Jump to content


Photo

My pc is very slow and there is software installing more softwares


  • This topic is locked This topic is locked
26 replies to this topic

#1 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 02:12 PM

Hi,

 

My pc is very slow and there is software installing more softwares on it. most of the softwares are adwares. Microsoft security essential is picking malwares many times every day. the following is an example. TrojanDownloader:Win32/Rottentu.A

 

all I could do to remove the adwares is to uninstall them from control panel and somes from fire fox add on screen.

 

I have read Instructions for posting requested logs

 

 



#2 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 03:06 PM

this is mbam scan log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/06/2015
Scan Time: 20:25:39
Logfile: mbam scan log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.20.03
Rootkit Database: v2015.06.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329384
Time Elapsed: 25 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 10
PUP.Optional.OptimizerPR0, C:\ProgramData\{88b83a33-3e67-3d25-88b8-83a333e6e8cc}\setup.exe, 2616, Delete-on-Reboot, [ef04caf26822b87e10b03c065aa89070]
PUP.Optional.SuperOptimizer.A, C:\ProgramData\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe, 2772, Delete-on-Reboot, [5b98d8e44a402115ead66cf77191e818]
PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, 3024, Delete-on-Reboot, [a54e83397317a39328fd5ebc7a88936d]
PUP.Optional.ELEX, C:\Program Files\XTab\HPNotify.exe, 3172, Delete-on-Reboot, [eb08c2fa6723bf7757ac61dad32f3dc3]
Trojan.Agent, C:\Windows\rcore.exe, 3276, Delete-on-Reboot, [9a59605cccbeb77f77df6def90736b95]
PUP.Optional.Coupoon.A, C:\Program Files\Coupoon\UpdateCheck.exe, 3536, Delete-on-Reboot, [bb38ebd1682287afb1fab9cc5ea80af6]
PUP.Optional.XTab.A, C:\Program Files\XTab\CmdShell.exe, 3080, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0]
PUP.Optional.MultiPlug.Gen, C:\Users\pc\AppData\Roaming\8EBD1800-1425285853-11B2-8000-ADB3BB4CD025\nsz4EB4.tmpfs, 3204, Delete-on-Reboot, [bb388d2f3d4d74c224500a7fd035e41c]
PUP.Optional.MultiPlug.Gen, C:\Users\pc\AppData\Roaming\8EBD1800-1425285853-11B2-8000-ADB3BB4CD025\jnsf842C.tmp, 1852, Delete-on-Reboot, [bb388d2f3d4d74c224500a7fd035e41c]
PUP.Optional.Score.A, C:\Windows\rcore.exe, 3276, Delete-on-Reboot, [22d168541e6c69cdf2fd3e41ba4b2ad6]

Modules: 11
PUP.Optional.Multiplug, C:\Program Files\TampaSystem\TampaSystem.dll, Delete-on-Reboot, [8b686f4d4d3d85b1f4cfd266ea1803fd],
PUP.Optional.SearchProtect, C:\Program Files\XTab\BrowserAction.dll, Delete-on-Reboot, [bc3713a9464447ef91e4143644bee719],
PUP.Optional.BrowserWatch, C:\Program Files\XTab\BrowerWatchFF.dll, Delete-on-Reboot, [0ce7b606cac0a690863f353a59a710f0],
PUP.Optional.BrowserWatch, C:\Program Files\XTab\BrowerWatchCH.dll, Delete-on-Reboot, [a74c5963eb9f88ae75501b54be42b54b],
PUP.Optional.XTab.A, C:\Program Files\XTab\IeWatchDog.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],

Registry Keys: 83
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, Quarantined, [a54e83397317a39328fd5ebc7a88936d],
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rcores, Quarantined, [9a59605cccbeb77f77df6def90736b95],
PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UpdateCheck, Quarantined, [bb38ebd1682287afb1fab9cc5ea80af6],
PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CoupoonService, Quarantined, [46ad6d4f4149dc5a8625f39264a24cb4],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [83707844fc8e39fd70fa1c5b28db847c],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [83707844fc8e39fd70fa1c5b28db847c],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [83707844fc8e39fd70fa1c5b28db847c],
PUP.Optional.SupTab.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [83707844fc8e39fd70fa1c5b28db847c],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [1cd7e2daadddac8a16dc086ff40f1de3],
PUP.Optional.MultiPlug, HKU\S-1-5-21-799363693-3917888606-2371878282-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}, Quarantined, [16dd714ba5e5979fbfa6cde438cb33cd],
PUP.Optional.SaveExtension.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{89310413-97E0-4F09-AA75-390A7F4D4918}, Quarantined, [d61dc4f899f1cc6af4cb4babc1422ad6],
PUP.Optional.SaveExtension.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}, Quarantined, [d61dc4f899f1cc6af4cb4babc1422ad6],
PUP.Optional.SaveExtension.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}, Quarantined, [d61dc4f899f1cc6af4cb4babc1422ad6],
PUP.Optional.SaveExtension.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}, Quarantined, [d61dc4f899f1cc6af4cb4babc1422ad6],
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\powywejy, Quarantined, [bb388d2f3d4d74c224500a7fd035e41c],
PUP.Optional.MultiPlug.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cehufofi, Quarantined, [bb388d2f3d4d74c224500a7fd035e41c],
PUP.Optional.CoupExtension.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}, Quarantined, [36bdf7c5a8e2092dec7a2368aa5b03fd],
PUP.Optional.CoupExtension.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1EA56CF8-1B08-4B8B-BAD9-77D0A2F55837}, Quarantined, [36bdf7c5a8e2092dec7a2368aa5b03fd],
PUP.Optional.CoupExtension.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AFE44F7D-9EB4-426B-AB34-4DAB85ECDF91}, Quarantined, [36bdf7c5a8e2092dec7a2368aa5b03fd],
PUP.Optional.CoupExtension.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D75E8573-4E73-4642-8517-A6348042151C}, Quarantined, [36bdf7c5a8e2092dec7a2368aa5b03fd],
PUP.Optional.CoupExtension.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DC00432C-FF74-41C6-BE9E-7F2224FDB437}, Quarantined, [36bdf7c5a8e2092dec7a2368aa5b03fd],
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, Quarantined, [49aa843814763204723413e2df248a76],
PUP.Optional.Coupoon.A, HKLM\SOFTWARE\coupoon, Quarantined, [06ed5b616921122482bcaedbe71e847c],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, Quarantined, [619214a8ed9d9b9bb7bd7b8c0ff5758b],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [dd165a62b7d3f343de3a63e391731ce4],
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\InstallCore, Quarantined, [52a174487218e2540165bb66ea1a6898],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\istartsurfSoftware, Quarantined, [42b107b5d1b9bc7acf0973a9f80cc43c],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, Quarantined, [e50edede2b5f9d998e07e62832d29e62],
PUP.Optional.SuperClick.A, HKLM\SOFTWARE\SuperClick_1.10.0.16, Quarantined, [1dd603b93f4be84ef0a48f00cb3a3ac6],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WajIntEnhance, Quarantined, [03f006b6365416205ed019eb50b444bc],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [82719626f3971620d910425117ee7888],
PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [d122a517a0eaf24489613d5628dd827e],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [ee0509b34b3fa88e035a6e89a55eec14],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3300197, Quarantined, [fdf61e9efb8f3204ffed71200cf9a858],
PUP.Optional.StartNow.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lmmhpfbhngkongobaoibpmnijjokabmj, Quarantined, [a05300bc7812af87b6536c8cde2547b9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [599a1e9ebbcfb08616956d8cf0136b95],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [d41f0fadd2b85adc918dc0cbce377789],
PUP.Optional.LookForIt.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [955e6f4d9dede45297988f688c774ab6],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [995a9b2133576bcbf65717ea2ed6ea16],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [777c4874f09a092d490352af778d15eb],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [0de6219b5b2f78beb6be9bed60a5fa06],
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [48abe8d402882c0af111f11e63a18878],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [e90ab3093258f3436fdcce335ca8a858],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{22134214}, Quarantined, [e90ae9d33e4c61d5db642e621aebd52b],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{3b7ef248}, Quarantined, [1ed568545b2f053176c98c04f51023dd],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [ba3994283b4fff379a497021d1347d83],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [41b2efcdeb9f39fd96b73ddebb4957a9],
PUP.Optional.SuperClick.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scfd_1_10_0_16, Quarantined, [995a6c5098f2122441543d52c243fc04],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [7281bffd7812ab8bb0b235dc06fe956b],
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES, Quarantined, [22d168541e6c69cdf2fd3e41ba4b2ad6],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [cb2802baa4e6a690564fe411fb088080],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18\SOFTWARE\MedPlayerNewVersion-nv, Quarantined, [7d76229af397e650366de31b3fc46e92],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18\SOFTWARE\MedPlayerNewVersion-nv-ie, Quarantined, [985b5d5fd6b43df98c1740bec63d8d73],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [d41fd4e8b9d1d6609e4ab9da9e6715eb],
PUP.Optional.Coupoon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\coupoon, Quarantined, [e112873595f5c76faf8d6524c045dd23],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [29ca9824e6a49e984a62e7a574916c94],
PUP.Optional.BoBrowser.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\BoBrowser, Quarantined, [4ca7823aa6e41323b0ba36d0a85c847c],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\HomeTab, Quarantined, [08eb704c2268e056162fb9735da754ac],
PUP.Optional.ICinema.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\I - Cinema-nv-ie, Quarantined, [12e178441c6e7bbb95b964b970947b85],
PUP.Optional.InstallCore.C, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\InstallCore, Quarantined, [5e9503b912780c2a18ccd4bf1de84db3],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MedPlayerNewVersion-nv-ie, Quarantined, [38bb3f7df19910264261b34bd0339967],
PUP.Optional.Nosibay.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\Nosibay, Quarantined, [24cfccf06f1bbf77c80ab15b669e37c9],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\SearchProtectWS, Quarantined, [c0333d7fb3d7c472311e877aa163e51b],
PUP.Optional.Wajam.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\WajIntEnhance, Quarantined, [42b12894d9b191a5c26d59ab09fba35d],
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [bd366a52c9c163d3b7319ef56e9725db],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [787bcfed454593a3627ddb930ef721df],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [876ce9d3f19939fdddc1631425e027d9],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [2dc6b9038901be78027f46b3778ca35d],
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [22d18f2d18729a9c110c0b8030d5f50b],
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, Quarantined, [5f945567abdf6fc76cb1e9a235d0bb45],
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [b04373495238cc6a3be2ff8ceb1a4eb2],
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{74D7B980-4E95-4E46-9B17-599E802FD3A5}, Quarantined, [5b98b9034f3b88ae938a7219bc49c838],
PUP.Optional.LookForIt.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [db189b219af075c180aeb14621e2ad53],
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, Quarantined, [668d19a30c7e21159d80d3b88580a55b],
PUP.Optional.Iminent.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [f7fcd3e97812d95d3fa7847936cd8d73],
PUP.Optional.Iminent.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, Quarantined, [5b9817a5791188aed710708de3203cc4],
PUP.Optional.Linkey.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, Quarantined, [1dd6724a8efc6fc71fc9e11c689b6a96],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, Quarantined, [866dbffd3258072f3b03f399b1549a66],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, Quarantined, [7a79902cfc8eab8b8b5ec23b22e17987],
PUP.Optional.Wajam.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, Quarantined, [0fe4b606d3b737ffa248dd20e3207a86],
PUP.Optional.WindApp.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\STORE\WindApp Tag, Quarantined, [599ad1eb4446f1454c22ec1453b110f0],
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\SUPER OPTIMIZER, Quarantined, [f4ffb9034e3c3df9db953a58a85d8878],
PUP.Optional.SelectionTool.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\WTOOLS\Selection Tools Tag, Quarantined, [1dd67b411c6e2115445b45c01fe50000],

