab 16 deluxe Download Version (x32 Version: 16.0.0.0 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{5061491D-F30D-4A33-8D9F-721D9201D15D}) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{DCBE6A3D-8DA6-41DA-9F34-9948C9E81F89}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MicroDicom 0.8.6 (HKLM-x32\...\MicroDicom) (Version: 0.8.6 - MicroDicom)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mp3tag v2.63 (HKLM-x32\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
my Picturetown Utility (HKLM-x32\...\{29CCA913-C71A-47D4-A0D1-1069A347A639}) (Version: 1.1.1 - Nikon)
MyHarmony (HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.3.0 - Nikon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.03 - Portforward, LLC)
QuickTime (HKLM-x32\...\{E0D51394-1D45-460A-B62D-383BC4F8B335}) (Version: 7.3.1.70 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.32.00(4/1/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 PCL6 (HKLM-x32\...\Samsung Universal Print Driver 2 PCL6) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
SetIP (HKLM-x32\...\SetIP) (Version: 1.05.08.00 - Samsung Electronics Co., Ltd.)
SmartViewer (HKLM-x32\...\{5A5A8B70-F3B7-4C14-8812-6675101CBEB7}) (Version: 4.3.0.38 - Samsung Techwin Co., Ltd.)
SmartViewer (x32 Version: 4.3.0.38 - Samsung Techwin Co., Ltd.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
TuneUp Utilities 2011 (HKLM-x32\...\TuneUp Utilities 2011) (Version: 10.0.4500.46 - TuneUp Software)
TuneUp Utilities 2011 (x32 Version: 10.0.4500.46 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 10.0.4500.46 - TuneUp Software) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Technicians Toolbox (HKLM-x32\...\Tweaking.com - Technicians Toolbox) (Version: 1.0.1 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.2 - Tweaking.com)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
Ustream Producer (HKLM-x32\...\{8BFD0FDE-E4D1-4F53-83DE-361799433A4D}) (Version: 5.0.3 - Ustream)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
20-08-2013 22:48:14 Windows Update
22-08-2013 22:39:22 Windows Update
27-08-2013 16:14:30 Installed wGXe Data Recovery Professional.
27-08-2013 16:41:06 Windows Update
01-09-2013 13:26:47 Removed WinZip 17.5
01-09-2013 21:19:02 Ultimate Christian Library Installation
03-09-2013 10:28:48 Windows Update
04-09-2013 09:28:34 Removed ASPCA Reminder by We-Care.com v4.1.22.1
29-03-2015 20:35:35 Windows Update
02-04-2015 20:55:43 Windows Update
03-04-2015 21:12:23 Windows Update
03-04-2015 21:43:17 Windows Update
03-04-2015 22:14:56 Driver Booster : 300Mbps Wireless USB Adapter
05-04-2015 18:47:38 Microsoft Antimalware Checkpoint
05-04-2015 19:42:36 Removed Java 7 Update 67
07-04-2015 20:52:45 Windows Update
09-04-2015 20:23:32 Removed DriverUpdate
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-04-08 21:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06FD88A2-4088-4649-8500-747BD62B3D6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-09] (Google Inc.)
Task: {26D1CA1D-C408-4D5C-A6F2-ABB0A9F4E27D} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Win7_Pro64\AppData\Local\browser extensions\client.exe"
Task: {28D6A2C8-F323-4FF2-9641-CB671C45ED7F} - System32\Tasks\JKUGPELH => C:\ProgramData\efe30e7967304d318f6c75a53147af8a\efe30e7967304d318f6c75a53147af8a.exe [2015-04-10] ()
