Jump to content

cant get rid of this...(Resolved)


brownhornet
 Share

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by castro (administrator) on CASTRO-PC on 02-08-2014 12:25:22
Running from C:\Users\castro\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NewTech InfoSystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-23] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-421815810-114840823-2280959742-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-421815810-114840823-2280959742-1000.bak\...\RunOnce: [scrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-14] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=iedef
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8FD916E584ADCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=iedef
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com?fr=hp-avast&type=iedef
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-31]

Chrome:
=======
CHR HomePage: https://www.yahoo.com?fr=hp-avast&type=iedef
CHR StartupUrls: "https://www.yahoo.com?fr=hp-avast&type=iedef"
CHR DefaultSearchKeyword: trovi.search
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (avast! Online Security) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-01]
CHR Extension: (RealDownloader) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06]
CHR Extension: (Google Wallet) - C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2013-04-24] (SUPERAntiSpyware.com) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)
R2 BUNAgentSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe [610376 2014-01-23] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-04] () [File not signed]
S4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [85504 2009-06-26] (PC Pitstop LLC) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 AllDaySavingsService64; No ImagePath
S2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-31] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-28] (AVG Technologies)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-30] ()
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S1 jnuqvylm; \??\C:\Windows\system32\drivers\jnuqvylm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 12:25 - 2014-08-02 12:26 - 00019142 _____ () C:\Users\castro\Downloads\FRST.txt
2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\FRST
2014-08-02 12:22 - 2014-08-02 12:22 - 00001455 _____ () C:\Users\castro\Desktop\FRST64.exe - Shortcut.lnk
2014-08-02 12:21 - 2014-08-02 12:21 - 02094080 _____ (Farbar) C:\Users\castro\Downloads\FRST64.exe
2014-08-02 04:49 - 2014-08-02 04:49 - 00000914 _____ () C:\Users\castro\Desktop\JRT.txt
2014-08-02 04:26 - 2014-08-02 04:26 - 00010490 _____ () C:\Windows\system32\.crusader
2014-08-02 04:17 - 2014-08-02 04:17 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-02 04:16 - 2014-08-02 04:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-02 04:15 - 2014-08-02 04:16 - 11188736 _____ (SurfRight B.V.) C:\Users\castro\Downloads\HitmanPro_x64.exe
2014-08-02 04:07 - 2014-08-02 05:01 - 00001121 _____ () C:\Users\castro\Desktop\Internet Explorer (64-bit).lnk
2014-08-02 01:15 - 2014-08-02 01:16 - 111334136 _____ (Microsoft Corporation) C:\Users\castro\Downloads\msert.exe
2014-08-02 00:19 - 2014-08-02 00:19 - 00001440 _____ () C:\Users\castro\Desktop\RUNSAS.EXE - Shortcut.lnk
2014-08-01 17:48 - 2014-08-01 17:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\castro\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 17:48 - 2014-08-01 17:48 - 00001588 _____ () C:\Users\castro\Desktop\mbam-setup-2.0.2.1012.exe - Shortcut.lnk
2014-08-01 15:34 - 2014-08-01 23:37 - 00001802 _____ () C:\sc-cleaner.txt
2014-08-01 15:33 - 2014-08-01 15:33 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\castro\Downloads\sc-cleaner.exe
2014-08-01 15:33 - 2014-08-01 15:33 - 00001493 _____ () C:\Users\castro\Desktop\sc-cleaner.exe - Shortcut.lnk
2014-08-01 15:17 - 2014-08-01 15:29 - 00001420 _____ () C:\Users\castro\Desktop\TFC - Shortcut.lnk
2014-08-01 15:16 - 2014-08-01 15:16 - 00448512 _____ (OldTimer Tools) C:\Users\castro\Downloads\TFC.exe
2014-08-01 11:55 - 2014-08-02 05:24 - 00000766 _____ () C:\Users\castro\Downloads\SystemLook.txt
2014-08-01 11:54 - 2014-08-01 11:54 - 00001102 _____ () C:\Users\castro\Desktop\SystemLook_x64 - Shortcut.lnk
2014-08-01 11:53 - 2014-08-01 11:53 - 00165376 _____ () C:\Users\castro\Downloads\SystemLook_x64.exe
2014-08-01 05:31 - 2014-08-02 04:33 - 00001228 _____ () C:\Windows\PFRO.log
2014-08-01 02:45 - 2014-08-02 05:01 - 00001169 _____ () C:\Users\castro\Desktop\Mozilla Firefox.lnk
2014-08-01 02:36 - 2014-08-01 02:39 - 00000000 ____D () C:\Users\castro\Desktop\Old Firefox Data
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\MSVCR100.dll
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-08-01 01:19 - 2014-08-01 01:19 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64(1).exe
2014-07-31 23:12 - 2014-07-31 23:12 - 00000010 _____ () C:\Users\castro\AppData\Local\sponge.last.runtime.cache
2014-07-31 23:08 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-31 23:07 - 2014-08-02 04:55 - 00000672 _____ () C:\Windows\setupact.log
2014-07-31 23:07 - 2014-07-31 23:07 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64.exe
2014-07-31 23:07 - 2014-07-31 23:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 22:19 - 2014-07-31 22:19 - 02347384 _____ (ESET) C:\Users\castro\Downloads\esetsmartinstaller_enu.exe
2014-07-31 22:19 - 2014-07-31 22:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 22:12 - 2014-07-31 22:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 22:12 - 2014-07-31 22:12 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 22:09 - 2014-07-31 22:11 - 04813544 _____ (Piriform Ltd) C:\Users\castro\Downloads\ccsetup416.exe
2014-07-31 22:01 - 2014-07-31 22:01 - 00000630 _____ () C:\Users\castro\Desktop\AdwCleaner - Shortcut.lnk
2014-07-31 19:18 - 2014-07-31 19:18 - 00000000 ____D () C:\Users\castro\AppData\Roaming\AVAST Software
2014-07-31 19:12 - 2014-07-31 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-31 19:11 - 2014-08-02 04:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-31 19:11 - 2014-07-31 19:11 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-31 19:11 - 2014-07-31 19:11 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-31 19:11 - 2014-07-31 19:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-31 19:06 - 2014-07-31 19:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-31 19:03 - 2014-07-31 19:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-31 17:00 - 2014-07-31 17:00 - 00003118 _____ () C:\Windows\System32\Tasks\{DE4D3C3E-821D-4F20-9FE5-C05F77F0F9F2}
2014-07-31 16:17 - 2014-04-05 23:36 - 01016261 _____ (Thisisu) C:\Users\castro\Desktop\JRT_NEW.exe
2014-07-31 14:43 - 2010-11-20 06:24 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\sethc.exe
2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Sun
2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-24 19:04 - 2014-07-24 19:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-24 19:04 - 2014-07-24 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-24 19:04 - 2014-07-24 19:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 19:04 - 2014-07-24 19:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-24 19:03 - 2014-07-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-24 18:58 - 2014-07-31 14:34 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-07-24 18:50 - 2014-07-24 18:50 - 00004240 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41
2014-07-24 18:50 - 2014-07-24 18:50 - 00003830 _____ () C:\Windows\System32\Tasks\Smp
2014-07-24 18:50 - 2014-07-24 18:50 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-07-24 18:49 - 2014-07-24 18:49 - 00004246 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41
2014-07-24 18:48 - 2014-07-24 18:48 - 00000000 ____D () C:\Users\castro\AppData\Local\CrashRpt
2014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite
2014-07-14 18:55 - 2014-07-02 18:24 - 00039424 _____ () C:\Users\castro\Documents\flash 6-29-2014.xls
2014-07-14 18:39 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-14 18:39 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-14 18:38 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-14 18:38 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-14 18:38 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-14 18:38 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-14 18:38 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-14 18:38 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-14 18:38 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-14 18:38 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-14 18:38 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-14 18:38 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-14 18:38 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-14 18:38 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-14 18:38 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-14 18:38 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-14 18:38 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-14 18:38 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-14 18:38 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-14 18:37 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-14 18:37 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-14 18:37 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-14 18:37 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-14 18:37 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-14 18:37 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-14 18:37 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-14 18:37 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-14 18:37 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-14 18:37 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-14 18:37 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-14 18:37 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-14 18:37 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-14 18:37 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-14 18:37 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-14 18:37 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-14 18:37 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-14 18:37 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-14 18:37 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-14 18:37 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-14 18:37 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-14 18:37 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-14 18:37 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-14 18:37 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-14 18:37 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-14 18:37 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-14 18:37 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-14 18:37 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-14 18:37 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-14 18:37 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-14 18:37 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-14 18:37 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-14 18:37 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-14 18:37 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-14 18:37 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-14 18:37 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-14 18:37 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-14 18:37 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-14 18:37 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-14 18:37 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-14 18:37 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-14 18:37 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-14 18:37 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-14 18:37 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-14 18:37 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-14 18:37 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-14 18:37 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-14 18:37 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-14 18:37 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-14 18:37 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-14 18:37 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-14 18:37 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-14 18:37 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-14 18:37 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-14 18:37 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-14 18:36 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-14 18:36 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-14 18:36 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-14 18:36 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 14:15 - 2014-07-07 14:14 - 00030208 _____ () C:\Users\castro\Downloads\U S Foods

