brownhornet Posted August 2, 2014 Share Posted August 2, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014Ran by castro (administrator) on CASTRO-PC on 02-08-2014 12:25:22Running from C:\Users\castro\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\IntelĀ® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-23] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [HideSCAHealth] 1HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"HKU\S-1-5-21-421815810-114840823-2280959742-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-421815810-114840823-2280959742-1000.bak\...\RunOnce: [scrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)BootExecute: autocheck autochk * sdnclean64.exeGroupPolicy: Group Policy on Chrome detected <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=iedefHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8FD916E584ADCF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedefHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedefHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=iedefSearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAWSearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cabDPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocxDPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12FireFox:========FF ProfilePath: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077FF DefaultSearchEngine: Yahoo! (Avast)FF SearchEngineOrder.1: Yahoo! (Avast)FF SelectedSearchEngine: Yahoo! (Avast)FF Homepage: https://www.yahoo.com?fr=hp-avast&type=iedefFF Keyword.URL: https://search.yahoo.com/yhs/searchFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xmlFF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-06]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-31]Chrome:=======CHR HomePage: https://www.yahoo.com?fr=hp-avast&type=iedefCHR StartupUrls: "https://www.yahoo.com?fr=hp-avast&type=iedef"CHR DefaultSearchKeyword: trovi.searchCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]CHR Extension: (avast! Online Security) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-01]CHR Extension: (RealDownloader) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06]CHR Extension: (Google Wallet) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-01]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-04-24] (SUPERAntiSpyware.com) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe [610376 2014-01-23] (Citrix Online, a division of Citrix Systems, Inc.)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]S4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [85504 2009-06-26] (PC Pitstop LLC) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()S2 AllDaySavingsService64; No ImagePathS2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23 [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-31] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-31] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-31] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-31] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-31] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-31] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-31] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-31] ()R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-30] ()S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()S1 jnuqvylm; \??\C:\Windows\system32\drivers\jnuqvylm.sys [X]S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-08-02 12:25 - 2014-08-02 12:26 - 00019142 _____ () C:\Users\castro\Downloads\FRST.txt2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\FRST2014-08-02 12:22 - 2014-08-02 12:22 - 00001455 _____ () C:\Users\castro\Desktop\FRST64.exe - Shortcut.lnk2014-08-02 12:21 - 2014-08-02 12:21 - 02094080 _____ (Farbar) C:\Users\castro\Downloads\FRST64.exe2014-08-02 04:49 - 2014-08-02 04:49 - 00000914 _____ () C:\Users\castro\Desktop\JRT.txt2014-08-02 04:26 - 2014-08-02 04:26 - 00010490 _____ () C:\Windows\system32\.crusader2014-08-02 04:17 - 2014-08-02 04:17 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\Program Files\HitmanPro2014-08-02 04:16 - 2014-08-02 04:26 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-02 04:15 - 2014-08-02 04:16 - 11188736 _____ (SurfRight B.V.) C:\Users\castro\Downloads\HitmanPro_x64.exe2014-08-02 04:07 - 2014-08-02 05:01 - 00001121 _____ () C:\Users\castro\Desktop\Internet Explorer (64-bit).lnk2014-08-02 01:15 - 2014-08-02 01:16 - 111334136 _____ (Microsoft Corporation) C:\Users\castro\Downloads\msert.exe2014-08-02 00:19 - 2014-08-02 00:19 - 00001440 _____ () C:\Users\castro\Desktop\RUNSAS.EXE - Shortcut.lnk2014-08-01 17:48 - 2014-08-01 17:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\castro\Downloads\mbam-setup-2.0.2.1012.exe2014-08-01 17:48 - 2014-08-01 17:48 - 00001588 _____ () C:\Users\castro\Desktop\mbam-setup-2.0.2.1012.exe - Shortcut.lnk2014-08-01 15:34 - 2014-08-01 23:37 - 00001802 _____ () C:\sc-cleaner.txt2014-08-01 15:33 - 2014-08-01 15:33 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\castro\Downloads\sc-cleaner.exe2014-08-01 15:33 - 2014-08-01 15:33 - 00001493 _____ () C:\Users\castro\Desktop\sc-cleaner.exe - Shortcut.lnk2014-08-01 15:17 - 2014-08-01 15:29 - 00001420 _____ () C:\Users\castro\Desktop\TFC - Shortcut.lnk2014-08-01 15:16 - 2014-08-01 15:16 - 00448512 _____ (OldTimer Tools) C:\Users\castro\Downloads\TFC.exe2014-08-01 11:55 - 2014-08-02 05:24 - 00000766 _____ () C:\Users\castro\Downloads\SystemLook.txt2014-08-01 11:54 - 2014-08-01 11:54 - 00001102 _____ () C:\Users\castro\Desktop\SystemLook_x64 - Shortcut.lnk2014-08-01 11:53 - 2014-08-01 11:53 - 00165376 _____ () C:\Users\castro\Downloads\SystemLook_x64.exe2014-08-01 05:31 - 2014-08-02 04:33 - 00001228 _____ () C:\Windows\PFRO.log2014-08-01 02:45 - 2014-08-02 05:01 - 00001169 _____ () C:\Users\castro\Desktop\Mozilla Firefox.lnk2014-08-01 02:36 - 2014-08-01 02:39 - 00000000 ____D () C:\Users\castro\Desktop\Old Firefox Data2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\MSVCR100.dll2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumd32.dll2014-08-01 01:19 - 2014-08-01 01:19 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64(1).exe2014-07-31 23:12 - 2014-07-31 23:12 - 00000010 _____ () C:\Users\castro\AppData\Local\sponge.last.runtime.cache2014-07-31 23:08 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys2014-07-31 23:07 - 2014-08-02 04:55 - 00000672 _____ () C:\Windows\setupact.log2014-07-31 23:07 - 2014-07-31 23:07 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64.exe2014-07-31 23:07 - 2014-07-31 23:07 - 00000000 _____ () C:\Windows\setuperr.log2014-07-31 22:19 - 2014-07-31 22:19 - 02347384 _____ (ESET) C:\Users\castro\Downloads\esetsmartinstaller_enu.exe2014-07-31 22:19 - 2014-07-31 22:19 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-31 22:12 - 2014-07-31 22:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-31 22:12 - 2014-07-31 22:12 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\Program Files\CCleaner2014-07-31 22:09 - 2014-07-31 22:11 - 04813544 _____ (Piriform Ltd) C:\Users\castro\Downloads\ccsetup416.exe2014-07-31 22:01 - 2014-07-31 22:01 - 00000630 _____ () C:\Users\castro\Desktop\AdwCleaner - Shortcut.lnk2014-07-31 19:18 - 2014-07-31 19:18 - 00000000 ____D () C:\Users\castro\AppData\Roaming\AVAST Software2014-07-31 19:12 - 2014-07-31 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-07-31 19:11 - 2014-08-02 04:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-07-31 19:11 - 2014-07-31 19:11 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-07-31 19:11 - 2014-07-31 19:11 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-31 19:11 - 2014-07-31 19:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-07-31 19:06 - 2014-07-31 19:06 - 00000000 ____D () C:\Program Files\AVAST Software2014-07-31 19:03 - 2014-07-31 19:06 - 00000000 ____D () C:\ProgramData\AVAST Software2014-07-31 17:00 - 2014-07-31 17:00 - 00003118 _____ () C:\Windows\System32\Tasks\{DE4D3C3E-821D-4F20-9FE5-C05F77F0F9F2}2014-07-31 16:17 - 2014-04-05 23:36 - 01016261 _____ (Thisisu) C:\Users\castro\Desktop\JRT_NEW.exe2014-07-31 14:43 - 2010-11-20 06:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Sun2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-24 19:04 - 2014-07-24 19:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-24 19:04 - 2014-07-24 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-24 19:04 - 2014-07-24 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-24 19:04 - 2014-07-24 19:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-24 19:03 - 2014-07-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-24 18:58 - 2014-07-31 14:34 - 00000000 ____D () C:\Program Files\AllDaySavings2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd2014-07-24 18:50 - 2014-07-24 18:50 - 00004240 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a412014-07-24 18:50 - 2014-07-24 18:50 - 00003830 _____ () C:\Windows\System32\Tasks\Smp2014-07-24 18:50 - 2014-07-24 18:50 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro2014-07-24 18:49 - 2014-07-24 18:49 - 00004246 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a412014-07-24 18:48 - 2014-07-24 18:48 - 00000000 ____D () C:\Users\castro\AppData\Local\CrashRpt2014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite2014-07-14 18:55 - 2014-07-02 18:24 - 00039424 _____ () C:\Users\castro\Documents\flash 6-29-2014.xls2014-07-14 18:39 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-07-14 18:39 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-07-14 18:38 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-07-14 18:38 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-07-14 18:38 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-07-14 18:38 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-07-14 18:38 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-07-14 18:38 