Registry Values: 34
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://start.mysearc...1162190032&ir=,Quarantined, [599a1e9ebbcfb08616956d8cf0136b95]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Mysearchdial, Quarantined, [faf9fbc19eec0c2a3a717485eb1831cf]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://start.mysearc...1162190032&ir=,Quarantined, [2dc65e5e9eec1c1aa704c930e320d828]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURL, http://start.mysearc...com/favicon.ico, Quarantined, [bc37dfddf09ad85e179445b43bc87987]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconURLFallback, http://start.mysearc...com/favicon.ico, Quarantined, [d71c2e8ebdcd1f176c3f1ddcca399c64]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, mystartsearch, Quarantined, [d41f0fadd2b85adc918dc0cbce377789]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartse...={searchTerms},Quarantined, [955e8c300882be784ed0a2e9b0558b75]
PUP.Optional.LookForIt.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.loo...nfo/favicon.ico, Quarantined, [955e6f4d9dede45297988f688c774ab6]
PUP.Optional.LookForIt.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.loo...nfo/favicon.ico, Quarantined, [9360dce06822b4821a154fa80bf84db3]
PUP.Optional.LookForIt.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://websearch.loo...cc=GB&unqvl=82,Quarantined, [9a59b10bc5c50d29e24d609770937987]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\a9300rn5.default\extensions\searchengine@gmail.com, Quarantined, [f5fe6953c5c561d5a3f45d287b8a17e9]
PUP.Optional.IStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\a9300rn5.default\extensions\istart_ffnt@gmail.com, Quarantined, [1ad9c1fbe4a687afa7274cb16f946c94]
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\vvfnkxvj.default-1432108227586\extensions\fftoolbar2014@etech.com, Quarantined, [f7fc209c5f2bf343e83a7196a361d927]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [ba3994283b4fff379a497021d1347d83]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, tugs, Quarantined, [41b2efcdeb9f39fd96b73ddebb4957a9]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cehufofi|ImagePath, C:\Users\pc\AppData\Roaming\8EBD1800-1425285853-11B2-8000-ADB3BB4CD025\jnsf842C.tmp, Quarantined, [589bead2b5d5fa3ca358b0d70203b24e]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\powywejy|ImagePath, C:\Users\pc\AppData\Roaming\8EBD1800-1425285853-11B2-8000-ADB3BB4CD025\nsz4EB4.tmpfs, Quarantined, [1ed5edcf9cee6dc9de1c3a4dd33230d0]
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES|ImagePath, C:\Windows\rcore.exe, Quarantined, [22d168541e6c69cdf2fd3e41ba4b2ad6]
PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UPDATECHECK|ImagePath, C:\Program Files\Coupoon\UpdateCheck.exe run , Quarantined, [787bb5078208092d67cbbcd2bd48e21e]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [2dc6b9038901be78027f46b3778ca35d]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.mystartse...={searchTerms},Quarantined, [22d18f2d18729a9c110c0b8030d5f50b]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, http://www.mystartse...={searchTerms},Quarantined, [5f945567abdf6fc76cb1e9a235d0bb45]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, http://www.mystartse...om//favicon.ico, Quarantined, [df14ab118a0055e1dd40c8c333d225db]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, mystartsearch, Quarantined, [b04373495238cc6a3be2ff8ceb1a4eb2]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartse...={searchTerms},Quarantined, [fef55864c4c62511fd208506699cee12]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{74D7B980-4E95-4E46-9B17-599E802FD3A5}|URL, http://www.mystartse...={searchTerms},Quarantined, [5b98b9034f3b88ae938a7219bc49c838]
PUP.Optional.V9.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{74D7B980-4E95-4E46-9B17-599E802FD3A5}|TopResultURL, http://search.v9.com...={searchTerms},Quarantined, [a251f8c49febf04652a22c5eef16ca36]
PUP.Optional.LookForIt.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURL, http://websearch.loo...nfo/favicon.ico, Quarantined, [db189b219af075c180aeb14621e2ad53]
PUP.Optional.LookForIt.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|FaviconURLFallback, http://websearch.loo...nfo/favicon.ico, Quarantined, [c92a16a68cfe7db9e846cb2ce91a966a]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|URL, http://www.mystartse...={searchTerms},Quarantined, [648fdddf5c2e4fe7aa730d7eee171be5]
PUP.Optional.LookForIt.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}|TopResultURL, http://websearch.loo...cc=GB&unqvl=82,Quarantined, [8d668a32e5a5df5757d75a9d699a24dc]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://www.mystartse...={searchTerms},Quarantined, [668d19a30c7e21159d80d3b88580a55b]
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\Public\Temp\5AF76C51910A46F1BD9641722DDDE1F1\setup.exe, Quarantined, [f4ffb9034e3c3df9db953a58a85d8878]
PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, http://supc30.superp...25-A5BEE858DC5A, Quarantined, [dd16a6160387dd59442c98f7c540e917]

Registry Data: 7
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsur...V1CB1N1563N1563, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsur...96ee5154b2b947]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartse...V1CB1N1563N1563, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hppp&ts=1425289053&from=nsbuk&uid=WDCXWD7500BPVT-80HXZT3_WD-WXV1CB1N1563N1563),Replaced,[ef04308c1476d561cf6372cba95d15eb]
PUP.Optional.HttpBreaker.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartse...V1CB1N1563N1563, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hppp&ts=1425289053&from=nsbuk&uid=WDCXWD7500BPVT-80HXZT3_WD-WXV1CB1N1563N1563),Replaced,[de15eece8dfd8bab33ff41fc23e305fb]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[5a99b507781261d5c4c5cf7aed19b050]
PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartse...V1CB1N1563N1563, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hppp&ts=1425289053&from=nsbuk&uid=WDCXWD7500BPVT-80HXZT3_WD-WXV1CB1N1563N1563),Replaced,[01f2427aadddee4844eb84b972949f61]
PUP.Optional.HttpBreaker.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartse...V1CB1N1563N1563, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hppp&ts=1425289053&from=nsbuk&uid=WDCXWD7500BPVT-80HXZT3_WD-WXV1CB1N1563N1563),Replaced,[07ec5c604c3e92a49c9356e7897d11ef]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-799363693-3917888606-2371878282-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|First Home Page, http://go.microsoft....B0&OHP=httpBad:(http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]AGood: (www.google.com)FGood: (www.google.com)Fwww.mystartsearch.comGood: (www.google.com)FBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]FtypeBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]Dhppp%26tsBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]D1425289053%26fromBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]Dnsbuk%26uidBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]DWDCXWD7500BPVTGood: (www.google.com)D80HXZT3%5FWDGood: (www.google.com)DWXV1CB1N1563N1563&OSP=httpBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]AGood: (www.google.com)FGood: (www.google.com)Fwww.mystartsearch.comGood: (www.google.com)FwebGood: (www.google.com)FBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]FtypeBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]Ddspp%26tsBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]D1425289053%26fromBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]Dnsbuk%26uidBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]DWDCXWD7500BPVTGood: (www.google.com)D80HXZT3%5FWDGood: (www.google.com)DWXV1CB1N1563N1563%26qBad: (http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1425289053%26from%3Dnsbuk%26uid%3DWDCXWD7500BPVT%2D80HXZT3%5FWD%2DWXV1CB1N1563N1563%26q%3D%7BsearchTerms%7D),Replaced,[8d6613a9e1a92b0be9ac2f0e7b8bd22e]D%7BsearchTerms%7D, %4, %5