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-02 12:26 - 2014-08-02 12:25 - 00019142 _____ () C:\Users\castro\Downloads\FRST.txt
2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\FRST
2014-08-02 12:22 - 2014-08-02 12:22 - 00001455 _____ () C:\Users\castro\Desktop\FRST64.exe - Shortcut.lnk
2014-08-02 12:21 - 2014-08-02 12:21 - 02094080 _____ (Farbar) C:\Users\castro\Downloads\FRST64.exe
2014-08-02 12:13 - 2013-02-19 19:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 12:08 - 2010-10-23 21:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-02 11:14 - 2010-09-17 09:55 - 01445907 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 05:24 - 2014-08-01 11:55 - 00000766 _____ () C:\Users\castro\Downloads\SystemLook.txt
2014-08-02 05:03 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 05:03 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 05:01 - 2014-08-02 04:07 - 00001121 _____ () C:\Users\castro\Desktop\Internet Explorer (64-bit).lnk
2014-08-02 05:01 - 2014-08-01 02:45 - 00001169 _____ () C:\Users\castro\Desktop\Mozilla Firefox.lnk
2014-08-02 05:01 - 2013-05-04 19:51 - 00001151 _____ () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-02 04:56 - 2014-07-31 19:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-02 04:56 - 2014-06-09 15:51 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-421815810-114840823-2280959742-1000
2014-08-02 04:56 - 2013-09-21 16:15 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-421815810-114840823-2280959742-1000
2014-08-02 04:56 - 2013-07-20 21:35 - 00000404 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-08-02 04:56 - 2010-10-23 21:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-02 04:56 - 2010-04-07 22:05 - 00000147 _____ () C:\Windows\SysWOW64\agent.log
2014-08-02 04:55 - 2014-07-31 23:07 - 00000672 _____ () C:\Windows\setupact.log
2014-08-02 04:55 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 04:49 - 2014-08-02 04:49 - 00000914 _____ () C:\Users\castro\Desktop\JRT.txt
2014-08-02 04:33 - 2014-08-01 05:31 - 00001228 _____ () C:\Windows\PFRO.log
2014-08-02 04:32 - 2014-04-28 21:18 - 00000000 ____D () C:\AdwCleaner
2014-08-02 04:32 - 2013-03-06 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-02 04:26 - 2014-08-02 04:26 - 00010490 _____ () C:\Windows\system32\.crusader
2014-08-02 04:26 - 2014-08-02 04:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-02 04:17 - 2014-08-02 04:17 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-02 04:17 - 2014-08-02 04:17 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-02 04:16 - 2014-08-02 04:15 - 11188736 _____ (SurfRight B.V.) C:\Users\castro\Downloads\HitmanPro_x64.exe
2014-08-02 01:16 - 2014-08-02 01:15 - 111334136 _____ (Microsoft Corporation) C:\Users\castro\Downloads\msert.exe
2014-08-02 00:20 - 2011-12-04 19:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-02 00:19 - 2014-08-02 00:19 - 00001440 _____ () C:\Users\castro\Desktop\RUNSAS.EXE - Shortcut.lnk
2014-08-01 23:37 - 2014-08-01 15:34 - 00001802 _____ () C:\sc-cleaner.txt
2014-08-01 17:48 - 2014-08-01 17:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\castro\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 17:48 - 2014-08-01 17:48 - 00001588 _____ () C:\Users\castro\Desktop\mbam-setup-2.0.2.1012.exe - Shortcut.lnk
2014-08-01 15:33 - 2014-08-01 15:33 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\castro\Downloads\sc-cleaner.exe
2014-08-01 15:33 - 2014-08-01 15:33 - 00001493 _____ () C:\Users\castro\Desktop\sc-cleaner.exe - Shortcut.lnk
2014-08-01 15:29 - 2014-08-01 15:17 - 00001420 _____ () C:\Users\castro\Desktop\TFC - Shortcut.lnk
2014-08-01 15:16 - 2014-08-01 15:16 - 00448512 _____ (OldTimer Tools) C:\Users\castro\Downloads\TFC.exe
2014-08-01 11:54 - 2014-08-01 11:54 - 00001102 _____ () C:\Users\castro\Desktop\SystemLook_x64 - Shortcut.lnk
2014-08-01 11:53 - 2014-08-01 11:53 - 00165376 _____ () C:\Users\castro\Downloads\SystemLook_x64.exe
2014-08-01 02:45 - 2014-06-25 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 02:45 - 2011-03-21 16:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 02:39 - 2014-08-01 02:36 - 00000000 ____D () C:\Users\castro\Desktop\Old Firefox Data
2014-08-01 01:27 - 2013-04-25 02:02 - 00825745 _____ () C:\Users\castro\AppData\Local\census.cache
2014-08-01 01:27 - 2013-04-25 02:02 - 00107696 _____ () C:\Users\castro\AppData\Local\ars.cache
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\MSVCR100.dll
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-08-01 01:19 - 2014-08-01 01:19 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64(1).exe
2014-07-31 23:12 - 2014-07-31 23:12 - 00000010 _____ () C:\Users\castro\AppData\Local\sponge.last.runtime.cache
2014-07-31 23:07 - 2014-07-31 23:07 - 02473936 _____ (Trend Micro Inc.) C:\Users\castro\Downloads\HousecallLauncher64.exe