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-07-14 18:38 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-07-14 18:38 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-07-14 18:38 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-07-14 18:38 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-07-14 18:38 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-07-14 18:38 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-07-14 18:38 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-07-14 18:38 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-07-14 18:38 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-07-14 18:38 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-07-14 18:38 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-07-14 18:38 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-07-14 18:38 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-07-14 18:38 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-07-14 18:37 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-07-14 18:37 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-07-14 18:37 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-07-14 18:37 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-07-14 18:37 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-07-14 18:37 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-07-14 18:37 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-07-14 18:37 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-07-14 18:37 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-07-14 18:37 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-07-14 18:37 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-07-14 18:37 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-07-14 18:37 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-07-14 18:37 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-07-14 18:37 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-07-14 18:37 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-07-14 18:37 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-07-14 18:37 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-07-14 18:37 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-07-14 18:37 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-07-14 18:37 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-07-14 18:37 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-07-14 18:37 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-07-14 18:37 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-07-14 18:37 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-07-14 18:37 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-07-14 18:37 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-07-14 18:37 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-07-14 18:37 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-07-14 18:37 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-07-14 18:37 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-07-14 18:37 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-07-14 18:37 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-07-14 18:37 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-07-14 18:37 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-07-14 18:37 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-07-14 18:37 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-07-14 18:37 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-07-14 18:37 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-07-14 18:37 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-07-14 18:37 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-07-14 18:37 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-07-14 18:37 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-07-14 18:37 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-07-14 18:37 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-07-14 18:37 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-07-14 18:37 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-07-14 18:37 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-07-14 18:37 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-07-14 18:37 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-07-14 18:37 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-07-14 18:37 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-07-14 18:37 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-07-14 18:37 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-07-14 18:37 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-07-14 18:36 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-07-14 18:36 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-07-14 18:36 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-07-14 18:36 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-07-07 14:15 - 2014-07-07 14:14 - 00030208 _____ () C:\Users\castro\Downloads\U S Foods==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-08-02 12:26 - 2014-08-02 12:25 - 00019142 _____ () C:\Users\castro\Downloads\FRST.txt2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\FRST2014-08-02 12:22 - 2014-08-02 12:22 - 00001455 _____ () C:\Users\castro\Desktop\FRST64.exe - Shortcut.lnk2014-08-02 12:21 - 2014-08-02 12:21 - 02094080 _____ (Farbar) C:\Users\castro\Downloads\FRST64.exe2014-08-02 12:13 - 2013-02-19 19:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-08-02 12:08 - 2010-10-23 21:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-08-02 11:14 - 2010-09-17 09:55 - 01445907 _____ () C:\Windows\WindowsUpdate.log2014-08-02 05:24 - 2014-08-01 11:55 - 00000766 _____ () C:\Users\castro\Downloads\SystemLook.txt2014-08-02 05:03 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-02 05:03 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-02 05:01 - 2014-08-02 04:07 - 00001121 _____ () C:\Users\castro\Desktop\Internet Explorer (64-bit).lnk2014-08-02 05:01 - 2014-08-01 02:45 - 00001169 _____ () C:\Users\castro\Desktop\Mozilla Firefox.lnk2014-08-02 05:01 - 2013-05-04 19:51 - 00001151 _____ () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-08-02 04:56 - 2014-07-31 19:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-08-02 04:56 - 2014-06-09 15:51 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-421815810-114840823-2280959742-10002014-08-02 04:56 - 2013-09-21 16:15 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-421815810-114840823-2280959742-10002014-08-02 04:56 - 2013-07-20 21:35 - 00000404 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job2014-08-02 04:56 - 2010-10-23 21:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-08-02 04:56 - 2010-04-07 22:05 - 00000147 _____ () C:\Windows\SysWOW64\agent.log2014-08-02 04:55 - 2014-07-31 23:07 - 00000672 _____ () C:\Windows\setupact.log2014-08-02 04:55 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-02 04:49 - 2014-08-02 04:49 - 00000914 _____ () C:\Users\castro\Desktop\JRT.txt2014-08-02 04:33 - 2014-08-01 05:31 - 00001228 _____ () C:\Windows\PFRO.log2014-08-02 04:32 - 2014-04-28 21:18 - 00000000 ____D () C:\AdwCleaner2014-08-02 04:32 - 2013-03-06 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-08-02 04:26 - 2014-08-02 04:26 - 00010490 _____ () C:\Windows\system32\.crusader2014-08-02 04:26 - 2014-08-02 04:16 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-02 04:17 - 2014-08-02 04:17 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\Program Files\HitmanPro2014-08-02 04:16 - 2014-08-02 04:15 - 11188736 _____ (SurfRight B.V.) C:\Users\castro\Downloads\HitmanPro_x64.exe2014-08-02 01:16 - 2014-08-02 01:15 - 111334136 _____ (Microsoft Corporation) C:\Users\castro\Downloads\msert.exe2014-08-02 00:20 - 2011-12-04 19:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware2014-08-02 00:19 - 2014-08-02 00:19 - 00001440 _____ () C:\Users\castro\Desktop\RUNSAS.EXE - Shortcut.lnk2014-08-01 23:37 - 2014-08-01 15:34 - 00001802 _____ () C:\sc-cleaner.txt2014-08-01 17:48 - 2014-08-01 17:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\castro\Downloads\mbam-setup-2.0.2.1012.exe2014-08-01 17:48 - 2014-08-01 17:48 - 00001588 _____ () C:\Users\castro\Desktop\mbam-setup-2.0.2.1012.exe - Shortcut.lnk2014-08-01 15:33 - 2014-08-01 15:33 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\castro\Downloads\sc-cleaner.exe2014-08-01 15:33 - 2014-08-01 15:33 - 00001493 _____ () C:\Users\castro\Desktop\sc-cleaner.exe - Shortcut.lnk2014-08-01 15:29 - 2014-08-01 15:17 - 00001420 _____ () C:\Users\castro\Desktop\TFC - Shortcut.lnk2014-08-01 15:16 - 2014-08-01 15:16 - 00448512 _____ (OldTimer Tools) C:\Users\castro\Downloads\TFC.exe2014-08-01 11:54 - 2014-08-01 11:54 - 00001102 _____ () C:\Users\castro\Desktop\SystemLook_x64 - Shortcut.lnk2014-08-01 11:53 - 2014-08-01 11:53 - 00165376 _____ () C:\Users\castro\Downloads\SystemLook_x64.exe2014-08-01 02:45 - 2014-06-25 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-08-01 02:45 - 2011-03-21 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-08-01 02:39 - 2014-08-01 02:36 - 00000000 ____D () C:\Users\castro\Desktop\Old Firefox Data2014-08-01 01:27 - 2013-04-25 02:02 - 00825745 _____ () C:\Users\castro\AppData\Local\census.cache2014-08-01 01:27 - 2013-04-25 02:02 - 00107696 _____ () C:\Users\castro\AppData\Local\ars.cache2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\MSVCR100.dll2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumd32.dll2014-08-01 01:19 - 2014-08-01 01:19 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64(1).exe2014-07-31 23:12 - 2014-07-31 23:12 - 00000010 _____ () C:\Users\castro\AppData\Local\sponge.last.runtime.cache2014-07-31 23:07 - 2014-07-31 23:07 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64.exe2014-07-31 23:07 - 2014-07-31 23:07 - 00000000 _____ () C:\Windows\setuperr.log2014-07-31 22:19 - 2014-07-31 22:19 - 02347384 _____ (ESET) C:\Users\castro\Downloads\esetsmartinstaller_enu.exe2014-07-31 