Folders: 55
PUP.Optional.SaveExtension.A, C:\Program Files\SaverExtennssion, Quarantined, [d61dc4f899f1cc6af4cb4babc1422ad6],
PUP.Optional.SaveLots.A, C:\Program Files\SaveoLotss, Quarantined, [e310d3e9810954e22997985e61a2eb15],
PUP.Optional.XTab.A, C:\Program Files\XTab, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.Multiplug.Gen, C:\ProgramData\{90650103-724c-950a-9065-50103724040d}, Quarantined, [36bd87353258ca6c0d5e870242c333cd],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1425286106-11B2-8000-ADB3BB4CD025, Quarantined, [af44605cc8c24ee873fc6a1f25e05ba5],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1430220324-11B2-8000-ADB3BB4CD025, Quarantined, [fef57844a6e469cd125dc6c3669ff40c],
PUP.Optional.MultiPlug.Gen, C:\Users\pc\AppData\Roaming\8EBD1800-1425285853-11B2-8000-ADB3BB4CD025, Delete-on-Reboot, [bb388d2f3d4d74c224500a7fd035e41c],
PUP.Optional.MultiPlug.Gen, C:\Users\pc\AppData\Roaming\8EBD1800-1430216598-11B2-8000-ADB3BB4CD025, Quarantined, [ab48ad0fa0ead95d79fb177239cca55b],
PUP.Optional.NetCoupon.A, C:\Program Files\NetoCouepoonn, Quarantined, [0ce7d0ec19710333e030e5a57194d729],
PUP.Optional.NetCoupon.A, C:\Program Files\NetoCoupOn, Quarantined, [a3509923632750e66ea21872a2631ce4],
PUP.Optional.RegularDeals.A, C:\Program Files\RegulaorDeAlus, Quarantined, [a64ddede820882b4f5335f2b13f2b54b],
PUP.Optional.MultiPlug, C:\ProgramData\eifjfoeohbnjocialnpjedjcefmkdcej, Quarantined, [72812b911a705adc59603b4f0ff6b34d],
PUP.Optional.MultiPlug, C:\ProgramData\foaaekdlfnkdmohdgngniacilpenmhpi, Quarantined, [9e55e5d74e3c3df9d0e948422adbfd03],
PUP.Optional.iSaver.A, C:\Program Files\IsaavEEr, Quarantined, [f102a814e1a91422d76f414aaa5bf40c],
PUP.Optional.CoupExtension.A, C:\Program Files\CaoupExetension, Quarantined, [36bdf7c5a8e2092dec7a2368aa5b03fd],
PUP.Optional.BundleInstaller.A, C:\ProgramData\abc, Quarantined, [a64dbffd4e3c74c28381f39e3acbff01],
PUP.Optional.OptimizerPro.A, C:\Users\pc\Documents\Optimizer Pro, Quarantined, [936066565436c076a8c84f42778e44bc],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [3fb4229aa2e89c9aa61faf2559aa0cf4],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [3fb4229aa2e89c9aa61faf2559aa0cf4],
PUP.Optional.Nosibay.A, C:\Users\pc\AppData\Roaming\Nosibay, Quarantined, [c62d8933d7b356e069946e76d330c33d],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [5f945567b5d589ad88ad47a3b84b3dc3],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [5f945567b5d589ad88ad47a3b84b3dc3],
PUP.Optional.Coupoon.A, C:\Program Files\Coupoon, Delete-on-Reboot, [9d56992307836bcbfe3431c0be455da3],
PUP.Optional.Coupoon.A, C:\Program Files\Coupoon\locales, Quarantined, [9d56992307836bcbfe3431c0be455da3],
PUP.Optional.Coupoon.A, C:\Program Files\Coupoon\SSL, Quarantined, [9d56992307836bcbfe3431c0be455da3],
PUP.Optional.Delta.A, C:\Users\pc\AppData\LocalLow\Delta\delta, Quarantined, [2dc605b77c0ec4728ff7b83ad1327d83],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [a3503983325838feb21b12e18182ed13],
PUP.Optional.OneSystemCare.A, C:\Users\pc\AppData\Roaming\One System Care, Quarantined, [ab48e4d847438da96576797ab44fb34d],
PUP.Optional.OneSystemCare.A, C:\Users\pc\AppData\Roaming\One System Care\WL, Quarantined, [ab48e4d847438da96576797ab44fb34d],

Files: 191
PUP.Optional.Multiplug, C:\Program Files\TampaSystem\TampaSystem.dll, Delete-on-Reboot, [8b686f4d4d3d85b1f4cfd266ea1803fd],
PUP.Optional.OptimizerPR0, C:\ProgramData\{88b83a33-3e67-3d25-88b8-83a333e6e8cc}\setup.exe, Delete-on-Reboot, [ef04caf26822b87e10b03c065aa89070],
PUP.Optional.SuperOptimizer.A, C:\ProgramData\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe, Delete-on-Reboot, [5b98d8e44a402115ead66cf77191e818],
PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, Delete-on-Reboot, [a54e83397317a39328fd5ebc7a88936d],
PUP.Optional.ELEX, C:\Program Files\XTab\HPNotify.exe, Delete-on-Reboot, [eb08c2fa6723bf7757ac61dad32f3dc3],
PUP.Optional.SearchProtect, C:\Program Files\XTab\BrowserAction.dll, Delete-on-Reboot, [bc3713a9464447ef91e4143644bee719],
PUP.Optional.BrowserWatch, C:\Program Files\XTab\BrowerWatchFF.dll, Delete-on-Reboot, [0ce7b606cac0a690863f353a59a710f0],
PUP.Optional.BrowserWatch, C:\Program Files\XTab\BrowerWatchCH.dll, Delete-on-Reboot, [a74c5963eb9f88ae75501b54be42b54b],
Trojan.Agent, C:\Windows\rcore.exe, Delete-on-Reboot, [9a59605cccbeb77f77df6def90736b95],
PUP.Optional.Coupoon.A, C:\Program Files\Coupoon\UpdateCheck.exe, Delete-on-Reboot, [bb38ebd1682287afb1fab9cc5ea80af6],
PUP.Optional.Coupoon.A, C:\Program Files\Coupoon\iiwjljrnpc.exe, Quarantined, [46ad6d4f4149dc5a8625f39264a24cb4],
PUP.Optional.SupTab.A, C:\Program Files\XTab\SupTab.dll, Quarantined, [83707844fc8e39fd70fa1c5b28db847c],
PUP.Optional.MultiPlug.Uns, C:\ProgramData\The AdBlocker\The AdBlocker.exe, Quarantined, [faf9c8f4cdbd340299f304620ef5c838],
PUP.Optional.Protect, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Quarantined, [ad464d6f0a8001353c703ff450b647b9],
PUP.Optional.Multiplug.A, C:\Program Files\VauDix\VauDix.exe, Quarantined, [8b68962614762511412e83b6bd4544bc],
PUP.Optional.SupTab.A, C:\Program Files\XTab\SupTab_Bak.dll, Quarantined, [9261a01c51392313059b9e99b64a13ed],
PUP.Optional.Multiplug.A, C:\Program Files\Mozilla Firefox\dbghelp.dll, Quarantined, [955ef8c41872b77fef95ea69986ab14f],
PUP.Optional.Multiplug.A, C:\Program Files\CyculoNNeCover\D0EaBgUrd3hgU5.exe, Quarantined, [8271902ca5e5ae8870ff47f2b84a08f8],
PUP.Optional.InstallCore.C, C:\$Recycle.Bin\S-1-5-21-799363693-3917888606-2371878282-1000\$R4OIRGM.crdownload, Quarantined, [7083c8f44d3d320412e5e27a659d956b],
PUP.Optional.Bandoo, C:\$Recycle.Bin\S-1-5-21-799363693-3917888606-2371878282-1000\$R77DTRS.crdownload, Quarantined, [9a59a616266446f04469d969639e659b],
PUP.Optional.Bandoo, C:\$Recycle.Bin\S-1-5-21-799363693-3917888606-2371878282-1000\$RHGEGIA.crdownload, Quarantined, [886bdbe101894cea208d4bf7659c4bb5],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\BDL.dll, Quarantined, [2fc4ebd18a0090a62b8947f9db2712ee],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\scxy.dll, Quarantined, [b83b6755f694b77f0adde57250b205fb],
PUP.Optional.SuperOptimizer.A, C:\Users\pc\AppData\Local\Temp\supoptsetup.exe, Quarantined, [5b983e7eaae0999dcc51eb7835cd30d0],
PUP.Optional.Amonetize.A, C:\Users\pc\AppData\Local\Temp\Launcher__13221.exe, Quarantined, [4ba89a22becc43f37d1228382bd735cb],
PUP.Optional.Amonetize.A, C:\Users\pc\AppData\Local\Temp\Launcher__10046.exe, Quarantined, [c231c4f89ded81b593fc451b10f238c8],
PUP.Optional.Amonetize.A, C:\Users\pc\AppData\Local\Temp\Launcher__12695.exe, Quarantined, [be353f7d2f5b1521f996a2be8d75827e],
PUP.Optional.OfferInstaller.C, C:\Users\pc\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, Quarantined, [db189b21dab02b0b9e099ca57b870cf4],
PUP.Optional.Clara.A, C:\Windows\Temp\SienUpdater\s4vo.exe, Quarantined, [c92a714be5a582b4eed46f16d92d5fa1],
PUP.Optional.SaveExtension.A, C:\Program Files\SaverExtennssion\5GEc9UnGxwp5UV.tlb, Quarantined, [d61dc4f899f1cc6af4cb4babc1422ad6],
PUP.Optional.SaveExtension.A, C:\Program Files\SaverExtennssion\5GEc9UnGxwp5UV.dat, Quarantined, [d61dc4f899f1cc6af4cb4babc1422ad6],
PUP.Optional.SaveLots.A, C:\Program Files\SaveoLotss\ZsNZ0WCuiGG9TT.tlb, Quarantined, [e310d3e9810954e22997985e61a2eb15],
PUP.Optional.SaveLots.A, C:\Program Files\SaveoLotss\ZsNZ0WCuiGG9TT.dat, Quarantined, [e310d3e9810954e22997985e61a2eb15],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\29xyOff.ini, Quarantined, [7182a418652571c5577631c58083ff01],
PUP.Optional.BasementDuster.A, C:\Windows\Temp\BasementDuster.log, Quarantined, [c72c526ad2b83204ee7821da24df8878],
PUP.Optional.BasementDuster.A, C:\Windows\Temp\BasementDusterr.log, Quarantined, [fdf6c7f5cbbfaa8cc89e15e6c043758b],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\BasementDusterOff.ini, Quarantined, [fef5bffd325886b0d296dc1feb18ba46],
PUP.Optional.SelectionTools.A, C:\Users\pc\AppData\Roaming\Selection Tools.installation.log, Quarantined, [c231249829610d29898c2ed7c93bc23e],
PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\CmdShell.exe, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\conf, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\IeWatchDog.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Delete-on-Reboot, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, Quarantined, [ad46dddf3951cd69b0c5c245669e10f0],
PUP.Optional.BoBrowser.A, C:\Windows\System32\Tasks\Run_Bobby_Browser, Quarantined, [a94a3c804a40a6908afe9572c341847c],
PUP.Optional.Bubbledock.A, C:\Users\pc\AppData\Roaming\Bubble Dock.boostrap.log, Quarantined, [c72c48743a5077bf6a2f65a5bf45e51b],
PUP.Optional.Bubbledock.A, C:\Users\pc\AppData\Roaming\Bubble Dock.installation.log, Quarantined, [35beb804b1d9171fa8f19c6e2adaf20e],
PUP.Optional.WindApp.A, C:\Users\pc\AppData\Roaming\WindApp.boostrap.log, Quarantined, [9360b804beccde58ecaee129bc4818e8],
PUP.Optional.WindApp.A, C:\Users\pc\AppData\Roaming\WindApp.installation.log, Quarantined, [c62d19a3dbafa6902b6fdb2f53b13ac6],
PUP.Optional.GolSearch.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.golsearch.com_0.localstorage, Quarantined, [47ac6e4e17730531645fe830b25233cd],
PUP.Optional.GolSearch.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.golsearch.com_0.localstorage-journal, Quarantined, [aa493a8298f2132309bafe1ab84c5aa6],
PUP.Optional.Delta.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage, Quarantined, [9b588a32dfab70c6f8ccd741ba4ab34d],
PUP.Optional.Delta.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal, Quarantined, [a251a319a5e5ce6810b4051357ad17e9],
PUP.Optional.SelectNGo.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [27cc64582f5b38fec77e4be2b153a45c],
PUP.Optional.SelectNGo.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [d41f4973662440f695b063ca08fc926e],
PUP.Optional.ShoppingGate.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [619234881e6cbc7ab4f79f90cb39ab55],
PUP.Optional.ShoppingGate.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [846f308c6e1cd3634f5c51de8183ad53],
PUP.Optional.Vitruvian.A, C:\Users\pc\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [34bf8f2d4149df57afb91a684fb67d83],
PUP.Optional.Vitruvian.A, C:\Users\pc\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [4ba827952b5ff73f1c4c51319075c23e],
PUP.Optional.Vitruvian.A, C:\Users\pc\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [0de66d4f5e2cf2440365721065a02ad6],
PUP.Optional.Vitruvian.A, C:\Users\pc\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [4ba87349c7c31b1b55137f039a6bb64a],
PUP.Optional.Vitruvian.A, C:\Users\pc\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [08eb16a67b0fec4a4721b4ced1348779],
PUP.Optional.Vitruvian.A, C:\Users\pc\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [d1227448b2d8f145aabe641e2adbc53b],
PUP.Optional.Multiplug.Gen, C:\ProgramData\{90650103-724c-950a-9065-50103724040d}\Download.dat, Quarantined, [36bd87353258ca6c0d5e870242c333cd],
PUP.Optional.Multiplug.Gen, C:\ProgramData\{90650103-724c-950a-9065-50103724040d}\68d115ec572302a9, Quarantined, [36bd87353258ca6c0d5e870242c333cd],
PUP.Optional.Multiplug.Gen, C:\ProgramData\{90650103-724c-950a-9065-50103724040d}\a52cb3b970f7e57d, Quarantined, [36bd87353258ca6c0d5e870242c333cd],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1425286106-11B2-8000-ADB3BB4CD025\onswEBE8.tmp, Quarantined, [af44605cc8c24ee873fc6a1f25e05ba5],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1425286106-11B2-8000-ADB3BB4CD025\pnswEC85.exe, Quarantined, [af44605cc8c24ee873fc6a1f25e05ba5],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1425286106-11B2-8000-ADB3BB4CD025\rnswEBE7.exe, Quarantined, [af44605cc8c24ee873fc6a1f25e05ba5],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1425286106-11B2-8000-ADB3BB4CD025\snswEBE6.tmp, Quarantined, [af44605cc8c24ee873fc6a1f25e05ba5],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1425286106-11B2-8000-ADB3BB4CD025\Uninstall.exe, Quarantined, [af44605cc8c24ee873fc6a1f25e05ba5],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1430220324-11B2-8000-ADB3BB4CD025\onshABED.tmp, Quarantined, [fef57844a6e469cd125dc6c3669ff40c],
PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\8EBD1800-1430220324-11B2-8000-ADB3BB4CD025\snshABEB.tmp, Quarantined, [fef57844a6e469cd125dc6c3669ff40c],
PUP.Optional.MultiPlug.Gen, C:\Users\pc\AppData\Roaming\8EBD1800-1425285853-11B2-8000-ADB3BB4CD025\nsz4EB4.tmpfs, Delete-on-Reboot, [bb388d2f3d4d74c224500a7fd035e41c],
PUP.Optional.MultiPlug.Gen, C:\Users\pc\AppData\Roaming\8EBD1800-1425285853-11B2-8000-ADB3BB4CD025\jnsf842C.tmp, Delete-on-Reboot, [bb388d2