2014-07-31 23:07 - 2014-07-31 23:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 22:19 - 2014-07-31 22:19 - 02347384 _____ (ESET) C:\Users\castro\Downloads\esetsmartinstaller_enu.exe
2014-07-31 22:19 - 2014-07-31 22:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 22:16 - 2013-01-06 12:48 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Media Player Classic
2014-07-31 22:16 - 2010-04-07 22:21 - 00000000 ____D () C:\Windows\Panther
2014-07-31 22:12 - 2014-07-31 22:12 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-31 22:12 - 2014-07-31 22:12 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-31 22:12 - 2014-07-31 22:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-31 22:11 - 2014-07-31 22:09 - 04813544 _____ (Piriform Ltd) C:\Users\castro\Downloads\ccsetup416.exe
2014-07-31 22:01 - 2014-07-31 22:01 - 00000630 _____ () C:\Users\castro\Desktop\AdwCleaner - Shortcut.lnk
2014-07-31 19:50 - 2014-06-24 10:48 - 00000000 ____D () C:\temp
2014-07-31 19:19 - 2014-06-19 11:14 - 00000000 ____D () C:\Program Files\pcmax
2014-07-31 19:18 - 2014-07-31 19:18 - 00000000 ____D () C:\Users\castro\AppData\Roaming\AVAST Software
2014-07-31 19:12 - 2014-07-31 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-31 19:11 - 2014-07-31 19:11 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-31 19:11 - 2014-07-31 19:11 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-31 19:11 - 2014-07-31 19:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-31 19:11 - 2014-07-31 19:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-31 19:06 - 2014-07-31 19:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-31 19:06 - 2014-07-31 19:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-31 18:40 - 2011-12-04 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2014-07-31 18:28 - 2014-07-24 18:42 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-31 17:11 - 2011-12-04 19:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-31 17:11 - 2010-09-19 04:56 - 00000000 ____D () C:\ProgramData\Temp
2014-07-31 17:00 - 2014-07-31 17:00 - 00003118 _____ () C:\Windows\System32\Tasks\{DE4D3C3E-821D-4F20-9FE5-C05F77F0F9F2}
2014-07-31 16:58 - 2014-06-19 14:00 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-31 16:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2014-07-31 16:07 - 2009-07-13 22:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 14:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-07-31 12:53 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-07-30 18:43 - 2013-08-29 18:43 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Sun
2014-07-24 19:04 - 2014-07-24 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-24 19:03 - 2014-07-24 19:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-24 19:03 - 2014-07-24 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-24 19:03 - 2014-07-24 19:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 19:03 - 2014-07-24 19:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-24 19:03 - 2014-07-24 19:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-07-24 18:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-24 18:50 - 2014-07-24 18:50 - 00004240 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41
2014-07-24 18:50 - 2014-07-24 18:50 - 00003830 _____ () C:\Windows\System32\Tasks\Smp
2014-07-24 18:50 - 2014-07-24 18:50 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-07-24 18:49 - 2014-07-24 18:49 - 00004246 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41
2014-07-24 18:48 - 2014-07-24 18:48 - 00000000 ____D () C:\Users\castro\AppData\Local\CrashRpt
2014-07-24 18:35 - 2013-03-16 15:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 18:35 - 2013-03-16 15:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 18:34 - 2013-03-16 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 18:31 - 2011-09-13 19:02 - 00000000 ____D () C:\Users\castro\Desktop\Very important
2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite
2014-07-15 17:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-15 16:40 - 2009-07-13 21:45 - 00426840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 16:38 - 2014-05-21 11:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 16:38 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-15 16:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-15 16:38 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-15 16:21 - 2013-07-30 12:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-15 16:17 - 2010-10-20 19:19 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-15 16:17 - 2010-04-07 21:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-14 19:13 - 2013-02-19 19:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-14 19:13 - 2011-05-19 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 14:15 - 2010-09-21 07:31 - 00001756 _____ () C:\Users\castro\AppData\Roaming\wklnhst.dat
2014-07-07 14:14 - 2014-07-07 14:15 - 00030208 _____ () C:\Users\castro\Downloads\U S Foods