22:19 - 2014-07-31 22:19 - 00000000 ____D () C:\Program Files (x86)\ESET2014-07-31 22:16 - 2013-01-06 12:48 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Media Player Classic2014-07-31 22:16 - 2010-04-07 22:21 - 00000000 ____D () C:\Windows\Panther2014-07-31 22:12 - 2014-07-31 22:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-07-31 22:12 - 2014-07-31 22:12 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\Program Files\CCleaner2014-07-31 22:11 - 2014-07-31 22:09 - 04813544 _____ (Piriform Ltd) C:\Users\castro\Downloads\ccsetup416.exe2014-07-31 22:01 - 2014-07-31 22:01 - 00000630 _____ () C:\Users\castro\Desktop\AdwCleaner - Shortcut.lnk2014-07-31 19:50 - 2014-06-24 10:48 - 00000000 ____D () C:\temp2014-07-31 19:19 - 2014-06-19 11:14 - 00000000 ____D () C:\Program Files\pcmax2014-07-31 19:18 - 2014-07-31 19:18 - 00000000 ____D () C:\Users\castro\AppData\Roaming\AVAST Software2014-07-31 19:12 - 2014-07-31 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-07-31 19:11 - 2014-07-31 19:11 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-07-31 19:11 - 2014-07-31 19:11 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-07-31 19:11 - 2014-07-31 19:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-07-31 19:11 - 2014-07-31 19:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-07-31 19:06 - 2014-07-31 19:06 - 00000000 ____D () C:\Program Files\AVAST Software2014-07-31 19:06 - 2014-07-31 19:03 - 00000000 ____D () C:\ProgramData\AVAST Software2014-07-31 18:40 - 2011-12-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!2014-07-31 18:28 - 2014-07-24 18:42 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-07-31 17:11 - 2011-12-04 19:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster2014-07-31 17:11 - 2010-09-19 04:56 - 00000000 ____D () C:\ProgramData\Temp2014-07-31 17:00 - 2014-07-31 17:00 - 00003118 _____ () C:\Windows\System32\Tasks\{DE4D3C3E-821D-4F20-9FE5-C05F77F0F9F2}2014-07-31 16:58 - 2014-06-19 14:00 - 00000258 __RSH () C:\ProgramData\ntuser.pol2014-07-31 16:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding2014-07-31 16:07 - 2009-07-13 22:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI2014-07-31 14:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavings2014-07-31 12:53 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini2014-07-30 18:43 - 2013-08-29 18:43 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Sun2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-24 19:03 - 2014-07-24 19:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-07-24 19:03 - 2014-07-24 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-07-24 19:03 - 2014-07-24 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-07-24 19:03 - 2014-07-24 19:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-07-24 19:03 - 2014-07-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Java2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd2014-07-24 18:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System2014-07-24 18:50 - 2014-07-24 18:50 - 00004240 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a412014-07-24 18:50 - 2014-07-24 18:50 - 00003830 _____ () C:\Windows\System32\Tasks\Smp2014-07-24 18:50 - 2014-07-24 18:50 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro2014-07-24 18:49 - 2014-07-24 18:49 - 00004246 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a412014-07-24 18:48 - 2014-07-24 18:48 - 00000000 ____D () C:\Users\castro\AppData\Local\CrashRpt2014-07-24 18:35 - 2013-03-16 15:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-24 18:35 - 2013-03-16 15:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-07-24 18:34 - 2013-03-16 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-24 18:31 - 2011-09-13 19:02 - 00000000 ____D () C:\Users\castro\Desktop\Very important2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite2014-07-15 17:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache2014-07-15 16:40 - 2009-07-13 21:45 - 00426840 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-15 16:38 - 2014-05-21 11:33 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-15 16:38 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal2014-07-15 16:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-07-15 16:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism2014-07-15 16:21 - 2013-07-30 12:08 - 00000000 ____D () C:\Windows\system32\MRT2014-07-15 16:17 - 2010-10-20 19:19 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-07-15 16:17 - 2010-04-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-07-14 19:13 - 2013-02-19 19:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-07-14 19:13 - 2011-05-19 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-07-07 14:15 - 2010-09-21 07:31 - 00001756 _____ () C:\Users\castro\AppData\Roaming\wklnhst.dat2014-07-07 14:14 - 2014-07-07 14:15 - 00030208 _____ () C:\Users\castro\Downloads\U S FoodsFiles to move or delete:====================C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exeSome content of TEMP:====================C:\Users\castro\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-07-30 18:09==================== End Of Log ============================ Link to comment Share on other sites More sharing options...
brownhornet Posted August 2, 2014 Author Share Posted August 2, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014Ran by castro at 2014-08-02 12:26:53Running from C:\Users\castro\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.2.0 - liteon)Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0323.2010 - Acer Incorporated)Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader Free Download Packages (HKCU\...\Adobe Reader Free Download Packages) (Version: - ) <==== ATTENTIONAdobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Atheros Communications Inc.Ā® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: version 2.2 - Auslogics Software Pty Ltd)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)Community Smartbar (HKLM-x32\...\{D2A1B531-98BD-49FD-B7C0-5945C7471C26}) (Version: 1.6.1.761 - Linkury Inc.) <==== ATTENTIONCommunity Smartbar Engine (HKCU\...\{129e82ed-f78c-457f-9c72-426ed179a6d4}) (Version: 1.6.1.761 - Linkury Inc.) <==== ATTENTIONCompatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Consumer Input Software (remove only) (HKCU\...\Consumer Input Software) (Version: 2.7.1.7915 - Compete Inc.)CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) HiddenFacebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTIONFlash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)Free FLV Converter V 7.5.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.5.0.0 - Koyote Soft)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGoToAssist Customer 1.6.0.498 (HKLM-x32\...\GoToAssist Express Customer) (Version: 1.6.0.498 - Citrix Online)GoToAssist Expert 1.6.0.498 (HKCU\...\GoToAssist Remote Support Expert) (Version: 1.6.0.498 - Citrix Online)HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTIONHot Air Balloons ScreenSaver (HKLM-x32\...\{C982B990-407A-4CF6-9D98-D0ED261F9206}) (Version: 1.0.0.0 - W3i, LLC)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )InstallAssist (HKLM-x32\...\{5C565EA7-370B-4CEE-8385-3516DEE5A758}_is1) (Version: 1.0.0 - Shop To Win, LLC)IntelĀ® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)IntelĀ® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)IntelĀ® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenK-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) HiddenMozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) HiddenMyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) HiddenNTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)NTI Backup Now Standard (x32 Version: 5.1.2.503 - NewTech Infosystems) HiddenNTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6322 - NewTech Infosystems)NTI Media Maker 8 (x32 Version: 8.0.2.6322 - NewTech Infosystems) HiddenPC Pitstop Driver Alert2 2.0.0.0 (HKLM-x32\...\PC Pitstop Driver Alert2_is1) (Version: 2.0.0.0 - PC Pitstop LLC)RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6074 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRocketPDF (HKLM-x32\...\RocketPDF) (Version: - )Search module (HKLM-x32\...\Search module) (Version: - )Shredder (Version: 2.0.5.0 - Egis Technology Inc.) HiddenShredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) HiddenSpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)TranslationBuddy Toolbar (HKLM-x32\...