#3 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 03:11 PM

this is mbam protection log file

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 20/06/2015 20:22:56, SYSTEM, SAMSUNG, Manual, Rootkit Database, 2015.2.25.1, 2015.6.15.1,
Update, 20/06/2015 20:22:56, SYSTEM, SAMSUNG, Manual, Remediation Database, 2015.3.9.1, 2015.6.15.1,
Update, 20/06/2015 20:22:56, SYSTEM, SAMSUNG, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 20/06/2015 20:22:56, SYSTEM, SAMSUNG, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 20/06/2015 20:22:59, SYSTEM, SAMSUNG, Manual, Malware Database, 2015.3.9.5, 2015.6.20.3,
Scan, 20/06/2015 20:54:12, SYSTEM, SAMSUNG, Manual, Start:20/06/2015 20:25:39, Duration:25 min 33 sec, Threat Scan, Completed, 3 Malware Detections, 388 Non-Malware Detections,
Error, 20/06/2015 20:56:53, SYSTEM, SAMSUNG, Protection, IsLicensed, 13,
Protection, 20/06/2015 20:56:53, SYSTEM, SAMSUNG, Protection, Malware Protection, Stopping,
Protection, 20/06/2015 20:56:53, SYSTEM, SAMSUNG, Protection, Malware Protection, Stopped,
Error, 20/06/2015 20:59:15, SYSTEM, SAMSUNG, Protection, IsLicensed, 13,
Protection, 20/06/2015 20:59:15, SYSTEM, SAMSUNG, Protection, Malware Protection, Stopping,
Protection, 20/06/2015 20:59:15, SYSTEM, SAMSUNG, Protection, Malware Protection, Stopped,

(end)