Files to move or delete:
====================
C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe


Some content of TEMP:
====================
C:\Users\castro\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 18:09

==================== End Of Log ============================

Link to comment
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by castro at 2014-08-02 12:26:53
Running from C:\Users\castro\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.2.0 - liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0323.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader Free Download Packages (HKCU\...\Adobe Reader Free Download Packages) (Version: - ) <==== ATTENTION
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.3 - Auslogics Software Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: version 2.2 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Community Smartbar (HKLM-x32\...\{D2A1B531-98BD-49FD-B7C0-5945C7471C26}) (Version: 1.6.1.761 - Linkury Inc.) <==== ATTENTION
Community Smartbar Engine (HKCU\...\{129e82ed-f78c-457f-9c72-426ed179a6d4}) (Version: 1.6.1.761 - Linkury Inc.) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer Input Software (remove only) (HKCU\...\Consumer Input Software) (Version: 2.7.1.7915 - Compete Inc.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2529.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
Free FLV Converter V 7.5.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.5.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Customer 1.6.0.498 (HKLM-x32\...\GoToAssist Express Customer) (Version: 1.6.0.498 - Citrix Online)
GoToAssist Expert 1.6.0.498 (HKCU\...\GoToAssist Remote Support Expert) (Version: 1.6.0.498 - Citrix Online)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Hot Air Balloons ScreenSaver (HKLM-x32\...\{C982B990-407A-4CF6-9D98-D0ED261F9206}) (Version: 1.0.0.0 - W3i, LLC)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )
InstallAssist (HKLM-x32\...\{5C565EA7-370B-4CEE-8385-3516DEE5A758}_is1) (Version: 1.0.0 - Shop To Win, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.503 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.503 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6322 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.2.6322 - NewTech Infosystems) Hidden
PC Pitstop Driver Alert2 2.0.0.0 (HKLM-x32\...\PC Pitstop Driver Alert2_is1) (Version: 2.0.0.0 - PC Pitstop LLC)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6074 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RocketPDF (HKLM-x32\...\RocketPDF) (Version: - )
Search module (HKLM-x32\...\Search module) (Version: - )
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
TranslationBuddy Toolbar (HKLM-x32\...\TranslationBuddy_5ebar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-421815810-114840823-2280959742-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\castro\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AC26FA7-614D-4A92-9142-3BD2FFA79E7A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-421815810-114840823-2280959742-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {3A7E9B24-3E91-415A-8137-417849355DE5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-31] (AVAST Software)
Task: {42474ACE-5D7A-411E-808C-CC711C4B4922} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0
Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
Task: {9CB212CD-1AFB-4C05-82E8-C5675B5B86E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23] (Google Inc.)
Task: {9DEB0FCA-CAC4-4A04-8692-4007A5DB9A2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-23] (Google Inc.)
Task: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
Task: {C4A048BA-8CBE-463D-90F1-A815D7C3D15B} - System32\Tasks\{24C406C9-65B6-4D41-92EE-2D7A032B8BFD} => C:\Users\castro\AppData\Local\Citrix\GoToAssist Express Expert\403\g2ax_start.exe
Task: {EA429B10-9CFC-4297-8AD0-9FEE0EF7427D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] ()
Task: {F318B0AB-39F6-4CAD-9CA7-891B71BABFD4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {F58BB494-EC5C-45D4-90BE-7119DF0579E0} - System32\Tasks\{F1855822-B92A-4652-A4A2-4D1722A15BEA} => C:\Users\castro\AppData\Local\Citrix\GoToAssist Express Expert\403\g2ax_start.exe
Task: {FCD262BA-6F16-4881-8C2B-3C6C99F83321} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-421815810-114840823-2280959742-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {FFDA30E2-22BE-477E-90D8-2CC8702CE9D1} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-04-04 03:03 - 2008-04-04 03:03 - 00131072 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-31 19:11 - 2014-07-31 19:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-02 04:20 - 2014-08-02 04:20 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080201\algo.dll
2014-08-02 12:25 - 2014-08-02 12:25 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080202\algo.dll
2014-07-31 19:11 - 2014-07-31 19:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-02-28 22:44 - 2008-02-28 22:44 - 01024000 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2008-02-28 22:44 - 2008-02-28 22:44 - 00098304 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2008-02-28 22:44 - 2008-02-28 22:44 - 00061440 _____ () C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\MSVCR100.dll
2010-04-07 21:34 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-08-01 02:44 - 2014-07-16 22:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-08-01 01:23 - 2014-08-01 01:23 - 00000000 _____ () C:\Windows\system32\igdumd32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\dvtqtodq.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^castro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk => C:\Windows\pss\fliptoast.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AnyProtect Tray =>
MSCONFIG\startupreg: BkupTray => "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: GoToAssist Express Expert => "C:\Users\castro\AppData\Local\Citrix\GoToAssist Express Expert\330\g2ax_start.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM =>
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: pcreg => C:\Program Files\pcmax\service.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PureLeads Tray =>
MSCONFIG\startupreg: SDTray =>
MSCONFIG\startupreg: SearchEngineProtection =>
MSCONFIG\startupreg: SelectRebates =>
MSCONFIG\startupreg: Spybot-S&D Cleaning =>
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 00:21:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/02/2014 05:57:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2014 05:57:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2014 05:56:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/02/2014 04:54:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: psdprotect.dll, version: 3.1.206.0, time stamp: 0x4b66421d
Exception code: 0x40000015
Fault offset: 0x0000b1c3
Faulting process id: 0x30c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (08/02/2014 04:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: psdprotect.dll, version: 3.1.206.0, time stamp: 0x4b66421d
Exception code: 0x40000015
Fault offset: 0x0000b1c3
Faulting process id: 0x438
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (08/02/2014 00:21:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Connect Now - Config Registrar service terminated with service-specific error %%-2147024662.

Error: (08/02/2014 04:57:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147467259

Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147467259

Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147467259

Error: (08/02/2014 04:56:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147467259

Error: (08/02/2014 04:56:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147467259

Error: (08/02/2014 04:56:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147467259

Error: (08/02/2014 04:56:10 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147467259

Error: (08/02/2014 04:56:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cyycfhtzro64 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 3001.98 MB
Available physical RAM: 1668.91 MB
Total Pagefile: 6002.14 MB
Available Pagefile: 4490.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.78 GB) (Free:174.24 GB) NTFS
Drive e: () (Removable) (Total:14.63 GB) (Free:13.82 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: BE81B8DD)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: EB302EC7)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================

Link to comment
Share on other sites

wowssa, ton of stuff in here.

 

 

You have 2 antivirus running, dwindle this down to just 1.

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

 

Go to add remove programs and look for, remove/uninstall if you can.

**Trusted Software Assistant_is1

**Homepage by Mindspark Interactive Network, Inc

*************************

 

 

Bring up MSCONFIG and check for these items listed, uncheck if found, then reboot.

MSCONFIG\startupreg: pcreg => C:\Program Files\pcmax\service.exe

MSCONFIG\startupreg: PureLeads Tray

MSCONFIG\startupreg: SearchEngineProtection

MSCONFIG\startupreg: SelectRebates

 

 

********************

Running from C:\Users\castro\Downloads

I need if possible to have FRST located on desktop.

 

Find an open space on your desktop

Right click and scroll down to NEW, click on this.

to the side you will see new listings and then you'll see folder, click on that

An empty folder will create and wait for you to name it, hit the back space bar on your computer and this will now be blank

Type in FRST and then hit the Enter button on your computer.

 

Now, locate the FRST tool icon, take your mouse and drag it into the FRST folder thats just been created.

 

Next, locate the last fixlist.txt I created.( will be listed below)

Now, drag the fixlist.txt into the newly created FRST folder on your desktop.

 

With me so far?

Now right click on that FRST folder

You should see the fixlist.txt and the FRST tool.

 

, double click or right click on the FRST tool to open it

Now with seeing both (Frst and the fixlist.txt) in there click on the FIX button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

The below script will reboot your computer, please don't be alarmed.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

FF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml

CHR DefaultSearchKeyword: trovi.search

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S2 AllDaySavingsService64; No ImagePath

S2 cyycfhtzro64

C:\Program Files\005\cyycfhtzro64.exe

C:\Program Files\005 /f

S1 jnuqvylm; \??\

C:\Windows\system32\drivers\jnuqvylm.sys

C:\Program Files\AllDaySavings

C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41

C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41

C:\Program Files\Common Files\ShopperPro

C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41

2014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll

2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts

2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite

2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavings

C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe

C:\Users\castro\AppData\Local\Temp\Quarantine.exe

File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION

Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION

Task: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0

Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe

2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd

Task: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0

Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] ()

Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker =>

C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe

Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

C:\Program Files\pcmax\service.exe

Reboot:

end

Open FRST/FRST64 and press the Fix

FRSTconsole-2.jpg

button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Now, open MBAM and try to update.