\TranslationBuddy_5ebar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTIONUpdate for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-421815810-114840823-2280959742-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\castro\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File==================== Restore Points ============================================= Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {1AC26FA7-614D-4A92-9142-3BD2FFA79E7A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-421815810-114840823-2280959742-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)Task: {3A7E9B24-3E91-415A-8137-417849355DE5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-31] (AVAST Software)Task: {42474ACE-5D7A-411E-808C-CC711C4B4922} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2Task: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exeTask: {9CB212CD-1AFB-4C05-82E8-C5675B5B86E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23] (Google Inc.)Task: {9DEB0FCA-CAC4-4A04-8692-4007A5DB9A2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23] (Google Inc.)Task: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0Task: {C4A048BA-8CBE-463D-90F1-A815D7C3D15B} - System32\Tasks\{24C406C9-65B6-4D41-92EE-2D7A032B8BFD} => C:\Users\castro\AppData\Local\Citrix\GoToAssist Express Expert\403\g2ax_start.exeTask: {EA429B10-9CFC-4297-8AD0-9FEE0EF7427D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] ()Task: {F318B0AB-39F6-4CAD-9CA7-891B71BABFD4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)Task: {F58BB494-EC5C-45D4-90BE-7119DF0579E0} - System32\Tasks\{F1855822-B92A-4652-A4A2-4D1722A15BEA} => C:\Users\castro\AppData\Local\Citrix\GoToAssist Express Expert\403\g2ax_start.exeTask: {FCD262BA-6F16-4881-8C2B-3C6C99F83321} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-421815810-114840823-2280959742-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)Task: {FFDA30E2-22BE-477E-90D8-2CC8702CE9D1} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTIONTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2008-04-04 03:03 - 2008-04-04 03:03 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe2014-07-31 19:11 - 2014-07-31 19:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-08-02 04:20 - 2014-08-02 04:20 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080201\algo.dll2014-08-02 12:25 - 2014-08-02 12:25 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080202\algo.dll2014-07-31 19:11 - 2014-07-31 19:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2008-02-28 22:44 - 2008-02-28 22:44 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll2008-02-28 22:44 - 2008-02-28 22:44 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll2008-02-28 22:44 - 2008-02-28 22:44 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\MSVCR100.dll2010-04-07 21:34 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files (x86)\Intel\IntelĀ® Rapid Storage Technology\IsdiInterop.dll2014-08-01 02:44 - 2014-07-16 22:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumd32.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\Windows\system32\Drivers\dvtqtodq.sys:changelistAlternateDataStreams: C:\ProgramData\Temp:07F6D9E4AlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:56E2E879AlternateDataStreams: C:\ProgramData\Temp:5C321E34==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\startupfolder: C:^Users^castro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk => C:\Windows\pss\fliptoast.lnk.StartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"MSCONFIG\startupreg: AnyProtect Tray =>MSCONFIG\startupreg: BkupTray => "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -dMSCONFIG\startupreg: GoToAssist Express Expert => "C:\Users\castro\AppData\Local\Citrix\GoToAssist Express Expert\330\g2ax_start.exe" "/Trigger RunAtLogon"MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exeMSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\IntelĀ® Rapid Storage Technology\IAStorIcon.exeMSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exeMSCONFIG\startupreg: ISUSPM =>MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exeMSCONFIG\startupreg: pcreg => C:\Program Files\pcmax\service.exeMSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exeMSCONFIG\startupreg: PureLeads Tray =>MSCONFIG\startupreg: SDTray =>MSCONFIG\startupreg: SearchEngineProtection =>MSCONFIG\startupreg: SelectRebates =>MSCONFIG\startupreg: Spybot-S&D Cleaning =>MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeMSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot==================== Faulty Device Manager Devices =============Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================Error: (08/02/2014 00:21:58 PM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (08/02/2014 05:57:41 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (08/02/2014 05:56:35 AM) (Source: SideBySide) (EventID: 80) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (08/02/2014 04:54:32 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: psdprotect.dll, version: 3.1.206.0, time stamp: 0x4b66421dException code: 0x40000015Fault offset: 0x0000b1c3Faulting process id: 0x30cFaulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Error: (08/02/2014 04:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: psdprotect.dll, version: 3.1.206.0, time stamp: 0x4b66421dException code: 0x40000015Fault offset: 0x0000b1c3Faulting process id: 0x438Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3System errors:=============Error: (08/02/2014 00:21:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.Error: (08/02/2014 04:57:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Function Discovery Resource Publication service terminated with the following error:%%-2147467259Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:%%-2147467259Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Function Discovery Resource Publication service terminated with the following error:%%-2147467259Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:%%-2147467259Error: (08/02/2014 04:56:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Function Discovery Resource Publication service terminated with the following error:%%-2147467259Error: (08/02/2014 04:56:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:%%-2147467259Error: (08/02/2014 04:56:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Function Discovery Resource Publication service terminated with the following error:%%-2147467259Error: (08/02/2014 04:56:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The cyycfhtzro64 service failed to start due to the following error:%%2Microsoft Office Sessions:============================================= Memory info ===========================Percentage of memory in use: 44%Total physical RAM: 3001.98 MBAvailable physical RAM: 1668.91 MBTotal Pagefile: 6002.14 MBAvailable Pagefile: 4490.88 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB==================== Drives ================================Drive c: (Acer) (Fixed) (Total:220.78 GB) (Free:174.24 GB) NTFSDrive e: () (Removable) (Total:14.63 GB) (Free:13.82 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BE81B8DD)Partition 1: (Not Active) - (Size=12 GB) - (Type=27)Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 15 GB) (Disk ID: EB302EC7)Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)==================== End Of Log ============================ Link to comment Share on other sites More sharing options...
Juliet Posted August 2, 2014 Share Posted August 2, 2014 wowssa, ton of stuff in here. Ā Ā You have 2 antivirus running, dwindle this down to just 1. AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} Ā Go to add remove programs and look for, remove/uninstall if you can. **Trusted Software Assistant_is1 **Homepage by Mindspark Interactive Network, Inc ************************* Ā Ā Bring up MSCONFIG and check for these items listed, uncheck if found, then reboot. MSCONFIG\startupreg: pcreg => C:\Program Files\pcmax\service.exe MSCONFIG\startupreg: PureLeads Tray MSCONFIG\startupreg: SearchEngineProtection MSCONFIG\startupreg: SelectRebates Ā Ā ******************** Running from C:\Users\castro\Downloads I need if possible to have FRST located on desktop. Ā Find an open space on your desktop Right click and scroll down to NEW, click on this. to the side you will see new listings and then you'll see folder, click on that An empty folder will create and wait for you to name it, hit the back space bar on your computer and this will now be blank Type in FRST and then hit the Enter button on your computer. Ā Now, locate the FRST tool icon, take your mouse and drag it into the FRST folder thats just been created. Ā Next, locate the last fixlist.txt I created.( will be listed below) Now, drag the fixlist.txt into the newly created FRST folder on your desktop. Ā With me so far? Now right click on that FRST folder You should see the fixlist.txt and the FRST tool. Ā , double click or right click on the FRST tool to open it Now with seeing both (Frst and the fixlist.txt) in there click on the FIX button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Ā The below script will reboot your computer, please don't be alarmed. Ā Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) Ā start HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION FF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml CHR DefaultSearchKeyword: trovi.search CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 AllDaySavingsService64; No ImagePath S2 cyycfhtzro64 C:\Program Files\005\cyycfhtzro64.exe C:\Program Files\005 /f S1 jnuqvylm; \??\ C:\Windows\system32\drivers\jnuqvylm.sys C:\Program Files\AllDaySavings C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 C:\Program Files\Common Files\ShopperPro C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 2014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll 2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts 2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite 2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavings C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe C:\Users\castro\AppData\Local\Temp\Quarantine.exe File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION Task: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe 2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd Task: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] () Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4 AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\ProgramData\Temp:5C321E34 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service" C:\Program Files\pcmax\service.exe Reboot: end Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Ā Ā Now, open MBAM and try to update. If it will now try to scan and quarantine what it finds, post that log too. Link to comment Share on other sites More sharing options...
brownhornet Posted August 2, 2014 Author Share Posted August 2, 2014 you lost me here:Next, locate the last fixlist.txt I created.( will be listed below)Now, drag the fixlist.txt into the newly created FRST folder on your desktop. are you wanting me to copy&paste that to the folder Link to comment Share on other sites More sharing options...