#4 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 03:16 PM

this is DDS.txt log file

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17840  BrowserJavaVersion: 11.40.2
Run by pc at 21:14:30 on 2015-06-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3509.2262 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
C:\Program Files\Advent\AIO\StatusMonitor\ADPrinterSDK.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Advent\AIO\StatusMonitor\ADStatusMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Glorious Trade\Glorious Trade.exe
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = www.google.com
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mDefault_Page_URL = www.google.com
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ADStatusMonitor] c:\program files\advent\aio\statusmonitor\ADStatusMonitor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\download.lnk - c:\programdata\{90650103-724c-950a-9065-50103724040d}\Download.exe
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup.lnk - c:\programdata\{88b83a33-3e67-3d25-88b8-83a333e6e8cc}\setup.exe
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\supero~1.lnk - c:\programdata\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{31A83A9E-8957-4694-ABC6-2C9D66EAE8AB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{31A83A9E-8957-4694-ABC6-2C9D66EAE8AB}\244575966696D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{31A83A9E-8957-4694-ABC6-2C9D66EAE8AB}\96E6475627E656470227F657475627 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\998870ls.default-1434804741317\
FF - prefs.js: browser.startup.homepage - ?type=hppp
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
FF - plugin: c:\users\pc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_188.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
.
FF - user.js: browser.startup.homepage - ?type=hppp
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2014-4-5 20384]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2015-4-2 31744]
R2 Advent AiO Network Discovery Service;Advent AiO Network Discovery Service;c:\program files\advent\aio\center\ADAIOHostService.exe [2012-10-31 395200]
R2 ADVENT AIO Status Monitor Service;ADVENT AIO Status Monitor Service;c:\program files\advent\aio\statusmonitor\ADPrinterSDK.exe [2012-10-31 722336]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2015-3-16 244392]
R2 Glorious Trade;Glorious Trade;c:\program files\glorious trade\Glorious Trade.exe [2015-6-17 8015970]
R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2013-7-17 1406264]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2013-7-17 10294584]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2014-4-5 167936]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2014-4-7 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2014-4-7 270336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-6-20 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-6-20 119512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 f86a8682;TampaSystem;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-6-20 1080120]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-2-18 315488]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2014-4-5 1564160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-6-10 102912]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2014-4-5 954368]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-6-20 51928]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 95408]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-11 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-6-27 337512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-11 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-10-11 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-2 1343400]
.
=============== Created Last 30 ================
.
2015-06-20 19:22:55    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-20 19:14:24    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-20 19:14:24    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-06-20 19:14:23    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-06-20 19:14:23    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-06-20 13:55:55    9265072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{67168829-709c-4f02-b899-b7ea2ed3eea5}\mpengine.dll
2015-06-19 12:46:55    9265072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-06-18 08:39:46    908832    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{11e7d075-6fde-47f1-8487-79ce7555804f}\gapaengine.dll
2015-06-17 09:40:58    --------    d-----w-    c:\program files\Glorious Trade
2015-06-11 08:51:02    --------    d-----w-    C:\c223d62e656d651be52579
2015-06-10 09:38:37    853504    ----a-w-    c:\windows\system32\diagtrack.dll
2015-06-06 17:55:46    --------    d-----w-    c:\program files\CyculoNNeCover
2015-06-01 14:48:02    --------    d-----w-    c:\users\pc\appdata\local\GWX
2015-05-30 00:39:23    --------    d-----w-    C:\3c7a43338e3b16ce37731c75b6
.
==================== Find3M  ====================
.
2015-06-20 19:53:48    24    ----a-w-    c:\users\pc\appdata\roaming\appdataFr25.bin
2015-06-09 20:11:23    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-06-09 20:11:23    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-25 18:07:34    3989440    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07:34    3934144    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-05-25 18:07:33    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:07:33    137664    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:04:08    1307648    ----a-w-    c:\windows\system32\ntdll.dll
2015-05-25 18:00:44    40448    ----a-w-    c:\windows\system32\typeperf.exe
2015-05-25 18:00:40    364544    ----a-w-    c:\windows\system32\tracerpt.exe
2015-05-25 18:00:29    69632    ----a-w-    c:\windows\system32\smss.exe
2015-05-25 18:00:26    262656    ----a-w-    c:\windows\system32\rstrui.exe
2015-05-25 18:00:25    37888    ----a-w-    c:\windows\system32\relog.exe
2015-05-25 18:00:17    82944    ----a-w-    c:\windows\system32\logman.exe
2015-05-25 18:00:17    22528    ----a-w-    c:\windows\system32\lsass.exe
2015-05-25 18:00:09    17408    ----a-w-    c:\windows\system32\diskperf.exe
2015-05-25 18:00:04    50176    ----a-w-    c:\windows\system32\auditpol.exe
2015-05-25 17:57:31    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-05-25 17:57:15    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-05-25 17:55:18    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-05-25 17:55:17    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-05-25 17:00:20    2384384    ----a-w-    c:\windows\system32\win32k.sys
2015-05-25 16:53:50    36864    ----a-w-    c:\windows\system32\UtcResources.dll
2015-05-23 03:28:17    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-05-23 03:28:04    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-05-23 03:15:54    503808    ----a-w-    c:\windows\system32\vbscript.dll
2015-05-23 03:15:40    62464    ----a-w-    c:\windows\system32\iesetup.dll
2015-05-23 03:15:02    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-05-23 03:14:51    341504    ----a-w-    c:\windows\system32\html.iec
2015-05-23 03:13:48    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-05-23 03:05:21    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-05-23 03:05:18    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-05-23 03:04:50    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-05-23 03:00:14    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-05-23 02:52:43    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31    4305920    ----a-w-    c:\windows\system32\jscript9.dll
2015-05-23 02:37:45    2052608    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-05-23 02:37:25    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-05-23 02:20:35    1950720    ----a-w-    c:\windows\system32\wininet.dll
2015-05-22 18:03:09    571392    ----a-w-    c:\windows\system32\generaltel.dll
2015-05-22 18:02:54    621568    ----a-w-    c:\windows\system32\invagent.dll
2015-05-22 18:02:49    333824    ----a-w-    c:\windows\system32\devinv.dll
2015-05-22 18:02:46    879104    ----a-w-    c:\windows\system32\appraiser.dll
2015-05-22 18:02:45    37888    ----a-w-    c:\windows\system32\acmigration.dll
2015-05-22 18:02:45    202752    ----a-w-    c:\windows\system32\aepdu.dll
2015-05-22 17:58:27    901120    ----a-w-    c:\windows\system32\aeinv.dll
2015-05-21 13:20:34    163840    ----a-w-    c:\windows\system32\aepic.dll
2015-05-13 08:38:16    20    ----a-w-    c:\users\pc\appdata\roaming\appdataFr3.bin
2015-05-09 03:14:43    169984    ----a-w-    c:\windows\system32\winsrv.dll
2015-05-09 03:13:42    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2015-05-09 03:12:59    271360    ----a-w-    c:\windows\system32\conhost.exe
2015-05-09 01:59:25    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59:25    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-01 13:16:41    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:07:12    4096    ----a-w-    c:\windows\system32\msdxm.ocx
2015-04-29 18:07:12    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2015-04-29 18:07:07    8192    ----a-w-    c:\windows\system32\spwmp.dll
2015-04-29 18:05:19    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2015-04-24 17:56:58    530432    ----a-w-    c:\windows\system32\comctl32.dll
2015-04-20 02:56:29    909312    ----a-w-    c:\windows\system32\FntCache.dll
2015-04-20 02:56:29    1250816    ----a-w-    c:\windows\system32\DWrite.dll
2015-04-18 02:56:57    342016    ----a-w-    c:\windows\system32\certcli.dll
2015-04-13 03:19:24    259072    ----a-w-    c:\windows\system32\services.exe
2015-04-11 03:07:47    54656    ----a-w-    c:\windows\system32\drivers\stream.sys
2015-04-08 03:14:07    22528    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14:07    216064    ----a-w-    c:\windows\system32\InkEd.dll
2015-04-08 03:14:07    19968    ----a-w-    c:\windows\system32\jnwmon.dll
2015-04-02 22:22:32    31744    ----a-w-    c:\windows\system32\drivers\netfilter.sys
2015-03-25 03:00:57    92672    ----a-w-    c:\windows\system32\wudriver.dll
2015-03-25 03:00:57    3088384    ----a-w-    c:\windows\system32\wucltux.dll
2015-03-25 03:00:57    173056    ----a-w-    c:\windows\system32\wuwebv.dll
2015-03-25 03:00:27    50176    ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00:18    11776    ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00:15    33792    ----a-w-    c:\windows\system32\wuapp.exe
.
============= FINISH: 21:15:35.98 ===============
 



#5 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 03:36 PM

sorry, I did not save DDS  to desktop before running the software when I did the previous post for DDS log.