If it will now try to scan and quarantine what it finds, post that log too.

Link to comment
Share on other sites

Did you create the folder and locate FRST tool there?

 

Locate the FRST tool in your downloads folder, right click and select CUT

now, go to the new folder you created named FRST open it, right click and select paste

Did that place the FRST tool into that folder?

 

If not.

Download FRST again, this time ensure it's placed on desktop.

 

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

 

 

 

start

HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

FF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml

CHR DefaultSearchKeyword: trovi.search

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S2 AllDaySavingsService64; No ImagePath

S2 cyycfhtzro64

C:\Program Files\005\cyycfhtzro64.exe

C:\Program Files\005 /f

S1 jnuqvylm; \??\

C:\Windows\system32\drivers\jnuqvylm.sys

C:\Program Files\AllDaySavings

C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41

C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41

C:\Program Files\Common Files\ShopperPro

C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41

2014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll

2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts

2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite

2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavings

C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe

C:\Users\castro\AppData\Local\Temp\Quarantine.exe

File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION

Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION

Task: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0

Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe

2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd

Task: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0

Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] ()

Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker =>

C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe

Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

C:\Program Files\pcmax\service.exe

Reboot:

end

Link to comment
Share on other sites

ok i fixed the scan. when i moved FRST to the desktop i just right clicked the file and created a desktop short cut which didnt work so i did a copy&paste which worked for the scan. still cant run malewarebytes still get that same run time error. the program said the results are in the same place as the program(folder i created on desktop) so i hope its the right log file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by castro at 2014-08-02 17:13:16 Run:1
Running from C:\Users\castro\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF SearchPlugin: C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml
CHR DefaultSearchKeyword: trovi.search
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 AllDaySavingsService64; No ImagePath
S2 cyycfhtzro64
C:\Program Files\005\cyycfhtzro64.exe
C:\Program Files\005 /f
S1 jnuqvylm; \??\
C:\Windows\system32\drivers\jnuqvylm.sys
C:\Program Files\AllDaySavings
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41
C:\Program Files\Common Files\ShopperPro
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41
2014-07-24 18:43 - 2014-06-27 11:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-07-24 18:42 - 2014-07-31 18:28 - 00000000 ____D () C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-17 08:05 - 2014-07-17 08:05 - 00002048 _____ () C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite
2014-07-31 14:34 - 2014-07-24 18:58 - 00000000 ____D () C:\Program Files\AllDaySavings
C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe
C:\Users\castro\AppData\Local\Temp\Quarantine.exe
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION
Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Task: {8532F367-E54E-49CC-B2F2-12292B81BFEF} - System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0
Task: {92D8351A-0D3C-49E4-A57C-54423EAB82A0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
2014-07-24 18:51 - 2014-07-24 18:51 - 00003576 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
Task: {A444C6ED-1C30-42C3-82AF-3DF1EE771832} - System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
Task: {F2A07A76-8726-4CEF-94F5-B48D78C2ED96} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-07-09] ()
Task: {FFF9AC1B-A917-4B8C-839C-7446348AA7DE} - System32\Tasks\FreeFileViewerUpdateChecker =>
C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
C:\Program Files\pcmax\service.exe
Reboot:
end
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\searchplugins\yahoo-avast.xml => Moved successfully.
CHR DefaultSearchKeyword: trovi.search ==> The Chrome "Settings" can be used to fix the entry.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
AllDaySavingsService64 => Service deleted successfully.
S2 cyycfhtzro64 => Error: No automatic fix found for this entry.
"C:\Program Files\005\cyycfhtzro64.exe" => File/Directory not found.
"C:\Program Files\005 /f" => File/Directory not found.
jnuqvylm => Service deleted successfully.
"C:\Windows\system32\drivers\jnuqvylm.sys" => File/Directory not found.
C:\Program Files\AllDaySavings => Moved successfully.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Moved successfully.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 => Moved successfully.
C:\Program Files\Common Files\ShopperPro => Moved successfully.
"C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41" => File/Directory not found.
C:\Windows\system32\plsapp64.dll => Moved successfully.
C:\Users\castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts => Moved successfully.
C:\Users\castro\AppData\Local\BlockAndSurfdb.sqlite => Moved successfully.
"C:\Program Files\AllDaySavings" => File/Directory not found.
C:\Users\castro\g2ax_expert_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\castro\AppData\Local\Temp\Quarantine.exe => Moved successfully.
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2013.4.8.0 - ) <==== ATTENTION => Error: No automatic fix found for this entry.
Homepage by Mindspark Interactive Network, Inc. (HKLM-x32\...\MindsparkHomePage Product Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8532F367-E54E-49CC-B2F2-12292B81BFEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8532F367-E54E-49CC-B2F2-12292B81BFEF}" => Key deleted successfully.
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92D8351A-0D3C-49E4-A57C-54423EAB82A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D8351A-0D3C-49E4-A57C-54423EAB82A0}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
"C:\Windows\System32\Tasks\YTDownloaderUpd" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A444C6ED-1C30-42C3-82AF-3DF1EE771832}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A444C6ED-1C30-42C3-82AF-3DF1EE771832}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333535393830333239322d3737555a416c503257344a41" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2A07A76-8726-4CEF-94F5-B48D78C2ED96}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2A07A76-8726-4CEF-94F5-B48D78C2ED96}" => Key deleted successfully.
C:\Windows\System32\Tasks\Smp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFF9AC1B-A917-4B8C-839C-7446348AA7DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFF9AC1B-A917-4B8C-839C-7446348AA7DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker =>" => Key not found.
"C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe" => File/Directory not found.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.
C:\ProgramData\Temp => ":07F6D9E4" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\plsapp" => Key deleted successfully.
"C:\Program Files\pcmax\service.exe" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====

Link to comment
Share on other sites

Hope your seeing some improvements.

 

when i moved FRST to the desktop i just right clicked the file and created a desktop short cut which didnt work so i did a copy&paste which worked for the scan.

 

I tried to make it easier but, think in the long run I made it harder......lol

 

 

*****************
We need to do this: There is a bad entry still in Google Chrome

Reset your browser settings:

Click the Chrome menu Chrome menu on the browser toolbar.
Select Settings.
Click Show advanced settings and find the "Reset browser settings” section.
Click Reset browser settings.
In the dialog that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" checkbox is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyze trends and work to prevent future unwanted settings changes.

~~~~~~~~~~~~~~~~~~~~~~~

 

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
    ---------------------------------------------------------------------------------------------
  • If there are Internet issues after running ComboFix:
    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
    Safari
    Launch Safari
    Go to general settings menu
    Then in Preferences/ Advanced
    Then on line click Proxies change settings ...
    Click Internet Options, then click the Connections tab, click Network Settings.
    Disable option (uncheck) for the use of proxy server ...