Juliet Posted August 2, 2014 Share Posted August 2, 2014 Did you create the folder and locate FRST tool there? Ā Locate the FRST tool in your downloads folder, right click and select CUT now, go to the new folder you created named FRST open it, right click and select paste Did that place the FRST tool into that folder? Ā If not. Download FRST again, this time ensure it's placed on desktop. Ā Ā Ā Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) Ā Ā Ā Ā start HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION FF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml CHR DefaultSearchKeyword: trovi.search CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 AllDaySavingsService64; No ImagePath S2 cyycfhtzro64 C:\Program Files\005\cyycfhtzro64.exe C:\Program Files\005 /f S1 jnuqvylm; \??\ C:\Windows\system32\drivers\jnuqvylm.sys C:\Program Files\AllDaySavings C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 C:\Program Files\Common Files\ShopperPro C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 2014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll 2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts 2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite 2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavings C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe C:\Users\castro\AppData\Local\Temp\Quarantine.exe File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION Task: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe 2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd Task: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] () Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4 AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\ProgramData\Temp:5C321E34 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service" C:\Program Files\pcmax\service.exe Reboot: end Link to comment Share on other sites More sharing options...
brownhornet Posted August 2, 2014 Author Share Posted August 2, 2014 surely i have done something wrong: http://i326.photobucket.com/albums/k402/mercflf8/IMG_20140802_155756_313_zps5c0a84e4.jpg Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 ok i fixed the scan. when i moved FRST to the desktop i just right clicked the file and created a desktop short cut which didnt work so i did a copy&paste which worked for the scan. still cant run malewarebytes still get that same run time error. the program said the results are in the same place as the program(folder i created on desktop) so i hope its the right log file: Ā Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014Ran by castro at 2014-08-02 17:13:16 Run:1Running from C:\Users\castro\Desktop\FRSTBoot Mode: Normal==============================================Content of fixlist:*****************startHKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONFF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xmlCHR DefaultSearchKeyword: trovi.searchCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONS2 AllDaySavingsService64; No ImagePathS2 cyycfhtzro64C:\Program Files\005\cyycfhtzro64.exeC:\Program Files\005 /fS1 jnuqvylm; \??\C:\Windows\system32\drivers\jnuqvylm.sysC:\Program Files\AllDaySavingsC:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41C:\Program Files\Common Files\ShopperProC:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a412014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavingsC:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exeC:\Users\castro\AppData\Local\Temp\Quarantine.exeFile Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTIONHomepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTIONTask: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpdTask: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] ()Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker =>C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exeTask: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:07F6D9E4AlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:56E2E879AlternateDataStreams: C:\ProgramData\Temp:5C321E34HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"C:\Program Files\pcmax\service.exeReboot:end*****************HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.C:\Windows\system32\GroupPolicy\Machine => Moved successfully.C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml => Moved successfully.CHR DefaultSearchKeyword: trovi.search ==> The Chrome "Settings" can be used to fix the entry."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.AllDaySavingsService64 => Service deleted successfully.S2 cyycfhtzro64 => Error: No automatic fix found for this entry."C:\Program Files\005\cyycfhtzro64.exe" => File/Directory not found."C:\Program Files\005 /f" => File/Directory not found.jnuqvylm => Service deleted successfully."C:\Windows\system32\drivers\jnuqvylm.sys" => File/Directory not found.C:\Program Files\AllDaySavings => Moved successfully.C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Moved successfully.C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Moved successfully.C:\Program Files\Common Files\ShopperPro => Moved successfully."C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41" => File/Directory not found.C:\Windows\system32\plsapp64.dll => Moved successfully.C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts => Moved successfully.C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite => Moved successfully."C:\Program Files\AllDaySavings" => File/Directory not found.C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe => Moved successfully.C:\Users\castro\AppData\Local\Temp\Quarantine.exe => Moved successfully.File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION => Error: No automatic fix found for this entry."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8532F367-E54E-49CC-B2F2-12292B81BFEF}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8532F367-E54E-49CC-B2F2-12292B81BFEF}" => Key deleted successfully.C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92D8351A-0D3C-49E4-A57C-54423EAB82A0}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D8351A-0D3C-49E4-A57C-54423EAB82A0}" => Key deleted successfully.C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully."C:\Windows\System32\Tasks\YTDownloaderUpd" => File/Directory not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A444C6ED-1C30-42C3-82AF-3DF1EE771832}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A444C6ED-1C30-42C3-82AF-3DF1EE771832}" => Key deleted successfully.C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2A07A76-8726-4CEF-94F5-B48D78C2ED96}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2A07A76-8726-4CEF-94F5-B48D78C2ED96}" => Key deleted successfully.C:\Windows\System32\Tasks\Smp => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFF9AC1B-A917-4B8C-839C-7446348AA7DE}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFF9AC1B-A917-4B8C-839C-7446348AA7DE}" => Key deleted successfully.C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker =>" => Key not found."C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe" => File/Directory not found.C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.C:\ProgramData\Temp => ":07F6D9E4" ADS removed successfully.C:\ProgramData\Temp => ":373E1720" ADS removed successfully.C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.C:\ProgramData\Temp => ":5C321E34" ADS removed successfully."HKLM\System\CurrentControlSet\Control\SafeBoot\Network\plsapp" => Key deleted successfully."C:\Program Files\pcmax\service.exe" => File/Directory not found.The system needed a reboot.==== End of Fixlog ==== Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 Hope your seeing some improvements. Ā when i moved FRST to the desktop i just right clicked the file and created a desktop short cut which didnt work so i did a copy&paste which worked for the scan. Ā I tried to make it easier but, think in the long run I made it harder......lol Ā Ā *****************We need to do this: There is a bad entry still in Google Chrome Reset your browser settings: Click the Chrome menu Chrome menu on the browser toolbar. Select Settings. Click Show advanced settings and find the "Reset browser settingsā section. Click Reset browser settings. In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes. ~~~~~~~~~~~~~~~~~~~~~~~ Ā If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.Emergency Backup Procedure - Tech Support ForumPlease print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.How to use ComboFixDownload ComboFix from here:Link 1Link 2Link 3Place ComboFix.exe on your Desktop <--Important Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.You can get help on disabling your protection programs here Double click on ComboFix.exe & follow the prompts. You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer--------------------------------------------------------------------------------------------- Ensure your AntiVirus and AntiSpyware applications are re-enabled.Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.--------------------------------------------------------------------------------------------- If there are Internet issues after running ComboFix:Internet Explorer:Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.Firefox:Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.Chrome:Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.SafariLaunch SafariGo to general settings menuThen in Preferences/ AdvancedThen on line click Proxies change settings ...Click Internet Options, then click the Connections tab, click Network Settings.Disable option (uncheck) for the use of proxy server ... ~~~~~~~~~~~~~~~~~~` Ā Ā Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 (edited) i was just bent on getting the scan to work,also after resetting google i found that "trovi" was listed as search engine so i disabled it and set it to google. new log file: Ā ComboFix 14-08-02.02 - castro 08/02/2014 18:24:20.1.1 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1759 [GMT -7:00]Running from: c:\users\castro\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2014-07-03 to 2014-08-03 )))))))))))))))))))))))))))))))..2014-08-03 01:32 . 2014-08-03 01:32 -------- d-----w- c:\users\TEMP\AppData\Local\temp2014-08-03 01:32 . 2014-08-03 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp2014-08-03 01:14 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2360DD-FFAC-4FA5-87CE-6151061F9BF7}\mpengine.dll2014-08-03 00:16 . 2014-08-03 00:16 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-08-03 00:16 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-08-03 00:16 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-08-03 00:16 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-08-03 00:16 . 2014-08-03 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-08-02 19:25 . 2014-08-03 00:13 -------- d-----w- C:\FRST2014-08-02 11:17 . 2014-08-02 11:17 -------- d-----w- c:\program files\HitmanPro2014-08-02 11:16 . 