but the following DDS log file was generated after the DDS software was saved to desktop.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17840  BrowserJavaVersion: 11.40.2
Run by pc at 21:30:18 on 2015-06-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3509.2115 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
C:\Program Files\Advent\AIO\StatusMonitor\ADPrinterSDK.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Advent\AIO\StatusMonitor\ADStatusMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Glorious Trade\Glorious Trade.exe
C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k defragsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = www.google.com
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mDefault_Page_URL = www.google.com
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRun: [DHSClient.exe] "c:\program files\virgin media\digital home support\DHSClient.exe" /AUTORUN
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ADStatusMonitor] c:\program files\advent\aio\statusmonitor\ADStatusMonitor.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\download.lnk - c:\programdata\{90650103-724c-950a-9065-50103724040d}\Download.exe
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\setup.lnk - c:\programdata\{88b83a33-3e67-3d25-88b8-83a333e6e8cc}\setup.exe
StartupFolder: c:\users\pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\supero~1.lnk - c:\programdata\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{31A83A9E-8957-4694-ABC6-2C9D66EAE8AB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{31A83A9E-8957-4694-ABC6-2C9D66EAE8AB}\244575966696D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{31A83A9E-8957-4694-ABC6-2C9D66EAE8AB}\96E6475627E656470227F657475627 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\998870ls.default-1434804741317\
FF - prefs.js: browser.startup.homepage - ?type=hppp
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
FF - plugin: c:\users\pc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_188.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
.
FF - user.js: browser.startup.homepage - ?type=hppp
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-3-4 245096]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2014-4-5 20384]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2015-4-2 31744]
R2 Advent AiO Network Discovery Service;Advent AiO Network Discovery Service;c:\program files\advent\aio\center\ADAIOHostService.exe [2012-10-31 395200]
R2 ADVENT AIO Status Monitor Service;ADVENT AIO Status Monitor Service;c:\program files\advent\aio\statusmonitor\ADPrinterSDK.exe [2012-10-31 722336]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2015-3-16 244392]
R2 Glorious Trade;Glorious Trade;c:\program files\glorious trade\Glorious Trade.exe [2015-6-17 8015970]
R2 HsdService;HsdService;c:\program files\virgin media\digital home support\HsdService.exe [2013-7-17 1406264]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2013-7-17 10294584]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2014-4-5 167936]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2014-4-7 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2014-4-7 270336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-6-20 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-6-20 119512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 f86a8682;TampaSystem;c:\windows\system32\rundll32.exe [2009-7-14 44544]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-6-20 1080120]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-2-18 315488]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2014-4-5 1564160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-6-10 102912]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2014-4-5 954368]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-6-20 51928]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 95408]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2015-4-30 284504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-11 14848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-6-27 337512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-11 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-10-11 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-2 1343400]
.
=============== Created Last 30 ================
.
2015-06-20 19:22:55    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-20 19:14:24    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-06-20 19:14:24    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-06-20 19:14:23    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-06-20 19:14:23    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-06-20 13:55:55    9265072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{67168829-709c-4f02-b899-b7ea2ed3eea5}\mpengine.dll
2015-06-19 12:46:55    9265072    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2015-06-18 08:39:46    908832    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{11e7d075-6fde-47f1-8487-79ce7555804f}\gapaengine.dll
2015-06-17 09:40:58    --------    d-----w-    c:\program files\Glorious Trade
2015-06-11 08:51:02    --------    d-----w-    C:\c223d62e656d651be52579
2015-06-10 09:38:37    853504    ----a-w-    c:\windows\system32\diagtrack.dll
2015-06-06 17:55:46    --------    d-----w-    c:\program files\CyculoNNeCover
2015-06-01 14:48:02    --------    d-----w-    c:\users\pc\appdata\local\GWX
2015-05-30 00:39:23    --------    d-----w-    C:\3c7a43338e3b16ce37731c75b6
.
==================== Find3M  ====================
.
2015-06-20 19:53:48    24    ----a-w-    c:\users\pc\appdata\roaming\appdataFr25.bin
2015-06-09 20:11:23    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-06-09 20:11:23    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-25 18:07:34    3989440    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07:34    3934144    ----a-w-    c:\windows\system32\ntoskrnl.exe
2015-05-25 18:07:33    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-05-25 18:07:33    137664    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-05-25 18:04:08    1307648    ----a-w-    c:\windows\system32\ntdll.dll
2015-05-25 18:00:44    40448    ----a-w-    c:\windows\system32\typeperf.exe
2015-05-25 18:00:40    364544    ----a-w-    c:\windows\system32\tracerpt.exe
2015-05-25 18:00:29    69632    ----a-w-    c:\windows\system32\smss.exe
2015-05-25 18:00:26    262656    ----a-w-    c:\windows\system32\rstrui.exe
2015-05-25 18:00:25    37888    ----a-w-    c:\windows\system32\relog.exe
2015-05-25 18:00:17    82944    ----a-w-    c:\windows\system32\logman.exe
2015-05-25 18:00:17    22528    ----a-w-    c:\windows\system32\lsass.exe
2015-05-25 18:00:09    17408    ----a-w-    c:\windows\system32\diskperf.exe
2015-05-25 18:00:04    50176    ----a-w-    c:\windows\system32\auditpol.exe
2015-05-25 17:57:31    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-05-25 17:57:15    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-05-25 17:55:18    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2015-05-25 17:55:17    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-05-25 17:00:20    2384384    ----a-w-    c:\windows\system32\win32k.sys
2015-05-25 16:53:50    36864    ----a-w-    c:\windows\system32\UtcResources.dll
2015-05-23 03:28:17    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-05-23 03:28:04    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-05-23 03:15:54    503808    ----a-w-    c:\windows\system32\vbscript.dll
2015-05-23 03:15:40    62464    ----a-w-    c:\windows\system32\iesetup.dll
2015-05-23 03:15:02    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-05-23 03:14:51    341504    ----a-w-    c:\windows\system32\html.iec
2015-05-23 03:13:48    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-05-23 03:05:21    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-05-23 03:05:18    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-05-23 03:04:50    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-05-23 03:00:14    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-05-23 02:52:43    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31    4305920    ----a-w-    c:\windows\system32\jscript9.dll
2015-05-23 02:37:45    2052608    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-05-23 02:37:25    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-05-23 02:20:35    1950720    ----a-w-    c:\windows\system32\wininet.dll
2015-05-22 18:03:09    571392    ----a-w-    c:\windows\system32\generaltel.dll
2015-05-22 18:02:54    621568    ----a-w-    c:\windows\system32\invagent.dll
2015-05-22 18:02:49    333824    ----a-w-    c:\windows\system32\devinv.dll
2015-05-22 18:02:46    879104    ----a-w-    c:\windows\system32\appraiser.dll
2015-05-22 18:02:45    37888    ----a-w-    c:\windows\system32\acmigration.dll
2015-05-22 18:02:45    202752    ----a-w-    c:\windows\system32\aepdu.dll
2015-05-22 17:58:27    901120    ----a-w-    c:\windows\system32\aeinv.dll
2015-05-21 13:20:34    163840    ----a-w-    c:\windows\system32\aepic.dll
2015-05-13 08:38:16    20    ----a-w-    c:\users\pc\appdata\roaming\appdataFr3.bin
2015-05-09 03:14:43    169984    ----a-w-    c:\windows\system32\winsrv.dll
2015-05-09 03:13:42    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2015-05-09 03:12:59    271360    ----a-w-    c:\windows\system32\conhost.exe
2015-05-09 01:59:25    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59:25    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59:25    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59:25    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-01 13:16:41    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:07:12    4096    ----a-w-    c:\windows\system32\msdxm.ocx
2015-04-29 18:07:12    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2015-04-29 18:07:07    8192    ----a-w-    c:\windows\system32\spwmp.dll
2015-04-29 18:05:19    12625408    ----a-w-    c:\windows\system32\wmploc.DLL
2015-04-24 17:56:58    530432    ----a-w-    c:\windows\system32\comctl32.dll
2015-04-20 02:56:29    909312    ----a-w-    c:\windows\system32\FntCache.dll
2015-04-20 02:56:29    1250816    ----a-w-    c:\windows\system32\DWrite.dll
2015-04-18 02:56:57    342016    ----a-w-    c:\windows\system32\certcli.dll
2015-04-13 03:19:24    259072    ----a-w-    c:\windows\system32\services.exe
2015-04-11 03:07:47    54656    ----a-w-    c:\windows\system32\drivers\stream.sys
2015-04-08 03:14:07    22528    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14:07    216064    ----a-w-    c:\windows\system32\InkEd.dll
2015-04-08 03:14:07    19968    ----a-w-    c:\windows\system32\jnwmon.dll
2015-04-02 22:22:32    31744    ----a-w-    c:\windows\system32\drivers\netfilter.sys
2015-03-25 03:00:57    92672    ----a-w-    c:\windows\system32\wudriver.dll
2015-03-25 03:00:57    3088384    ----a-w-    c:\windows\system32\wucltux.dll
2015-03-25 03:00:57    173056    ----a-w-    c:\windows\system32\wuwebv.dll
2015-03-25 03:00:27    50176    ----a-w-    c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00:18    11776    ----a-w-    c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00:15    33792    ----a-w-    c:\windows\system32\wuapp.exe
.
============= FINISH: 21:30:27.72 ===============
 



#6 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 03:38 PM

 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!)
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 40  
 Java version 32-bit out of Date!
  Adobe Flash Player     17.0.0.188 Flash Player out of Date!  
 Mozilla Firefox (38.0.5)
 Google Chrome (43.0.2357.124)
 Google Chrome (43.0.2357.81)
 Google Chrome (GoogleUpdateHelper.dll..)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#7 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 04:40 PM

Computer protection (1)

Information about anti-virus software and firewalls installed on the computer.

Anti-virus is disabled.

Malware (33)

Information about malware detected on the computer.

  1. UDS:DangerousObject.Multi.Generic
    policyname[1].exe  
    C:\Documents and Settings\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\570KWSZE
  2. UDS:DangerousObject.Multi.Generic
    cmmdWriter[1].exe  
    C:\Documents and Settings\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BG50BK9E
  3. UDS:DangerousObject.Multi.Generic
    JOSrv[1].exe  
    C:\Documents and Settings\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC55Z9A2
  4. UDS:DangerousObject.Multi.Generic
    setup_362[1].exe  
    C:\Documents and Settings\pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF5IWD89
  5. UDS:DangerousObject.Multi.Generic
    nsb6F20.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  6. UDS:DangerousObject.Multi.Generic
    nsb717A.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  7. UDS:DangerousObject.Multi.Generic
    nscE65.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  8. UDS:DangerousObject.Multi.Generic
    nscBA16.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  9. UDS:DangerousObject.Multi.Generic
    nsd851A.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  10. UDS:DangerousObject.Multi.Generic
    nsdE7E2.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  11. UDS:DangerousObject.Multi.Generic
    nsr5A62.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  12. UDS:DangerousObject.Multi.Generic
    nsg183B.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  13. UDS:DangerousObject.Multi.Generic
    nsh6A61.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  14. UDS:DangerousObject.Multi.Generic
    nsg698C.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  15. UDS:DangerousObject.Multi.Generic
    nsrB1A.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  16. UDS:DangerousObject.Multi.Generic
    nsh8975.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  17. UDS:DangerousObject.Multi.Generic
    nsuEC6F.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  18. UDS:DangerousObject.Multi.Generic
    nsw8B8.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  19. UDS:DangerousObject.Multi.Generic
    nsh20F3.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  20. UDS:DangerousObject.Multi.Generic
    nswCE49.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  21. UDS:DangerousObject.Multi.Generic
    nssB17E.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  22. UDS:DangerousObject.Multi.Generic
    nsi3739.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  23. UDS:DangerousObject.Multi.Generic
    nsx4962.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  24. UDS:DangerousObject.Multi.Generic
    nsiEF1A.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  25. UDS:DangerousObject.Multi.Generic
    nsl31E9.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  26. UDS:DangerousObject.Multi.Generic
    nsm3FB1.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  27. UDS:DangerousObject.Multi.Generic
    nsx49D.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  28. UDS:DangerousObject.Multi.Generic
    nsmA28F.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  29. UDS:DangerousObject.Multi.Generic
    nsmF0DE.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  30. UDS:DangerousObject.Multi.Generic
    nsx4C17.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  31. UDS:DangerousObject.Multi.Generic
    nsmCDD4.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  32. UDS:DangerousObject.Multi.Generic
    nso9B5A.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp
  33. UDS:DangerousObject.Multi.Generic
    nsr3943.tmp  
    C:\Documents and Settings\pc\AppData\Local\Temp

Vulnerabilities (0)

Information about applications and operating system components in which vulnerabilities have been detected.

Other issues (10)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

  1. "Autorun from hard drives is allowed"
  2. "Autorun from network drives is enabled"
  3. "CD/DVD autorun is enabled"
  4. "Removable media autorun is enabled"
  5. "Microsoft Internet Explorer: clear history of typed URLs"
  6. "Microsoft Internet Explorer - disable caching data received via protected channel"
  7. "Microsoft Internet Explorer: disable sending error reports"
  8. "Microsoft Internet Explorer: delete cookies"
  9. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
  10. "Microsoft Internet Explorer: start page reset"


#8 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 04:54 PM

BitDefender online virus scan said my pc is clean



#9 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 04:56 PM

F-Secure online virus scan could not run on my PC



#10 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 05:02 PM

after moving the F-Secure online virus scan .exe file to desktop I managed to run it and the result was "no harmful items were found"



#11 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 20 June 2015 - 05:37 PM

panda cloud cleaner- v1.0.107 log file

 

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\6C4JY2L3.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\YEO7U9VW.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\CEBQ964C.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\WLDV0FK8.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\34854ZJC.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NZYHUK88.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SU763DK1.TXT to be deleted.