Task: {29575FE3-F5C4-41F7-BC8F-21CFACD6C334} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-08] (TuneUp Software)
Task: {2E81E26E-F705-4796-A070-294253F80A3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-09] (Google Inc.)
Task: {370F7393-60EF-4D05-8997-8FEC3A9DCCE7} - System32\Tasks\Validate Installation => C:\Users\Win7_Pro64\AppData\Local\browser extensions\updater.exe
Task: {3883582E-FBFE-45D0-90EE-6B25B3BF25AF} - System32\Tasks\PostPoneInstall => C:\Users\WIN7_P~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {41B00984-AB89-4D91-B43D-7EE1856E02A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {4A0C5A0D-2DDF-41F4-961C-1E0594862CF1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {72A75139-0C59-45C2-BFAA-2078690F5144} - System32\Tasks\Run_Browser => C:\Users\Win7_Pro64\AppData\Local\UnicoBrowser\Application\unicobrowser.exe
Task: {7AFFFAC7-6255-4F6C-811D-121D78A9B232} - System32\Tasks\ASC8_SkipUac_Win7_Pro64 => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: {94F5CE7D-CD7F-4C12-9114-6645D6C33F2A} - \SPBIW_UpdateTask_Time_313038343234373034392d574a324178345a2a376c455a No Task File <==== ATTENTION
Task: {9EE5A4FF-2302-4979-B2E1-BF54F2052FC0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A5CDB49A-A51B-49E2-8468-04104B622500} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A6C8FB7D-85D8-4253-AB7B-2751A2D49AF7} - System32\Tasks\{19E8C276-38CC-4167-8A91-C2B1DDBFA92D} => pcalua.exe -a "C:\Program Files (x86)\Dell\Digital Jukebox Drivers\CtDrvIns.exe" -d "C:\Program Files (x86)\Dell\Digital Jukebox Drivers"
Task: {A7176563-3D07-4990-8912-2D2086C5CCCD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B1B3957D-D715-4F95-BCC4-21877E81E264} - System32\Tasks\{0B55C2EE-CC29-4C4D-B009-6A310B745771} => pcalua.exe -a C:\Users\Win7_Pro64\Downloads\sp51467.exe -d C:\Users\Win7_Pro64\Desktop
Task: {BEB34D76-4524-418F-A69A-CC80AFAB3F53} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {C8995A1E-A724-4F5E-9B81-7143CD8AA78F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {CA063E36-DF20-45E6-A3A2-85F28E1E5B1B} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {D575C295-9E38-46FE-8706-A29DE2AA927E} - System32\Tasks\JWTJRHFDOU => C:\ProgramData\80d5dcbb79a54ee1bd6c34e71ca74a48\80d5dcbb79a54ee1bd6c34e71ca74a48.exe
Task: {D8347DC1-7C34-4BCC-89B6-68C4BC0A1667} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {DDC62DDF-CC91-423B-9084-FD309E62D39C} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {E88F0ED6-D530-4A7D-9386-86166A3C48C7} - System32\Tasks\keepup => C:\Users\Win7_Pro64\AppData\Roaming\jellylam\rinti.exe
Task: {E8D37E13-A3C4-49A5-A554-71495A384893} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe
Task: {F6EEDD33-390D-4F78-B6C3-C0D9F5EE9342} - System32\Tasks\Check Updates => C:\Users\Win7_Pro64\AppData\Local\browser extensions\updater.exe
Task: {FC94F2A7-76D1-4D06-8EE9-EDBFFCC2B970} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {FD5D9FA6-7334-43EC-BB12-7106FE7BFEBE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MyTurboPC.com Registration3.job => C:\Windows\system32\rundll32.exeIC:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll RunUns7C:\Program Files (x86)\Common Files\MyTurboPC.com
 