2014-08-02 11:26 -------- d-----w- c:\programdata\HitmanPro2014-08-02 00:30 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\MSVCR100.dll2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumdx32.dll2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumd32.dll2014-08-01 06:08 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys2014-08-01 05:19 . 2014-08-01 05:19 -------- d-----w- c:\program files (x86)\ESET2014-08-01 05:12 . 2014-08-01 05:12 -------- d-----w- c:\program files\CCleaner2014-08-01 02:18 . 2014-08-01 02:18 -------- d-----w- c:\users\castro\AppData\Roaming\AVAST Software2014-08-01 02:12 . 2014-08-01 02:12 -------- d-s---w- c:\windows\SysWow64\Microsoft2014-08-01 02:11 . 2014-08-01 02:11 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-08-01 02:11 . 2014-08-01 02:11 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys2014-08-01 02:11 . 2014-08-01 02:11 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-08-01 02:11 . 2014-08-01 02:11 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-08-01 02:11 . 2014-08-01 02:11 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-08-01 02:11 . 2014-08-01 02:11 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-08-01 02:11 . 2014-08-01 02:11 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-08-01 02:11 . 2014-08-01 02:11 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-08-01 02:11 . 2014-08-01 02:11 307344 ----a-w- c:\windows\system32\aswBoot.exe2014-08-01 02:11 . 2014-08-01 02:11 43152 ----a-w- c:\windows\avastSS.scr2014-08-01 02:06 . 2014-08-01 02:06 -------- d-----w- c:\program files\AVAST Software2014-08-01 02:03 . 2014-08-01 02:06 -------- d-----w- c:\programdata\AVAST Software2014-07-31 21:43 . 2010-11-20 13:24 345088 ----a-w- c:\windows\system32\sethc.exe2014-07-30 23:44 . 2014-05-05 16:12 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD44BFC4-F4B3-4E5D-8562-4B98727A816B}\gapaengine.dll2014-07-25 02:04 . 2014-07-25 02:04 -------- d-----w- c:\program files (x86)\Common Files\Java2014-07-25 02:04 . 2014-07-25 02:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-07-25 02:03 . 2014-07-25 02:03 -------- d-----w- c:\program files (x86)\Java2014-07-25 01:48 . 2014-07-25 01:48 -------- d-----w- c:\users\castro\AppData\Local\CrashRpt2014-07-15 01:39 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2014-07-15 01:39 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2014-07-15 01:39 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2014-07-15 01:39 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2014-07-15 01:39 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2014-07-15 01:39 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll2014-07-15 01:39 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll2014-07-15 01:37 . 2014-06-19 00:31 33792 ----a-w- c:\windows\system32\iernonce.dll2014-07-15 01:36 . 2014-06-19 01:39 23464448 ----a-w- c:\windows\system32\mshtml.dll2014-07-15 01:36 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-15 01:36 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-15 01:36 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-31 01:43 . 2013-08-30 01:43 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys2014-07-22 13:27 . 2014-07-22 13:27 232896 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll2014-07-15 23:17 . 2010-10-21 02:19 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-15 02:13 . 2013-02-20 02:15 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-07-15 02:13 . 2011-05-19 16:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-05 16:12 . 2012-02-12 04:03 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"SpUninstallDeleteDir"="rmdir" [X].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 cyycfhtzro64;cyycfhtzro64;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23 [x]R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;IntelĀ® Rapid Storage Technology;c:\program files (x86)\Intel\IntelĀ® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\IntelĀ® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-07-22 01:05 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 02:13].2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55].2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-08-01 02:11 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.yahoo.com?fr=hp-avast&type=iedefmStart Page = https://www.yahoo.com?fr=hp-avast&type=iedefmSearch Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=iedefuSearchAssistant = hxxp://www.google.comTCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12FF - ProfilePath - c:\users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/searchFF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=iedefFF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Adobe Reader Free Download Packages - c:\users\castro\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exeAddRemove-Consumer Input Software - c:\program files (x86)\Consumer Input\uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-08-02 18:36:00ComboFix-quarantined-files.txt 2014-08-03 01:35.Pre-Run: 186,898,010,112 bytes freePost-Run: 186,736,156,672 bytes free.- - End Of File - - B26ECA55555AFC916E140667A8C7C8BB Edited August 3, 2014 by brownhornet Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 also in programs and features there is listed ''mindspark'' when i try to uninstall i get a pop-up saying ''the specified module could not be found'' Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem. Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working. This includes Antivirus, Firewall, and any Spyware scanners that run in the background. Ā Click on this link Here to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Ā Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop. Ā Ā File:: c:\program files\005\cyycfhtzro64.exe Folder:: c:\program files\005 Registry:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SpUninstallDeleteDir"=- Driver:: cyycfhtzro64 Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop. Ā Ā Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. Ā Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. Ā Ā CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Ā If there are internet issues afterward: Ā *In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously. Ā In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy. Ā Ā Chrome: Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`` Ā NEXT Ā Please download RogueKiller and save it to your desktop. Ā You can check here if you're not sure if your computer is 32-bit or 64-bit Download RogueKiller to your desktop. Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop. Please post these 2 logs when done. Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 Also, let's do this: Ā Download HijackThis Go Here to download HijackThis program Save HijackThis to your desktop. Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run) Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu) copy and paste hijackthis report into the topic Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 I've got to call it a night here, please post the logs when done and I'll check back first thing in the morning. Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 thanks for all that you do. new log for CF: Ā ComboFix 14-08-02.02 - castro 08/02/2014 19:47:16.2.1 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.2003 [GMT -7:00]Running from: c:\users\castro\Desktop\ComboFix.exeCommand switches used :: c:\users\castro\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.FILE ::"c:\program files\005\cyycfhtzro64.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_cyycfhtzro64..((((((((((((((((((((((((( Files Created from 2014-07-03 to 2014-08-03 )))))))))))))))))))))))))))))))..2014-08-03 02:54 . 2014-08-03 02:54 -------- d-----w- c:\users\TEMP\AppData\Local\temp2014-08-03 02:54 . 2014-08-03 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp2014-08-03 01:14 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2360DD-FFAC-4FA5-87CE-6151061F9BF7}\mpengine.dll2014-08-03 00:16 . 2014-08-03 00:16 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-08-03 00:16 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-08-03 00:16 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-08-03 00:16 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-08-03 00:16 . 2014-08-03 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-08-02 19:25 . 2014-08-03 00:13 -------- d-----w- C:\FRST2014-08-02 11:17 . 2014-08-02 11:17 -------- d-----w- c:\program files\HitmanPro2014-08-02 11:16 . 2014-08-02 11:26 -------- d-----w- c:\programdata\HitmanPro2014-08-02 00:30 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\MSVCR100.dll2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumdx32.dll2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumd32.dll2014-08-01 06:08 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys2014-08-01 05:19 . 2014-08-01 05:19 -------- d-----w- c:\program files (x86)\ESET2014-08-01 05:12 . 2014-08-01 05:12 -------- d-----w- c:\program files\CCleaner2014-08-01 02:18 . 2014-08-01 02:18 -------- d-----w- c:\users\castro\AppData\Roaming\AVAST Software2014-08-01 02:12 . 2014-08-01 02:12 -------- d-s---w- c:\windows\SysWow64\Microsoft2014-08-01 02:11 . 2014-08-01 02:11 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-08-01 02:11 . 2014-08-01 02:11 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys2014-08-01 02:11 . 2014-08-01 02:11 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-08-01 02:11 . 2014-08-01 02:11 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-08-01 02:11 . 2014-08-01 02:11 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-08-01 02:11 . 2014-08-01 02:11 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-08-01 02:11 . 2014-08-01 02:11 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-08-01 02:11 . 2014-08-01 02:11 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-08-01 02:11 . 2014-08-01 02:11 307344 ----a-w- c:\windows\system32\aswBoot.exe2014-08-01 02:11 . 2014-08-01 02:11 43152 ----a-w- c:\windows\avastSS.scr2014-08-01 02:06 . 2014-08-01 02:06 -------- d-----w- c:\program files\AVAST Software2014-08-01 02:03 . 2014-08-01 02:06 -------- d-----w- c:\programdata\AVAST Software2014-07-31 21:43 . 2010-11-20 13:24 345088 ----a-w- c:\windows\system32\sethc.exe2014-07-30 23:44 . 2014-05-05 16:12 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD44BFC4-F4B3-4E5D-8562-4B98727A816B}\gapaengine.dll2014-07-25 02:04 . 2014-07-25 02:04 -------- d-----w- c:\program files (x86)\Common Files\Java2014-07-25 02:04 . 2014-07-25 02:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-07-25 02:03 . 2014-07-25 02:03 -------- d-----w- c:\program files (x86)\Java2014-07-25 01:48 . 