~~~~~~~~~~~~~~~~~~`

 

 

Link to comment
Share on other sites

i was just bent on getting the scan to work,also after resetting google i found that "trovi" was listed as search engine so i disabled it and set it to google. new log file:

 

ComboFix 14-08-02.02 - castro 08/02/2014 18:24:20.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1759 [GMT -7:00]
Running from: c:\users\castro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-07-03 to 2014-08-03 )))))))))))))))))))))))))))))))
.
.
2014-08-03 01:32 . 2014-08-03 01:32 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-08-03 01:32 . 2014-08-03 01:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-03 01:14 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2360DD-FFAC-4FA5-87CE-6151061F9BF7}\mpengine.dll
2014-08-03 00:16 . 2014-08-03 00:16 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-03 00:16 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-03 00:16 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-03 00:16 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-03 00:16 . 2014-08-03 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-02 19:25 . 2014-08-03 00:13 -------- d-----w- C:\FRST
2014-08-02 11:17 . 2014-08-02 11:17 -------- d-----w- c:\program files\HitmanPro
2014-08-02 11:16 . 2014-08-02 11:26 -------- d-----w- c:\programdata\HitmanPro
2014-08-02 00:30 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\MSVCR100.dll
2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumdx32.dll
2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumd32.dll
2014-08-01 06:08 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-08-01 05:19 . 2014-08-01 05:19 -------- d-----w- c:\program files (x86)\ESET
2014-08-01 05:12 . 2014-08-01 05:12 -------- d-----w- c:\program files\CCleaner
2014-08-01 02:18 . 2014-08-01 02:18 -------- d-----w- c:\users\castro\AppData\Roaming\AVAST Software
2014-08-01 02:12 . 2014-08-01 02:12 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-08-01 02:11 . 2014-08-01 02:11 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-01 02:11 . 2014-08-01 02:11 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-01 02:11 . 2014-08-01 02:11 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-01 02:11 . 2014-08-01 02:11 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-01 02:11 . 2014-08-01 02:11 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-01 02:11 . 2014-08-01 02:11 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-01 02:11 . 2014-08-01 02:11 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-01 02:11 . 2014-08-01 02:11 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-01 02:11 . 2014-08-01 02:11 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-01 02:11 . 2014-08-01 02:11 43152 ----a-w- c:\windows\avastSS.scr
2014-08-01 02:06 . 2014-08-01 02:06 -------- d-----w- c:\program files\AVAST Software
2014-08-01 02:03 . 2014-08-01 02:06 -------- d-----w- c:\programdata\AVAST Software
2014-07-31 21:43 . 2010-11-20 13:24 345088 ----a-w- c:\windows\system32\sethc.exe
2014-07-30 23:44 . 2014-05-05 16:12 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD44BFC4-F4B3-4E5D-8562-4B98727A816B}\gapaengine.dll
2014-07-25 02:04 . 2014-07-25 02:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-25 02:04 . 2014-07-25 02:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 02:03 . 2014-07-25 02:03 -------- d-----w- c:\program files (x86)\Java
2014-07-25 01:48 . 2014-07-25 01:48 -------- d-----w- c:\users\castro\AppData\Local\CrashRpt
2014-07-15 01:39 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-15 01:39 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-15 01:39 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-15 01:39 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-15 01:39 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-15 01:39 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-15 01:39 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-15 01:37 . 2014-06-19 00:31 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-07-15 01:36 . 2014-06-19 01:39 23464448 ----a-w- c:\windows\system32\mshtml.dll
2014-07-15 01:36 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-15 01:36 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-15 01:36 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-31 01:43 . 2013-08-30 01:43 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-07-22 13:27 . 2014-07-22 13:27 232896 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-07-15 23:17 . 2010-10-21 02:19 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-15 02:13 . 2013-02-20 02:15 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-15 02:13 . 2011-05-19 16:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-05 16:12 . 2012-02-12 04:03 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cyycfhtzro64;cyycfhtzro64;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=B021CBBD-E38E-4F8C-8E93-6624B0597A23 [x]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 01:05 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 02:13]
.
2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55]
.
2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-01 02:11 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.yahoo.com?fr=hp-avast&type=iedef
mStart Page = https://www.yahoo.com?fr=hp-avast&type=iedef
mSearch Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=iedef
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=iedef
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Reader Free Download Packages - c:\users\castro\AppData\Roaming\1O1L1I1PtF1F1C1N\Adobe Reader Free Download Packages\uninstaller.exe
AddRemove-Consumer Input Software - c:\program files (x86)\Consumer Input\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-02 18:36:00
ComboFix-quarantined-files.txt 2014-08-03 01:35
.
Pre-Run: 186,898,010,112 bytes free
Post-Run: 186,736,156,672 bytes free
.
- - End Of File - - B26ECA55555AFC916E140667A8C7C8BB

Edited by brownhornet
Link to comment
Share on other sites

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

 

File::

c:\program files\005\cyycfhtzro64.exe

Folder::

c:\program files\005

Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SpUninstallDeleteDir"=-

Driver::

cyycfhtzro64

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

CFScriptB-4.gif

 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

Chrome:

Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

 

NEXT

 

Please download RogueKiller and save it to your desktop.

 

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Download RogueKiller to your desktop.
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Please post these 2 logs when done.
Link to comment
Share on other sites

Also, let's do this:

 

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
Link to comment
Share on other sites

thanks for all that you do. new log for CF:

 