==================== Loaded Modules (whitelisted) ==============
 
2014-05-22 21:51 - 2011-04-10 22:26 - 00034304 _____ () C:\Windows\System32\spep6l.dll
2014-05-22 21:50 - 2011-04-10 22:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2013-07-26 07:42 - 2013-07-26 07:42 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2015-03-01 23:24 - 2015-03-01 23:24 - 00113664 _____ () C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs
2013-09-08 21:01 - 2013-09-08 21:01 - 00045056 _____ () C:\Windows\SysWOW64\UTSCSI.EXE
2015-04-03 13:28 - 2015-04-03 13:28 - 00151552 _____ () C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp
2009-11-24 16:36 - 2009-11-24 16:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2013-12-20 17:08 - 2013-07-16 10:30 - 00938157 _____ () C:\Windows\SysWOW64\APShellExt64.dll
2015-04-02 21:04 - 2015-03-30 14:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 21:04 - 2015-03-30 14:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 21:04 - 2015-03-30 14:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:7BEAD6C2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-861961308-2404378247-3874497544-500 - Administrator - Disabled)
Guest (S-1-5-21-861961308-2404378247-3874497544-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-861961308-2404378247-3874497544-1002 - Limited - Enabled)
remote (S-1-5-21-861961308-2404378247-3874497544-1003 - Administrator - Enabled)
Win7_Pro64 (S-1-5-21-861961308-2404378247-3874497544-1000 - Administrator - Enabled) => C:\Users\Win7_Pro64
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2015 07:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DriverUpdate.exe, version: 2.3.0.0, time stamp: 0x5514570e
Faulting module name: DriverUpdate.exe, version: 2.3.0.0, time stamp: 0x5514570e
Exception code: 0xc0000005
Fault offset: 0x00030564
Faulting process id: 0xea0
Faulting application start time: 0xDriverUpdate.exe0
Faulting application path: DriverUpdate.exe1
Faulting module path: DriverUpdate.exe2
Report Id: DriverUpdate.exe3
 
Error: (04/08/2015 08:35:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (04/07/2015 10:30:09 PM) (Source: MsiInstaller) (EventID: 11309) (User: Win7_Pro64-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
Error: (04/07/2015 08:39:31 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: 
 
Error: (04/07/2015 08:39:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (04/07/2015 08:13:03 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3904) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (04/07/2015 05:50:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 13a0
 
Start Time: 01d07150d2a6664b
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: 4b263717-dd89-11e4-a8c0-2c27d71f8bec
 
Error: (04/07/2015 09:33:46 AM) (Source: MsiInstaller) (EventID: 11309) (User: Win7_Pro64-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
Error: (04/06/2015 02:16:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StartUpManager.exe version 10.0.4500.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: dbc
 
Start Time: 01d070aeb48f2bfb
 
Termination Time: 7
 
Application Path: C:\Program Files (x86)\TuneUp Utilities 2011\StartUpManager.exe
 
Report Id: 327d2242-dca2-11e4-82ca-2c27d71f8bec
 
Error: (04/05/2015 09:00:53 PM) (Source: MsiInstaller) (EventID: 11309) (User: Win7_Pro64-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
 
System errors:
=============
Error: (04/09/2015 09:06:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/09/2015 08:56:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/09/2015 08:46:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/09/2015 08:36:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/09/2015 08:33:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/09/2015 08:26:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/09/2015 08:24:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update Hatchiho service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/09/2015 08:24:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util Hatchiho service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/09/2015 08:16:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/09/2015 08:06:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2015 07:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DriverUpdate.exe2.3.0.05514570eDriverUpdate.exe2.3.0.05514570ec000000500030564ea001d07339b7b4574fC:\Program Files (x86)\DriverUpdate\DriverUpdate.exeC:\Program Files (x86)\DriverUpdate\DriverUpdate.exefc114926-df2c-11e4-add3-2c27d71f8bec
 
Error: (04/08/2015 08:35:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (04/07/2015 10:30:09 PM) (Source: MsiInstaller) (EventID: 11309) (User: Win7_Pro64-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (04/07/2015 08:39:31 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: 
 
Error: (04/07/2015 08:39:31 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (04/07/2015 08:13:03 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3904WindowsMail0:
 
Error: (04/07/2015 05:50:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.71113a001d07150d2a6664b16C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe4b263717-dd89-11e4-a8c0-2c27d71f8bec
 
Error: (04/07/2015 09:33:46 AM) (Source: MsiInstaller) (EventID: 11309) (User: Win7_Pro64-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (04/06/2015 02:16:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: StartUpManager.exe10.0.4500.46dbc01d070aeb48f2bfb7C:\Program Files (x86)\TuneUp Utilities 2011\StartUpManager.exe327d2242-dca2-11e4-82ca-2c27d71f8bec
 