2014-07-25 01:48 -------- d-----w- c:\users\castro\AppData\Local\CrashRpt2014-07-15 01:39 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL2014-07-15 01:39 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll2014-07-15 01:39 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2014-07-15 01:39 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll2014-07-15 01:39 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2014-07-15 01:39 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll2014-07-15 01:39 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll2014-07-15 01:37 . 2014-06-19 00:31 33792 ----a-w- c:\windows\system32\iernonce.dll2014-07-15 01:36 . 2014-06-19 01:39 23464448 ----a-w- c:\windows\system32\mshtml.dll2014-07-15 01:36 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-07-15 01:36 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-07-15 01:36 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-31 01:43 . 2013-08-30 01:43 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys2014-07-22 13:27 . 2014-07-22 13:27 232896 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll2014-07-15 23:17 . 2010-10-21 02:19 96441528 ----a-w- c:\windows\system32\MRT.exe2014-07-15 02:13 . 2013-02-20 02:15 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-07-15 02:13 . 2011-05-19 16:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-05 16:12 . 2012-02-12 04:03 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 0 (0x0)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"HideSCAHealth"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;IntelĀ® Rapid Storage Technology;c:\program files (x86)\Intel\IntelĀ® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\IntelĀ® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-07-22 01:05 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 02:13].2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55].2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-08-01 02:11 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://www.yahoo.com?fr=hp-avast&type=iedefmStart Page = https://www.yahoo.com?fr=hp-avast&type=iedefmSearch Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=iedefuSearchAssistant = hxxp://www.google.comTCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12FF - ProfilePath - c:\users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/searchFF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=iedefFF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe.**************************************************************************.Completion time: 2014-08-02 20:02:20 - machine was rebootedComboFix-quarantined-files.txt 2014-08-03 03:02ComboFix2.txt 2014-08-03 01:36.Pre-Run: 186,890,809,344 bytes freePost-Run: 186,608,082,944 bytes free.- - End Of File - - 87B268C3BE6E609327D0943D88FE9811 Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 roguekiller log:  RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : castro [Admin rights]Mode : Scan -- Date : 08/02/2014 20:43:49¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 18 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55614484-66A7-459A-9C2A-74926B438CCB} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55614484-66A7-459A-9C2A-74926B438CCB} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{55614484-66A7-459A-9C2A-74926B438CCB} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK2565GSX +++++--- User ---[MBR] 72350029e63016e645c5f6bc64ea4304[bSP] 95d4988c9576b12fb58383ad2bb92601 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 25173855 | Size: 101 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25382700 | Size: 226080 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++--- User ---[MBR] d30d13e3ef8b23e51d609645c7e53aa2[bSP] b63e1c8c71c70ddb4f978871c276825e : Unknown MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2712 | Size: 14998 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. ) Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 HJT log: Ā Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:51:53 PM, on 8/2/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17207)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\avastui.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\castro\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedefR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=iedefR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedefR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabO16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocxO16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GoToAssist Remote Support Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exeO23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: IntelĀ® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\IntelĀ® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exeO23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 9452 bytes Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 (edited) so the malewaebyres thing was bugging me,went to their site and got it fixed, should some need it..https://forums.malwarebytes.org/index.php?/topic/152047-what-to-do-runtime-error-database-stuck-on-20140304-program-stopped/ Ā log: Ā Ā <?xml version="1.0" encoding="UTF-16"?> <mbam-log> <header><date>2014/08/03 00:53:59 -0700</date><logfile>mbam-log-2014-08-03 (00-53-57).xml</logfile><isadmin>yes</isadmin></header> <engine><version>2.00.2.1012</version><malware-database>v2014.08.03.02</malware-database><rootkit-database>v2014.08.01.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>castro</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>356348</objects> <time>1810</time><processes>0</processes><modules>0</modules><keys>7</keys><values>0</values><datas>0</datas><folders>0</folders><files>5</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKLM\SOFTWARE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}</path><vendor>PUP.Optional.MySpeeDial.A</vendor><action>success</action><hash>5317546ddf9cf93d3aac540cf40efb05</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}</path><vendor>PUP.Optional.MySpeeDial.A</vendor><action>success</action><hash>5317546ddf9cf93d3aac540cf40efb05</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}</path><vendor>PUP.Optional.Simppull.A</vendor><action>success</action><hash>ea80e8d9205b95a1c5b8441cfe0460a0</hash></key><key><path>HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{627AF46B-2076-42AE-A2FD-8428734D3E74}</path><vendor>PUP.Optional.Simppull.A</vendor><action>success</action><hash>ea80e8d9205b95a1c5b8441cfe0460a0</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}</path><vendor>PUP.Optional.Simppull.A</vendor><action>success</action><hash>165479483645280e99e55c044bb7cd33</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>3931fac73a41f44297e528a719e9c63a</hash></key><key><path>HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TranslationBuddy_5e</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>3a30744dccaf11255f5f4a967989926e</hash></key><file><path>C:\Users\castro\Downloads\Firefox_TSV4ACC95.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>de8c9928e497112540091731fb051ce4</hash></file><file><path>C:\Users\castro\Downloads\Firefox_TSV4ACC9O.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>b6b4b70a8fec48ee490097b137c9649c</hash></file><file><path>C:\Program Files\Common Files\System\SysMenu.dll</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>650518a98eed1c1a0c6f359a18eaea16</hash></file><file><path>C:\Program Files\Common Files\System\SysMenu64.dll</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>3931fac73a41f44297e528a719e9c63a</hash></file><file><path>C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage</path><vendor>PUP.Optional.NewTab.A</vendor><action>success</action><hash>32384c756a11f83ed374a887c0446f91</hash></file></items> </mbam-log> Edited August 3, 2014 by brownhornet Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 I can't read the MBAM log, let's try that again. Also, did you allow it to remove what was found? Ā Open MBAM, click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button. It should save this to notepad. At the top of that log look to the upper left corner. Edit - file- Format - View - Help Click on Format, click on Word Wrap and remove the checkmark. and post back the results on your next reply. Ā Ā How's the computer now? Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 saving the log file was a little bit different than what you explained but i figured it out,the laptop seems to be doing fine unless you see something else. yes i removed what was found per your advice several posts earlier Ā log file: Ā Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 8/3/2014Scan Time: 12:53:59 AMLogfile: log.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.08.03.02Rootkit Database: v2014.08.01.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: castroScan Type: Threat ScanResult: CompletedObjects Scanned: 356348Time Elapsed: 30 min, 10 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 7PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Quarantined, [5317546ddf9cf93d3aac540cf40efb05],PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Quarantined, [5317546ddf9cf93d3aac540cf40efb05],PUP.Optional.Simppull.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}, Quarantined, [ea80e8d9205b95a1c5b8441cfe0460a0],PUP.Optional.Simppull.A, HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{627AF46B-2076-42AE-A2FD-8428734D3E74}, Quarantined, [ea80e8d9205b95a1c5b8441cfe0460a0],PUP.Optional.Simppull.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}, Quarantined, [165479483645280e99e55c044bb7cd33],PUP.Optional.Goobzo, HKLM\SOFTWARE\CLASSES\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}, Quarantined, [3931fac73a41f44297e528a719e9c63a],PUP.Optional.MindSpark.A, HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TranslationBuddy_5e, Quarantined, [3a30744dccaf11255f5f4a967989926e],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 5PUP.Optional.Conduit.A, C:\Users\castro\Downloads\Firefox_TSV4ACC95.exe, Quarantined, [de8c9928e497112540091731fb051ce4],PUP.Optional.Conduit.A, C:\Users\castro\Downloads\Firefox_TSV4ACC9O.exe, Quarantined, [b6b4b70a8fec48ee490097b137c9649c],PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu.dll, Quarantined, [650518a98eed1c1a0c6f359a18eaea16],PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu64.dll, Quarantined, [3931fac73a41f44297e528a719e9c63a],PUP.Optional.NewTab.A, C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage, Quarantined, [32384c756a11f83ed374a887c0446f91],Physical Sectors: 0(No malicious items detected)(end) Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 (edited) Please Run TFC by OldTimer to clear temporary files: Ā Download TFC from here http://oldtimer.geekstogo.com/TFC.exe and save it to your desktop. Ā Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Ā *********************** Ā What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner. Most reliable and thorough. The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find. This scanner can take quite a bit of time to run, depending of course how full your computer is. Ā Ā Go here to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activeX control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan completes, press the LIST OF THREATS FOUND button Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply. Press the BACK button. Press Finish Edited August 3, 2014 by Juliet Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 the TFC scan came up empty/clean. Eset not so much! Ā scan log: Ā C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\appbario15ToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\hk64tbappb.dll.vir Win64/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\hktbappb.dll.vir Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\ldrtbappb.