ComboFix 14-08-02.02 - castro 08/02/2014 19:47:16.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.2003 [GMT -7:00]
Running from: c:\users\castro\Desktop\ComboFix.exe
Command switches used :: c:\users\castro\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files\005\cyycfhtzro64.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cyycfhtzro64
.
.
((((((((((((((((((((((((( Files Created from 2014-07-03 to 2014-08-03 )))))))))))))))))))))))))))))))
.
.
2014-08-03 02:54 . 2014-08-03 02:54 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-08-03 02:54 . 2014-08-03 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-03 01:14 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2360DD-FFAC-4FA5-87CE-6151061F9BF7}\mpengine.dll
2014-08-03 00:16 . 2014-08-03 00:16 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-03 00:16 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-03 00:16 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-03 00:16 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-03 00:16 . 2014-08-03 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-02 19:25 . 2014-08-03 00:13 -------- d-----w- C:\FRST
2014-08-02 11:17 . 2014-08-02 11:17 -------- d-----w- c:\program files\HitmanPro
2014-08-02 11:16 . 2014-08-02 11:26 -------- d-----w- c:\programdata\HitmanPro
2014-08-02 00:30 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\MSVCR100.dll
2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumdx32.dll
2014-08-01 08:23 . 2014-08-01 08:23 0 ----a-w- c:\windows\system32\igdumd32.dll
2014-08-01 06:08 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-08-01 05:19 . 2014-08-01 05:19 -------- d-----w- c:\program files (x86)\ESET
2014-08-01 05:12 . 2014-08-01 05:12 -------- d-----w- c:\program files\CCleaner
2014-08-01 02:18 . 2014-08-01 02:18 -------- d-----w- c:\users\castro\AppData\Roaming\AVAST Software
2014-08-01 02:12 . 2014-08-01 02:12 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-08-01 02:11 . 2014-08-01 02:11 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-01 02:11 . 2014-08-01 02:11 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-01 02:11 . 2014-08-01 02:11 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-01 02:11 . 2014-08-01 02:11 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-01 02:11 . 2014-08-01 02:11 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-01 02:11 . 2014-08-01 02:11 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-01 02:11 . 2014-08-01 02:11 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-01 02:11 . 2014-08-01 02:11 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-01 02:11 . 2014-08-01 02:11 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-01 02:11 . 2014-08-01 02:11 43152 ----a-w- c:\windows\avastSS.scr
2014-08-01 02:06 . 2014-08-01 02:06 -------- d-----w- c:\program files\AVAST Software
2014-08-01 02:03 . 2014-08-01 02:06 -------- d-----w- c:\programdata\AVAST Software
2014-07-31 21:43 . 2010-11-20 13:24 345088 ----a-w- c:\windows\system32\sethc.exe
2014-07-30 23:44 . 2014-05-05 16:12 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD44BFC4-F4B3-4E5D-8562-4B98727A816B}\gapaengine.dll
2014-07-25 02:04 . 2014-07-25 02:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-25 02:04 . 2014-07-25 02:03 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-25 02:03 . 2014-07-25 02:03 -------- d-----w- c:\program files (x86)\Java
2014-07-25 01:48 . 2014-07-25 01:48 -------- d-----w- c:\users\castro\AppData\Local\CrashRpt
2014-07-15 01:39 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-15 01:39 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-15 01:39 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-15 01:39 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-15 01:39 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-15 01:39 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-15 01:39 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-15 01:37 . 2014-06-19 00:31 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-07-15 01:36 . 2014-06-19 01:39 23464448 ----a-w- c:\windows\system32\mshtml.dll
2014-07-15 01:36 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-15 01:36 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-15 01:36 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-31 01:43 . 2013-08-30 01:43 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-07-22 13:27 . 2014-07-22 13:27 232896 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-07-15 23:17 . 2010-10-21 02:19 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-15 02:13 . 2013-02-20 02:15 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-15 02:13 . 2011-05-19 16:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-05 16:12 . 2012-02-12 04:03 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe Start=service [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 01:05 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 02:13]
.
2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55]
.
2014-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-24 04:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-01 02:11 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.yahoo.com?fr=hp-avast&type=iedef
mStart Page = https://www.yahoo.com?fr=hp-avast&type=iedef
mSearch Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://www.yahoo.com?fr=hp-avast&type=iedef
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\i4al6zia.default-1406885986077\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com?fr=hp-avast&type=iedef
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2014-08-02 20:02:20 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-03 03:02
ComboFix2.txt 2014-08-03 01:36
.
Pre-Run: 186,890,809,344 bytes free
Post-Run: 186,608,082,944 bytes free
.
- - End Of File - - 87B268C3BE6E609327D0943D88FE9811

Link to comment
Share on other sites

roguekiller log:

 

RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : castro [Admin rights]
Mode : Scan -- Date : 08/02/2014 20:43:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55614484-66A7-459A-9C2A-74926B438CCB} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55614484-66A7-459A-9C2A-74926B438CCB} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{55614484-66A7-459A-9C2A-74926B438CCB} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2565GSX +++++
--- User ---
[MBR] 72350029e63016e645c5f6bc64ea4304
[bSP] 95d4988c9576b12fb58383ad2bb92601 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 25173855 | Size: 101 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25382700 | Size: 226080 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] d30d13e3ef8b23e51d609645c7e53aa2
[bSP] b63e1c8c71c70ddb4f978871c276825e : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2712 | Size: 14998 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Link to comment
Share on other sites

HJT log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:53 PM, on 8/2/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\castro\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedef
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=iedef
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=iedef&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=iedef
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist Remote Support Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\594\g2ax_service.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9452 bytes

Link to comment
Share on other sites

so the malewaebyres thing was bugging me,went to their site and got it fixed, should some need it..https://forums.malwarebytes.org/index.php?/topic/152047-what-to-do-runtime-error-database-stuck-on-20140304-program-stopped/

 

log:

 

 

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2014/08/03 00:53:59 -0700</date><logfile>mbam-log-2014-08-03 (00-53-57).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.00.2.1012</version><malware-database>v2014.08.03.02</malware-database><rootkit-database>v2014.08.01.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>castro</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>356348</objects> <time>1810</time><processes>0</processes><modules>0</modules><keys>7</keys><values>0</values><datas>0</datas><folders>0</folders><files>5</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKLM\SOFTWARE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}</path><vendor>PUP.Optional.MySpeeDial.A</vendor><action>success</action><hash>5317546ddf9cf93d3aac540cf40efb05</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}</path><vendor>PUP.Optional.MySpeeDial.A</vendor><action>success</action><hash>5317546ddf9cf93d3aac540cf40efb05</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}</path><vendor>PUP.Optional.Simppull.A</vendor><action>success</action><hash>ea80e8d9205b95a1c5b8441cfe0460a0</hash></key><key><path>HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{627AF46B-2076-42AE-A2FD-8428734D3E74}</path><vendor>PUP.Optional.Simppull.A</vendor><action>success</action><hash>ea80e8d9205b95a1c5b8441cfe0460a0</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}</path><vendor>PUP.Optional.Simppull.A</vendor><action>success</action><hash>165479483645280e99e55c044bb7cd33</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>3931fac73a41f44297e528a719e9c63a</hash></key><key><path>HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TranslationBuddy_5e</path><vendor>PUP.Optional.MindSpark.A</vendor><action>success</action><hash>3a30744dccaf11255f5f4a967989926e</hash></key><file><path>C:\Users\castro\Downloads\Firefox_TSV4ACC95.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>de8c9928e497112540091731fb051ce4</hash></file><file><path>C:\Users\castro\Downloads\Firefox_TSV4ACC9O.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>b6b4b70a8fec48ee490097b137c9649c</hash></file><file><path>C:\Program Files\Common Files\System\SysMenu.dll</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>650518a98eed1c1a0c6f359a18eaea16</hash></file><file><path>C:\Program Files\Common Files\System\SysMenu64.dll</path><vendor>PUP.Optional.Goobzo</vendor><action>success</action><hash>3931fac73a41f44297e528a719e9c63a</hash></file><file><path>C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage</path><vendor>PUP.Optional.NewTab.A</vendor><action>success</action><hash>32384c756a11f83ed374a887c0446f91</hash></file></items>

</mbam-log>

Edited by brownhornet
Link to comment
Share on other sites

I can't read the MBAM log, let's try that again.

Also, did you allow it to remove what was found?

 

Open MBAM, click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button.

It should save this to notepad. At the top of that log look to the upper left corner.