Error: (04/05/2015 09:00:53 PM) (Source: MsiInstaller) (EventID: 11309) (User: Win7_Pro64-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-08 21:35:07.169
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-08 21:35:07.106
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-15 14:07:17.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 14:07:17.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 14:07:17.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 14:07:17.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 14:07:17.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-15 14:07:17.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 13:46:42.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 13:46:42.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 

Edited by elbruceo, 10 April 2015 - 10:23 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 11 April 2015 - 08:11 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CreateRestorePoint:
CloseProcesses:

(PastaLeads) C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe
() C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs
(Webar) C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-10.exe
(Webar) C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-6.exe
(Quick Ref) C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
() C:\Program Files (x86)\Hatchiho\updateHatchiho.exe
() C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
() C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp
() C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.PurBrowse64.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.expext.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter64.exe
(Goobzo) C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe
() C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe
(                                                            ) C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\Download\majmp_gentleeeuu.exe
() C:\Users\Win7_Pro64\AppData\Local\Temp\is-MK6TJ.tmp\majmp_gentleeeuu.tmp
(                                                            ) C:\Users\Win7_Pro64\AppData\Local\Temp\is-5FK1B.tmp\gentlemjmp_ieeuu.exe
() C:\Users\Win7_Pro64\AppData\Local\Temp\is-6A1RN.tmp\gentlemjmp_ieeuu.tmp
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(Goobzo) C:\Program Files (x86)\ShopperPro\Updater.exe
(Goobzo) C:\Program Files (x86)\YTDownloader\Updater.exe
(Goobzo) C:\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe
(Goobzo LTD) C:\Program Files (x86)\ShopperPro\ShopperPro.exe
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe [3224576 2015-04-09] ()
HKLM-x32\...\RunOnce: [upgmsd_us_422.exe] => C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe [3307464 2015-04-09] ()
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [DeskBar] => C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe [1549096 2015-03-30] (Goobzo)
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe [3224576 2015-04-09] ()
Startup: C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-04-09] (Goobzo Ltd.)
BHO-x32: Hatchiho 1.0.0.7 -> {0569f0df-cce6-43e9-aecb-5c5cf431e3b4} -> C:\Program Files (x86)\Hatchiho\Hatchihobho.dll [2015-04-10] (Hatchiho)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-04-09] (Goobzo Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF SearchPlugin: C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\searchplugins\inbox-search.xml [2013-11-26]
FF Extension: Cinema PlusV31.03 - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-04]
FF Extension: Ge-Force - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-04-10]
FF Extension: youtubeunblockerunblockeryt - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\youtubeunblocker@unblocker.yt [2015-03-12]
FF Extension: Shopper-Pro - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-04-10]