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\prxtbappb.dll.vir Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\tbappb.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir Win32/FileTypeAssistant.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\findopolisUn.exe.vir probably a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\findopolisUninstall.exe.vir Win32/BrowseFox.C potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\updatefindopolis.exe.vir a variant of Win32/BrowseFox.H potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\utilfindopolis.exe.vir a variant of Win32/BrowseFox.H potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.Bromon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.BroStats.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.BrowserAdapterS.dll.vir probably a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.IEUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.PurBrowse.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.PurBrowseG.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.Repmon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65feedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65highin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65hkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65httpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65idle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65msg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regfft.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65script.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65sknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65uabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_us_110\freeSoftToday_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_us_110\predm.exe.vir Win32/Adware.EoRezo.AS applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\AddonNP.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\FrameworkControl.exe.vir MSIL/NewPlayer.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdater.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\AddOn\ChromeAddon\manifest.json.vir JS/Superfish.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\AddOn\ChromeAddon\script.js.vir JS/Superfish.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir JS/Superfish.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir JS/Superfish.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\references\NewPlayerChecker.exe.vir MSIL/NewPlayer.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir Win32/SpeedingUpMyPC.O applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\ToggleMark.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\ToggleMarkBAApp.dll.vir a variant of Win32/BrowseFox.I potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\{af16abf4-eac1-49b4-93fc-58f6ca799135}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eauxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ebarsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ebrmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5edatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5edlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5efeedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ehighin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ehkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ehttpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eidle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5emedint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5emlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5emsg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eregfft.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eregiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5escript.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5esknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eskplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eSrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5etpinst.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5euabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\T8EXTEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir Win32/SpeedUpMyPC potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Conduit\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Conduit\CT3279414\appbario15AutoUpdateHelper.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.20.1.8_0\plugins\ConduitChromeApiPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.20.1.8_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\appbario15\nsa6931.tbapp2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\chLogic.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\CT3279414.xpi.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\ctbe.exe.vir Win32/Toolbar.Conduit.AF potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\ffLogic.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\ieLogic.exe.vir Win32/Conduit.SearchProtect.J potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\statisticsStub.exe.vir Win32/Toolbar.Conduit potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\stub.exe.vir Win32/Toolbar.Conduit.S potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hk64tbapp0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hk64tbapp2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hk64tbappb.dll.vir Win64/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hktbapp0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hktbapp2.dll.vir probably a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hktbappb.dll.vir Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\ldrtbapp0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\ldrtbappb.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbapp0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbapp1.dll.vir probably a variant of Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbapp2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbappb.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\FlvPlayer\FlvPlayerApp.exe.vir Win32/InstallCore.OY potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\ymoe59ib.default-1366879655782\Extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\VOPackage\runasu.exe.vir Win32/VOPackage.H potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\VOPackage\Uninstall.exe.vir Win32/VOPackage.J potentially unwanted applicationC:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir Win64/AdvancedSystemProtector.A potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll a variant of Win32/SBWatchman.A potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe a variant of Win32/SBWatchman.A potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\FRST\Quarantine\C\Windows\system32\plsapp64.dll.xBAD a variant of Win32/AdWare.Sendori.A applicationC:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe a variant of Win32/SBWatchman.A potentially unwanted applicationC:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe a variant of MSIL/SBWatchman.A potentially unwanted applicationC:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted applicationC:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted applicationC:\Users\castro\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll a variant of Win32/ClientConnect.A potentially unwanted applicationC:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Win32/DealPly.B potentially unwanted applicationC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Win32/DealPly.B potentially unwanted application Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 Not that bad really considering how infected it was. Most of what was found was already in quarantine folders. We'll remove those shortly. Ā Ā This script will reboot the computer. Ā Ā Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. save it to the Desktop as fixlist.txt NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow) Ā start C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe C:\temp\launcher.exe C:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx C:\Users\castro\Downloads\ccsetup416.exe C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Reboot: End Open FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply. Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 new log: Ā Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014Ran by castro at 2014-08-03 13:55:43 Run:2Running from C:\Users\castro\Desktop\FRSTBoot Mode: Normal==============================================Content of fixlist:*****************startC:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exeC:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exeC:\temp\launcher.exeC:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crxC:\Users\castro\Downloads\ccsetup416.exeC:\Windows\AppPatch\AppPatch64\SPVCLdr64.dllC:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exeC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exeReboot:End*****************C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe => Moved successfully.C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe => Moved successfully.C:\temp\launcher.exe => Moved successfully.C:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx => Moved successfully.C:\Users\castro\Downloads\ccsetup416.exe => Moved successfully.C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll => Moved successfully."C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe" => File/Directory not found.C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe => Moved successfully.The system needed a reboot.==== End of Fixlog ==== Link to comment Share on other sites More sharing options...
Juliet Posted August 3, 2014 Share Posted August 3, 2014 Looks good to me. Ā Ready to remove these tools and me give you preventive tips? Link to comment Share on other sites More sharing options...
brownhornet Posted August 3, 2014 Author Share Posted August 3, 2014 yes maam and i can pass them on to the user of this laptop Link to comment Share on other sites More sharing options...
Recommended Posts