Unknown. FILE: C:\PROGRAM FILES\GLORIOUS TRADE\GLORIOUS TRADE.EXE to be deleted.

Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\Glorious Trade. Key to be deleted.

. FILE: C:\PROGRAM FILES\SYSTWEAK SUPPORT DOCK\SYSTWEAKDOCK.EXE to be deleted.

. FILE: C:\Users\Public\Desktop\Systweak Support Dock.lnk to be deleted.

. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Support Dock\Systweak Support Dock.lnk to be deleted.

. FILE: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Systweak Support Dock.lnk to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\L6LX1B33.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\UZL53L6B.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\DOMC6HNM.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\EFQ88JC8.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\N30I0SLG.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\PGNMDVHE.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\OIH20PQV.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\T3S0X48T.TXT to be deleted.

. FILE: C:\PROGRAM FILES\SYSTWEAK SUPPORT DOCK\UNINS000.EXE to be deleted.

. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Support Dock\Uninstall Systweak Support Dock.lnk to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\59D8QBQT.TXT to be deleted.

Malware. FILE: C:\USERS\PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PJ33HLTD.TXT to be deleted.

Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SUPERHIDDEN] to be changed to: 0

. REGKEY: HKLM\SOFTWARE\V9SOFTWARE. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\TARMA INSTALLER. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\SYSTWEAK. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\SUPDP. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\SEARCHPROTECT. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\GLOBALUPDATE. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\DESKSVC. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\CLARA. Key to be deleted.

. REGKEY: HKLM\SOFTWARE\CONDUIT. Key to be deleted.

. REGKEY: HKCU\SOFTWARE\WTOOLS. Key to be deleted.

. REGKEY: HKCU\SOFTWARE\SYSTWEAK. Key to be deleted.

. REGKEY: HKCU\SOFTWARE\LINKEY. Key to be deleted.

. REGKEY: HKCU\SOFTWARE\GLOBALUPDATE. Key to be deleted.

. REGKEY: HKCU\SOFTWARE\SMARTBAR. Key to be deleted.

. REGKEY: HKCU\SOFTWARE\APN PIP. Key to be deleted.

. FILE: C:\WINDOWS\SYSTEM32\ROBOOT.EXE to be deleted.

. FOLDER: C:\PROGRAM FILES\ADVANCED SYSTEM PROTECTOR to be deleted.

. FOLDER: C:\PROGRAM FILES\COMMON FILES\337 to be deleted.

. FOLDER: C:\PROGRAM FILES\GLOBALUPDATE to be deleted.

. FOLDER: C:\PROGRAM FILES\OPTIMIZER PRO to be deleted.

. FOLDER: C:\PROGRAM FILES\SYSTEM SPEEDUP to be deleted.

. FOLDER: C:\PROGRAMDATA\BABYLON to be deleted.

. FILE: C:\PROGRAMDATA\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\SETUP.DAT to be deleted.

Malware. FILE: C:\PROGRAMDATA\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\SETUP.EXE to be deleted.

. FILE: C:\PROGRAMDATA\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\SETUP.ICO to be deleted.

. FILE: C:\PROGRAMDATA\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\_SETUPX.DLL to be deleted.

. FOLDER: C:\PROGRAMDATA\TARMA INSTALLER to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\LOCALLOW\CONDUIT to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\LOCALLOW\DELTA to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\LOCALLOW\MIXIDJ to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\LOCAL\GLOBALUPDATE to be deleted.

. FILE: C:\USERS\PC\APPDATA\LOCAL\SWVUPDATER\STATUS.CFG to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\LOCAL\SWVUPDATER to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\ROAMING\BABSOLUTION to be deleted.

. FILE: C:\USERS\PC\APPDATA\ROAMING\BABYLON\LOG_FILE.TXT to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\ROAMING\BABYLON to be deleted.

. FILE: C:\USERS\PC\APPDATA\ROAMING\SYSTWEAK\SYSTWEAK SUPPORT DOCK\RCPUPDATE.INI to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\ROAMING\SYSTWEAK to be deleted.

. FOLDER: C:\USERS\PC\APPDATA\ROAMING\WTOOLS to be deleted.



#12 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,812 posts

Posted 21 June 2015 - 08:04 PM

Hello jim2009. Welcome back.

MBAM has quarantined all the threats it found. To permanently delete them:

  • Open MBAM
  • Click History
  • Click Delete All
  • Close MBAM.

Please download TFC.exe - Temp File Cleaner by OldTimer:

  • Save it to your Desktop.
  • Close any open windows, save your work,
  • Double click the TFC icon to run the program,
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish it's job,
  • Once it's finished, click OK to reboot.

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach it to your reply.

Please post:

AdwCleaner log

FRST log

 

How's the computer running now?

 

 

Rocket Grannie

 


a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#13 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 22 June 2015 - 03:51 AM

Thank you Rocket Grannie for helping me.

 

# AdwCleaner v4.207 - Logfile created 22/06/2015 at 09:45:53
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : pc - SAMSUNG
# Running from : C:\Users\pc\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : netfilter
[#] Service Deleted : f86a8682

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\The AdBlocker
Folder Deleted : C:\ProgramData\2840744125374448067
Folder Deleted : C:\ProgramData\6390682400003e06
Folder Deleted : C:\ProgramData\83639c1800000318
Folder Deleted : C:\ProgramData\b382dd200000439a
Folder Deleted : C:\ProgramData\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}
Folder Deleted : C:\ProgramData\{88b83a33-3e67-3d25-88b8-83a333e6e8cc}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Support Dock
Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\JustCloud
Folder Deleted : C:\Program Files\Omiga Plus
Folder Deleted : C:\Program Files\System Speedup
Folder Deleted : C:\Program Files\Systweak Support Dock
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Program Files\Vaudix
Folder Deleted : C:\Program Files\WinZipper
Folder Deleted : C:\Program Files\AlllaSaver
Folder Deleted : C:\Program Files\DiugiCoupoon
Folder Deleted : C:\Program Files\ExSStraCooupon
Folder Deleted : C:\Program Files\ExstraCoouapon
Folder Deleted : C:\Program Files\NewSaverr
Folder Deleted : C:\Program Files\NNetoCoupona
Folder Deleted : C:\Program Files\RegUlaarDeealls
Folder Deleted : C:\Program Files\ShopDreop
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\Common Files\337
Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Local\SwiftMediaConverter
Folder Deleted : C:\Users\pc\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\pc\AppData\Local\globalUpdate
Folder Deleted : C:\Users\pc\AppData\Local\Slick Savings
Folder Deleted : C:\Users\pc\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\pc\AppData\Local\TVWizard
Folder Deleted : C:\Users\pc\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\pc\AppData\LocalLow\Delta
Folder Deleted : C:\Users\pc\AppData\LocalLow\mixidj
Folder Deleted : C:\Users\pc\AppData\Roaming\337 Wallpaper
Folder Deleted : C:\Users\pc\AppData\Roaming\337
Folder Deleted : C:\Users\pc\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\pc\AppData\Roaming\Babylon
Folder Deleted : C:\Users\pc\AppData\Roaming\Omiga Plus
Folder Deleted : C:\Users\pc\AppData\Roaming\Store
Folder Deleted : C:\Users\pc\AppData\Roaming\Systweak
Folder Deleted : C:\Users\pc\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\pc\AppData\Roaming\SuperEasy Software
Folder Deleted : C:\Users\pc\AppData\Roaming\WTools
File Deleted : C:\END
File Deleted : C:\Program Files\prefs.js
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Users\pc\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\998870ls.default-1434804741317\user.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****

Task Deleted : Desk 365 RunAsStdUser
Task Deleted : LaunchApp
Task Deleted : LaunchSignup
Task Deleted : Omiga Plus RunAsStdUser
Task Deleted : PostPoneInstall
Task Deleted : Run_Bobby_Browser
Task Deleted : SuperEasyDriverUpdater_UPDATES
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : SuperEasyDriverUpdaterRunAtStartup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SOFTWARE\Classes\SDP
Key Deleted : HKLM\SOFTWARE\9538ddee268e413
Key Deleted : HKLM\SOFTWARE\b0f88ad9-0920-31c9-4bc6-0811cbd3d7ea
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{046B74D1-7337-45AC-B266-A6625FBDDA47}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{598DCD74-3F5B-4E16-8749-057F426F232A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{803C743C-7D37-4334-8BB0-B7716237AED6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Store
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\SuperEasy Software
Key Deleted : HKCU\Software\WTools
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Corez
Key Deleted : HKCU\Software\SwiftMediaConverterApp
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\omigaplusSvc
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\SuperEasy Software
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKU\.DEFAULT\Software\IM
Key Deleted : HKU\.DEFAULT\Software\ImInstaller
Key Deleted : HKU\.DEFAULT\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266DBE1C-B640-46ee-9A6D-86F0A1E483B9}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{681002C6-5019-81A2-7871-A43754F71E56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getwebcake.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.v9.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-GB)

-\\ Google Chrome v43.0.2357.124

[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [14050 bytes] - [22/06/2015 09:43:37]
AdwCleaner[S0].txt - [14342 bytes] - [22/06/2015 09:45:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14402  bytes] ##########