FF Extension: Zoom It - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{76540169-abcf-6127-d94f-849a8742bb01} [2015-03-22]
FF Extension: Hatchiho 1.0.1 - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}.xpi [2015-04-10]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\{c645e00e-f796-4f6f-a777-e6af60acca44}.xpi [Not Found]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\veggy@veggyAddon.com [Not Found]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\MGKN37049485@ACPSC11936960.com [Not Found]
S2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [22376 2015-01-08] ()
R2 pastaleadsupd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe [1082880 2015-02-16] (PastaLeads) [File not signed]
R2 qrsvc_1.10.0.12; C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe [278592 2015-03-26] (Quick Ref)
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2717992 2015-03-30] (Search Module Ltd.)
R2 Update Hatchiho; C:\Program Files (x86)\Hatchiho\updateHatchiho.exe [404712 2015-04-10] ()
R2 Util Hatchiho; C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe [404712 2015-04-10] ()
R2 xyhigysy; C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp [151552 2015-04-03] () [File not signed]
S2 AdvancedSystemCareService8; No ImagePath
S2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [X]
S2 Gambali; C:\ProgramData\FlashBeat\Gambali.exe [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
R2 powywejy; C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs [X]
R1 PastaLUpdd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys [61872 2015-02-16] ()
R1 qrnfd_1_10_0_12; C:\Windows\System32\drivers\qrnfd_1_10_0_12.sys [58224 2015-03-26] (Quick Ref)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-08] (YTDownloader)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42656 2015-03-30] ()
R2 SPDRIVER_1.38.1.1738; C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.sys [52376 2015-04-09] ()
R1 {d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64; C:\Windows\System32\drivers\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64.sys [48776 2015-04-10] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 cpuz134; \??\C:\Users\WIN7_P~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
Task: {3883582E-FBFE-45D0-90EE-6B25B3BF25AF} - System32\Tasks\PostPoneInstall => C:\Users\WIN7_P~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {94F5CE7D-CD7F-4C12-9114-6645D6C33F2A} - \SPBIW_UpdateTask_Time_313038343234373034392d574a324178345a2a376c455a No Task File <==== ATTENTION
Task: {BEB34D76-4524-418F-A69A-CC80AFAB3F53} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {FD5D9FA6-7334-43EC-BB12-7106FE7BFEBE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:7BEAD6C2
C:\Program Files\Common Files\PastaLeads
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5
C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\QuickRef_1.10.0.12
C:\Program Files\Common Files\Goobzo
C:\Program Files (x86)\Hatchiho
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422
C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe
C:\Program Files (x86)\ShopperPro
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422
C:\Users\Win7_Pro64\AppData\Local\Temp\is-MK6TJ.tmp
C:\Users\Win7_Pro64\AppData\Local\Temp\is-6A1RN.tmp
C:\Program Files (x86)\YTDownloader
C:\Users\Win7_Pro64\AppData\Local\SmartWeb
C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
C:\Program Files (x86)\globalUpdate
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\searchplugins\inbox-search.xml
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\TTSD90021300@PYDKGV101145942.com
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\youtubeunblocker@unblocker.yt
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{76540169-abcf-6127-d94f-849a8742bb01}
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}.xpi
C:\Program Files\Common Files\PastaLeads