Edit - file- Format - View - Help

Click on Format, click on Word Wrap and remove the checkmark.

and post back the results on your next reply.

 

 

How's the computer now?

Link to comment
Share on other sites

saving the log file was a little bit different than what you explained but i figured it out,the laptop seems to be doing fine unless you see something else. yes i removed what was found per your advice several posts earlier

 

log file:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/3/2014
Scan Time: 12:53:59 AM
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.03.02
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: castro

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356348
Time Elapsed: 30 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Quarantined, [5317546ddf9cf93d3aac540cf40efb05],
PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Quarantined, [5317546ddf9cf93d3aac540cf40efb05],
PUP.Optional.Simppull.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}, Quarantined, [ea80e8d9205b95a1c5b8441cfe0460a0],
PUP.Optional.Simppull.A, HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{627AF46B-2076-42AE-A2FD-8428734D3E74}, Quarantined, [ea80e8d9205b95a1c5b8441cfe0460a0],
PUP.Optional.Simppull.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}, Quarantined, [165479483645280e99e55c044bb7cd33],
PUP.Optional.Goobzo, HKLM\SOFTWARE\CLASSES\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}, Quarantined, [3931fac73a41f44297e528a719e9c63a],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-421815810-114840823-2280959742-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TranslationBuddy_5e, Quarantined, [3a30744dccaf11255f5f4a967989926e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.Conduit.A, C:\Users\castro\Downloads\Firefox_TSV4ACC95.exe, Quarantined, [de8c9928e497112540091731fb051ce4],
PUP.Optional.Conduit.A, C:\Users\castro\Downloads\Firefox_TSV4ACC9O.exe, Quarantined, [b6b4b70a8fec48ee490097b137c9649c],
PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu.dll, Quarantined, [650518a98eed1c1a0c6f359a18eaea16],
PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu64.dll, Quarantined, [3931fac73a41f44297e528a719e9c63a],
PUP.Optional.NewTab.A, C:\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage, Quarantined, [32384c756a11f83ed374a887c0446f91],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to comment
Share on other sites

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

***********************

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Edited by Juliet
Link to comment
Share on other sites

the TFC scan came up empty/clean. Eset not so much!

 

scan log:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\appbario15ToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\hk64tbappb.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\hktbappb.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\ldrtbappb.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\prxtbappb.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\appbario15\tbappb.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir Win32/FileTypeAssistant.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\findopolisUn.exe.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\findopolisUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\updatefindopolis.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\findopolis.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\findopolis.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\utilfindopolis.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\{c486bc7a-4f2c-4a8b-ac38-4952f70809b9}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.Bromon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.BroStats.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.BrowserAdapterS.dll.vir probably a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.CompatibilityChecker.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.IEUpdate.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.PurBrowse.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.PurBrowseG.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\findopolis\bin\plugins\findopolis.Repmon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65auxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65datact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65dlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65feedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65highin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65hkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65httpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65idle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65ieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65mlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65msg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regfft.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65regiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65script.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65sknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65skplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65uabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_us_110\freeSoftToday_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\fst_us_110\predm.exe.vir Win32/Adware.EoRezo.AS application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\AddonNP.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\FrameworkControl.exe.vir MSIL/NewPlayer.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdater.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\AddOn\ChromeAddon\manifest.json.vir JS/Superfish.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\AddOn\ChromeAddon\script.js.vir JS/Superfish.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir JS/Superfish.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir JS/Superfish.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\references\NewPlayerChecker.exe.vir MSIL/NewPlayer.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir Win32/SpeedingUpMyPC.O application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\ToggleMark.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\ToggleMarkBAApp.dll.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\{af16abf4-eac1-49b4-93fc-58f6ca799135}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eauxstb.dll.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ebarsvc.exe.vir Win32/Toolbar.MyWebSearch.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ebrmon.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5edatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5edlghk.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5efeedmg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ehighin.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ehkstub.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5ehttpct.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eidle.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5emedint.exe.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5emlbtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5emsg.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eregfft.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eregiet.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5escript.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5esknlcr.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eskplay.exe.vir Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5eSrcAs.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5etpinst.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\5euabtn.dll.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\T8EXTEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TranslationBuddy_5e\bar\1.bin\T8EXTPEX.DLL.vir Win32/Toolbar.MyWebSearch.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir Win32/SpeedUpMyPC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Conduit\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Conduit\CT3279414\appbario15AutoUpdateHelper.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.20.1.8_0\plugins\ConduitChromeApiPlugin.dll.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.20.1.8_0\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\appbario15\nsa6931.tbapp2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\chLogic.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\CT3279414.xpi.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\ctbe.exe.vir Win32/Toolbar.Conduit.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\ffLogic.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\ieLogic.exe.vir Win32/Conduit.SearchProtect.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\statisticsStub.exe.vir Win32/Toolbar.Conduit potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\stub.exe.vir Win32/Toolbar.Conduit.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Local\Temp\CT3279414\plugins\TBVerifier.dll.vir Win32/Toolbar.Conduit.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hk64tbapp0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hk64tbapp2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hk64tbappb.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hktbapp0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hktbapp2.dll.vir probably a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\hktbappb.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\ldrtbapp0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\ldrtbappb.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbapp0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbapp1.dll.vir probably a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbapp2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\tbappb.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\LocalLow\appbario15\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\FlvPlayer\FlvPlayerApp.exe.vir Win32/InstallCore.OY potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\Mozilla\Firefox\Profiles\ymoe59ib.default-1366879655782\Extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\VOPackage\runasu.exe.vir Win32/VOPackage.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\castro\AppData\Roaming\VOPackage\Uninstall.exe.vir Win32/VOPackage.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir Win64/AdvancedSystemProtector.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll a variant of MSIL/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Windows\system32\plsapp64.dll.xBAD a variant of Win32/AdWare.Sendori.A application
C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe a variant of Win32/SBWatchman.A potentially unwanted application
C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\castro\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Win32/DealPly.B potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe Win32/DealPly.B potentially unwanted application

Link to comment
Share on other sites

Not that bad really considering how infected it was. Most of what was found was already in quarantine folders.

We'll remove those shortly.

 

 

This script will reboot the computer.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe

C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe

C:\temp\launcher.exe

C:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx

C:\Users\castro\Downloads\ccsetup416.exe

C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll

C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe

Reboot:

End

Open FRST/FRST64 and press the Fix

FRSTconsole-2.jpg

button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to comment
Share on other sites

new log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by castro at 2014-08-03 13:55:43 Run:2
Running from C:\Users\castro\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe
C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe
C:\temp\launcher.exe
C:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx
C:\Users\castro\Downloads\ccsetup416.exe
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe
Reboot:
End
*****************

C:\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe => Moved successfully.
C:\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe => Moved successfully.
C:\temp\launcher.exe => Moved successfully.
C:\Users\castro\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx => Moved successfully.
C:\Users\castro\Downloads\ccsetup416.exe => Moved successfully.
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...