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please run the AdwCleaner tool one more time and clean everything that will be found.

Post the log for my review.

How is the compuer running now?

#5 elbruceo

elbruceo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 11 April 2015 - 10:16 PM

heres the latest log

 

after reboot the only item not wanted so far is "stormwatch alert"

 

will run adwcleaner and see what happens

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-04-2015
Ran by Win7_Pro64 at 2015-04-11 20:06:31 Run:1
Running from C:\FRST
Loaded Profiles: Win7_Pro64 (Available profiles: Win7_Pro64)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
(PastaLeads) C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe
() C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs
(Webar) C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-10.exe
(Webar) C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-6.exe
(Quick Ref) C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
() C:\Program Files (x86)\Hatchiho\updateHatchiho.exe
() C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe
() C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp
() C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.PurBrowse64.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.expext.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter.exe
() C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter64.exe
(Goobzo) C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe
() C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe
(                                                            ) C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\Download\majmp_gentleeeuu.exe
() C:\Users\Win7_Pro64\AppData\Local\Temp\is-MK6TJ.tmp\majmp_gentleeeuu.tmp
(                                                            ) C:\Users\Win7_Pro64\AppData\Local\Temp\is-5FK1B.tmp\gentlemjmp_ieeuu.exe
() C:\Users\Win7_Pro64\AppData\Local\Temp\is-6A1RN.tmp\gentlemjmp_ieeuu.tmp
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(Goobzo) C:\Program Files (x86)\ShopperPro\Updater.exe
(Goobzo) C:\Program Files (x86)\YTDownloader\Updater.exe
(Goobzo) C:\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe
(Goobzo LTD) C:\Program Files (x86)\ShopperPro\ShopperPro.exe
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe [3224576 2015-04-09] ()
HKLM-x32\...\RunOnce: [upgmsd_us_422.exe] => C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe [3307464 2015-04-09] ()
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [DeskBar] => C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe [1549096 2015-03-30] (Goobzo)
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2015-01-08] (YTDownloader)
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe [3224576 2015-04-09] ()
Startup: C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
ShortcutTarget: SmartWeb.lnk -> C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-04-09] (Goobzo Ltd.)
BHO-x32: Hatchiho 1.0.0.7 -> {0569f0df-cce6-43e9-aecb-5c5cf431e3b4} -> C:\Program Files (x86)\Hatchiho\Hatchihobho.dll [2015-04-10] (Hatchiho)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-04-09] (Goobzo Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF SearchPlugin: C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\searchplugins\inbox-search.xml [2013-11-26]
FF Extension: Cinema PlusV31.03 - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-04]
FF Extension: Ge-Force - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\TTSD90021300@PYDKGV101145942.com [2015-04-10]
FF Extension: youtubeunblockerunblockeryt - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\youtubeunblocker@unblocker.yt [2015-03-12]
FF Extension: Shopper-Pro - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-04-10]
FF Extension: Zoom It - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{76540169-abcf-6127-d94f-849a8742bb01} [2015-03-22]
FF Extension: Hatchiho 1.0.1 - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}.xpi [2015-04-10]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\{c645e00e-f796-4f6f-a777-e6af60acca44}.xpi [Not Found]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\veggy@veggyAddon.com [Not Found]
FF Extension: No Name - C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\MGKN37049485@ACPSC11936960.com [Not Found]
S2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [22376 2015-01-08] ()
R2 pastaleadsupd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe [1082880 2015-02-16] (PastaLeads) [File not signed]
R2 qrsvc_1.10.0.12; C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe [278592 2015-03-26] (Quick Ref)
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2717992 2015-03-30] (Search Module Ltd.)
R2 Update Hatchiho; C:\Program Files (x86)\Hatchiho\updateHatchiho.exe [404712 2015-04-10] ()
R2 Util Hatchiho; C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe [404712 2015-04-10] ()
R2 xyhigysy; C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp [151552 2015-04-03] () [File not signed]
S2 AdvancedSystemCareService8; No ImagePath
S2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe [X]
S2 Gambali; C:\ProgramData\FlashBeat\Gambali.exe [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
R2 powywejy; C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs [X]
R1 PastaLUpdd; C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaldrw.sys [61872 2015-02-16] ()
R1 qrnfd_1_10_0_12; C:\Windows\System32\drivers\qrnfd_1_10_0_12.sys [58224 2015-03-26] (Quick Ref)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-08] (YTDownloader)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [42656 2015-03-30] ()
R2 SPDRIVER_1.38.1.1738; C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.sys [52376 2015-04-09] ()
R1 {d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64; C:\Windows\System32\drivers\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64.sys [48776 2015-04-10] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 COMMONFX.DLL; system32\COMMONFX.DLL [X]
S3 cpuz134; \??\C:\Users\WIN7_P~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 CTAUDFX.DLL; system32\CTAUDFX.DLL [X]
S3 CTERFXFX.DLL; system32\CTERFXFX.DLL [X]
S3 CTSBLFX.DLL; system32\CTSBLFX.DLL [X]
Task: {3883582E-FBFE-45D0-90EE-6B25B3BF25AF} - System32\Tasks\PostPoneInstall => C:\Users\WIN7_P~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {94F5CE7D-CD7F-4C12-9114-6645D6C33F2A} - \SPBIW_UpdateTask_Time_313038343234373034392d574a324178345a2a376c455a No Task File <==== ATTENTION
Task: {BEB34D76-4524-418F-A69A-CC80AFAB3F53} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {FD5D9FA6-7334-43EC-BB12-7106FE7BFEBE} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:7BEAD6C2
C:\Program Files\Common Files\PastaLeads
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5
C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\QuickRef_1.10.0.12
C:\Program Files\Common Files\Goobzo
C:\Program Files (x86)\Hatchiho
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422
C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe
C:\Program Files (x86)\ShopperPro
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422
C:\Users\Win7_Pro64\AppData\Local\Temp\is-MK6TJ.tmp
C:\Users\Win7_Pro64\AppData\Local\Temp\is-6A1RN.tmp
C:\Program Files (x86)\YTDownloader
C:\Users\Win7_Pro64\AppData\Local\SmartWeb
C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
C:\Program Files (x86)\globalUpdate
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\searchplugins\inbox-search.xml
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\TTSD90021300@PYDKGV101145942.com
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\youtubeunblocker@unblocker.yt
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{76540169-abcf-6127-d94f-849a8742bb01}
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}.xpi
C:\Program Files\Common Files\PastaLeads
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe => No running process found
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5\nso541.tmpfs => No running process found
C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-10.exe => No running process found
C:\Program Files (x86)\Ge-Force\360edbe2-65db-4595-a09c-035030ee10d2-6.exe => No running process found
C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe => No running process found
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe => No running process found
C:\Program Files (x86)\Hatchiho\updateHatchiho.exe => No running process found
C:\Program Files (x86)\Hatchiho\bin\utilHatchiho.exe => No running process found
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5\jnsq1095.tmp => No running process found
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe => No running process found
C:\Program Files (x86)\Hatchiho\bin\Hatchiho.PurBrowse64.exe => No running process found
C:\Program Files (x86)\Hatchiho\bin\Hatchiho.expext.exe => No running process found
C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter.exe => No running process found
C:\Program Files (x86)\Hatchiho\bin\Hatchiho.BrowserAdapter64.exe => No running process found
C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe => No running process found
C:\Program Files (x86)\ShopperPro\JSDriver\1.38.1.1738\jsdrv.exe => No running process found
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\upgmsd_us_422.exe => No running process found
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422\Download\majmp_gentleeeuu.exe => No running process found
C:\Users\Win7_Pro64\AppData\Local\Temp\is-MK6TJ.tmp\majmp_gentleeeuu.tmp => No running process found
C:\Users\Win7_Pro64\AppData\Local\Temp\is-5FK1B.tmp\gentlemjmp_ieeuu.exe => No running process found
C:\Users\Win7_Pro64\AppData\Local\Temp\is-6A1RN.tmp\gentlemjmp_ieeuu.tmp => No running process found
C:\Program Files (x86)\YTDownloader\YTDownloader.exe => No running process found
C:\Program Files (x86)\ShopperPro\Updater.exe => No running process found
C:\Program Files (x86)\YTDownloader\Updater.exe => No running process found
C:\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe => No running process found
C:\Program Files (x86)\ShopperPro\ShopperPro.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_us_422.exe => value deleted successfully.
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DeskBar => value deleted successfully.
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => Value not found.
HKU\S-1-5-21-861961308-2404378247-3874497544-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => Value not found.
C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => Moved successfully.
C:\Users\Win7_Pro64\AppData\Local\SmartWeb\SmartWebHelper.exe => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-861961308-2404378247-3874497544-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. 
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0569f0df-cce6-43e9-aecb-5c5cf431e3b4}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0569f0df-cce6-43e9-aecb-5c5cf431e3b4}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. 
HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 => Key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 => Key not found. 
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\searchplugins\inbox-search.xml => Moved successfully.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com => Moved successfully.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\TTSD90021300@PYDKGV101145942.com not found.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\youtubeunblocker@unblocker.yt => Moved successfully.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} not found.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{76540169-abcf-6127-d94f-849a8742bb01} => Moved successfully.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}.xpi => Moved successfully.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\{c645e00e-f796-4f6f-a777-e6af60acca44}.xpi not found.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\veggy@veggyAddon.com not found.
C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\extensions\MGKN37049485@ACPSC11936960.com not found.
BrsHelper => Service deleted successfully.
pastaleadsupd => Service not found.
qrsvc_1.10.0.12 => Service not found.
SMUpd => Service not found.
Update Hatchiho => Service deleted successfully.
Util Hatchiho => Service deleted successfully.
xyhigysy => Service deleted successfully.
AdvancedSystemCareService8 => Service deleted successfully.
FlashBeat => Service not found.
Gambali => Service not found.
globalUpdate => Service not found.
powywejy => Service deleted successfully.
PastaLUpdd => Service not found.
qrnfd_1_10_0_12 => Service not found.
sbmntr => Service not found.
SMUpdd => Service not found.
SPDRIVER_1.38.1.1738 => Service not found.
{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64 => Service stopped successfully.
{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}Gw64 => Service deleted successfully.
catchme => Service deleted successfully.
COMMONFX.DLL => Service deleted successfully.
cpuz134 => Service deleted successfully.
CTAUDFX.DLL => Service deleted successfully.
CTERFXFX.DLL => Service deleted successfully.
CTSBLFX.DLL => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3883582E-FBFE-45D0-90EE-6B25B3BF25AF} => Key not found. 
C:\Windows\System32\Tasks\PostPoneInstall not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F5CE7D-CD7F-4C12-9114-6645D6C33F2A}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F5CE7D-CD7F-4C12-9114-6645D6C33F2A}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_313038343234373034392d574a324178345a2a376c455a" => Key Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEB34D76-4524-418F-A69A-CC80AFAB3F53} => Key not found. 
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => Key Deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD5D9FA6-7334-43EC-BB12-7106FE7BFEBE} => Key not found. 
C:\Windows\System32\Tasks\LaunchSignup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found. 
C:\ProgramData\TEMP => ":7BEAD6C2" ADS removed successfully.
"C:\Program Files\Common Files\PastaLeads" => File/Directory not found.
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1425248647-1016-AB1E-D9913A7F87B5 => Moved successfully.
"C:\Program Files (x86)\Ge-Force" => File/Directory not found.
"C:\Program Files (x86)\QuickRef_1.10.0.12" => File/Directory not found.
"C:\Program Files\Common Files\Goobzo" => File/Directory not found.
C:\Program Files (x86)\Hatchiho => Moved successfully.
C:\Users\Win7_Pro64\AppData\Roaming\3E872980-1428092865-1016-AB1E-D9913A7F87B5 => Moved successfully.
C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422 => Moved successfully.
C:\Users\Win7_Pro64\AppData\Local\DeskBar\deskbar.exe => Moved successfully.
"C:\Program Files (x86)\ShopperPro" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Local\gmsd_us_422" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Local\Temp\is-MK6TJ.tmp" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Local\Temp\is-6A1RN.tmp" => File/Directory not found.
"C:\Program Files (x86)\YTDownloader" => File/Directory not found.
C:\Users\Win7_Pro64\AppData\Local\SmartWeb => Moved successfully.
"C:\Users\Win7_Pro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk" => File/Directory not found.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\searchplugins\inbox-search.xml" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\TTSD90021300@PYDKGV101145942.com" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\youtubeunblocker@unblocker.yt" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{76540169-abcf-6127-d94f-849a8742bb01}" => File/Directory not found.
"C:\Users\Win7_Pro64\AppData\Roaming\Mozilla\Firefox\Profiles\0zm2lgg5.default\Extensions\{d1bdfa01-5a9a-448b-bb7a-b6dc6b34803d}.xpi" => File/Directory not found.
"C:\Program Files\Common Files\PastaLeads" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:06:53 ====


#6 elbruceo

elbruceo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 11 April 2015 - 10:46 PM

"AdwCleaner" needs to change the button selections, when i see a button that says "uninstall" after doing a scan I would pic it thinking that would uninstall the found problems but nooooooooooooooooooooooooooooooooooooooooo! it uninstalls "AdwCleaner" and does no cleaning

any way selected the cleaning button this time and we will see what happens



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 12 April 2015 - 07:55 AM

Download the application again.
Run it and Scan the computer.

If you wish to remove everything that is found use the Clean button.
If not sure then post the content of the scan log for my review.


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

#8 elbruceo

elbruceo
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 15 April 2015 - 07:09 PM

all looks good now thanks for your help



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 16 April 2015 - 07:12 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 21 April 2015 - 07:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users