#14 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 22 June 2015 - 04:29 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by pc (administrator) on SAMSUNG on 22-06-2015 10:23:21
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advent) C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe
(DSGi) C:\Program Files\Advent\AIO\StatusMonitor\ADPrinterSDK.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\Program Files\Glorious Trade\Glorious Trade.exe
(Virgin Media) C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Virgin Media) C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
(Radialpoint SafeCare Inc.) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Virgin Media) C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(DSGi) C:\Program Files\Advent\AIO\StatusMonitor\ADStatusMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(NETGEAR) C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
() C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [ServiceManager.exe] => C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe [10208568 2012-03-07] (Virgin Media)
HKLM\...\Run: [DHSClient.exe] => C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe [2032952 2011-03-23] (Virgin Media)
HKLM\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Run: [ADStatusMonitor] => C:\Program Files\Advent\AiO\StatusMonitor\ADStatusMonitor.exe [2790816 2012-10-31] (DSGi)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKU\S-1-5-21-799363693-3917888606-2371878282-1000\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-799363693-3917888606-2371878282-1000\...\MountPoints2: E - E:\LaunchU3.exe
HKU\S-1-5-21-799363693-3917888606-2371878282-1000\...\MountPoints2: {7998d578-2135-11e4-acbd-beacac41b620} - E:\LaunchU3.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk [2014-04-05]
ShortcutTarget: NETGEAR WNDA3200 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk [2015-02-15]
ShortcutTarget: Download.lnk -> C:\ProgramData\{90650103-724c-950a-9065-50103724040d}\Download.exe (No File)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup.lnk [2015-03-02]
ShortcutTarget: setup.lnk -> C:\ProgramData\{88b83a33-3e67-3d25-88b8-83a333e6e8cc}\setup.exe (No File)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\superoptimizersetup.lnk [2015-03-02]
ShortcutTarget: superoptimizersetup.lnk -> C:\ProgramData\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-799363693-3917888606-2371878282-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-799363693-3917888606-2371878282-1000 -> No Name - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\TmIEPlg.dll No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\998870ls.default-1434804741317
FF Homepage: ?type=hppp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Virgin Media\Service Manager\nprpspa.dll [2012-03-07] (Virgin Media)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-799363693-3917888606-2371878282-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-21] (Unity Technologies ApS)
FF Extension: Youtube Downloader - 4K Download - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\998870ls.default-1434804741317\Extensions\paulsaintuzb@gmail.com [2015-06-21]
FF Extension: Bitdefender QuickScan - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\998870ls.default-1434804741317\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-06-20]
FF Extension: Adblock Plus - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\998870ls.default-1434804741317\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-21]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1091\firefoxextension
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-04-20] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-19]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-19]
CHR Extension: (Google Search) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-04]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Advent AiO Network Discovery Service; C:\Program Files\Advent\AIO\Center\ADAIOHostService.exe [395200 2012-10-31] (Advent)
R2 ADVENT AIO Status Monitor Service; C:\Program Files\Advent\AIO\StatusMonitor\ADPrinterSDK.exe [722336 2012-10-31] (DSGi)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-06-02] (Foxit Software Inc.)
R2 Glorious Trade; C:\Program Files\Glorious Trade\Glorious Trade.exe [8015970 2015-06-17] () [File not signed] <==== ATTENTION
R2 HsdService; C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe [1406264 2011-03-23] (Virgin Media)
S3 jswpsapi; C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.) [File not signed]
R2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 ServicepointService; C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe [10294584 2012-03-07] (Radialpoint SafeCare Inc.)
R2 WDCS_WNDA3200; C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1564160 2010-10-11] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2013-03-18] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 10:23 - 2015-06-22 10:23 - 00014600 _____ C:\Users\pc\Desktop\FRST.txt
2015-06-22 10:21 - 2015-06-22 10:23 - 00000000 ____D C:\FRST
2015-06-22 10:19 - 2015-06-22 10:19 - 01148928 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2015-06-22 09:43 - 2015-06-22 09:46 - 00000000 ____D C:\AdwCleaner
2015-06-22 09:42 - 2015-06-22 09:42 - 02244096 _____ C:\Users\pc\Desktop\adwcleaner_4.207.exe
2015-06-22 09:25 - 2015-06-22 09:25 - 00448512 _____ (OldTimer Tools) C:\Users\pc\Desktop\TFC.exe
2015-06-21 13:54 - 2015-06-21 13:54 - 17794498 _____ C:\Users\pc\Desktop\Michael Shermer on Spoonbending (Low).mp4
2015-06-21 13:43 - 2015-06-21 13:43 - 11990421 _____ C:\Users\pc\Desktop\How to Bend a Spoon with Your Mind (Low).mp4
2015-06-20 23:09 - 2015-06-20 23:09 - 00001240 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-06-20 23:08 - 2015-06-20 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-06-20 23:08 - 2015-06-20 23:08 - 33065176 _____ (Panda Security ) C:\Users\pc\Desktop\PandaCloudCleaner.exe
2015-06-20 23:08 - 2015-06-20 23:08 - 00000000 ____D C:\Program Files\Panda Security
2015-06-20 22:48 - 2015-06-20 22:48 - 00572456 _____ (F-Secure Corporation) C:\Users\pc\Desktop\F-SecureOnlineScanner.exe
2015-06-20 22:46 - 2015-06-21 16:31 - 00000000 ____D C:\Users\pc\AppData\Roaming\QuickScan
2015-06-20 21:45 - 2015-06-20 21:45 - 00001047 _____ C:\Users\pc\Desktop\Kaspersky Security Scan.lnk
2015-06-20 21:45 - 2015-06-20 21:45 - 00000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-06-20 21:44 - 2015-06-20 21:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-20 21:44 - 2015-06-20 21:44 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-06-20 21:41 - 2015-06-20 21:41 - 00364640 _____ (Kaspersky Lab) C:\Users\pc\Downloads\kss12.0.1.808_6398_6399.exe
2015-06-20 21:28 - 2015-06-20 21:28 - 00688992 ____R (Swearware) C:\Users\pc\Desktop\dds.com
2015-06-20 21:19 - 2015-06-20 21:19 - 00852662 _____ C:\Users\pc\Desktop\SecurityCheck.exe
2015-06-20 21:15 - 2015-06-20 21:30 - 00018615 _____ C:\Users\pc\Desktop\dds.txt
2015-06-20 21:15 - 2015-06-20 21:30 - 00007676 _____ C:\Users\pc\Desktop\attach.txt
2015-06-20 21:13 - 2015-06-20 21:13 - 00688992 ____R (Swearware) C:\Users\pc\Downloads\dds.scr
2015-06-20 20:22 - 2015-06-22 09:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-20 20:14 - 2015-06-20 20:14 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-20 20:14 - 2015-06-20 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-20 20:14 - 2015-06-20 20:14 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-20 20:14 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-20 20:14 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-20 20:14 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-20 20:12 - 2015-06-20 20:13 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\pc\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-19 17:04 - 2015-06-19 17:04 - 00143872 ____H C:\Users\pc\Downloads\~WRL0001.tmp
2015-06-17 22:16 - 2015-06-17 22:16 - 00006347 _____ C:\Users\pc\AppData\Local\recently-used.xbel
2015-06-17 10:40 - 2015-06-17 10:41 - 00000000 ____D C:\Program Files\Glorious Trade
2015-06-11 09:51 - 2015-06-11 09:51 - 00000000 ____D C:\c223d62e656d651be52579
2015-06-10 10:41 - 2015-06-02 20:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 10:41 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 10:41 - 2015-05-25 18:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 10:41 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 10:41 - 2015-05-23 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 10:41 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 10:41 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 10:41 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 10:41 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 10:41 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 10:41 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 10:41 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 10:41 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 10:41 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 10:41 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 10:41 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 10:41 - 2015-05-23 04:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 10:41 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 10:41 - 2015-05-23 04:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 10:41 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 10:41 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 10:41 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 10:41 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 10:41 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 10:41 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 10:41 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 10:41 - 2015-05-23 03:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 10:41 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 10:41 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 10:41 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 10:41 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 10:41 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 10:41 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 10:41 - 2015-05-22 19:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 10:41 - 2015-05-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 10:41 - 2015-05-22 19:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 10:41 - 2015-05-22 19:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 10:41 - 2015-05-22 19:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 10:41 - 2015-05-22 19:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 10:41 - 2015-05-22 18:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 10:41 - 2015-05-21 14:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 10:41 - 2015-04-11 04:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 10:38 - 2015-05-25 19:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 10:38 - 2015-05-25 19:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 10:38 - 2015-05-25 19:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 10:38 - 2015-05-25 19:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 10:38 - 2015-05-25 19:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 10:38 - 2015-05-25 19:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 10:38 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 10:38 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 10:38 - 2015-05-25 18:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 10:38 - 2015-05-25 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 10:38 - 2015-05-25 18:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 10:38 - 2015-05-25 18:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 10:38 - 2015-05-25 17:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 10:37 - 2015-05-09 04:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 10:37 - 2015-05-09 04:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:37 - 2015-05-09 04:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 10:37 - 2015-05-09 04:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 10:37 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:37 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 10:37 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 10:37 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 10:37 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 10:37 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:37 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-06 18:55 - 2015-06-20 20:53 - 00000000 ____D C:\Program Files\CyculoNNeCover
2015-06-06 16:23 - 2015-06-06 16:23 - 30703526 _____ C:\Users\pc\Desktop\dance.mp4
2015-06-02 09:39 - 2015-06-02 09:39 - 00000000 _____ C:\Users\pc\AppData\Local\Temp.dat
2015-06-01 15:48 - 2015-06-01 15:48 - 00000000 ____D C:\Users\pc\AppData\Local\GWX
2015-05-30 01:39 - 2015-05-30 01:39 - 00000000 ____D C:\3c7a43338e3b16ce37731c75b6

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 10:14 - 2013-07-19 18:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-22 10:11 - 2013-07-02 01:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-22 10:11 - 2013-06-20 16:20 - 02070685 _____ C:\Windows\WindowsUpdate.log
2015-06-22 10:03 - 2013-07-17 09:31 - 00000000 ____D C:\ProgramData\Radialpoint
2015-06-22 09:56 - 2009-07-14 05:34 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-22 09:56 - 2009-07-14 05:34 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-22 09:48 - 2013-08-08 19:30 - 00000000 ____D C:\ProgramData\Advent
2015-06-22 09:48 - 2013-07-19 18:08 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 09:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-22 09:48 - 2009-07-14 05:39 - 00098904 _____ C:\Windows\setupact.log
2015-06-22 00:00 - 2013-07-17 09:31 - 00000000 ____D C:\Users\pc\AppData\Roaming\Radialpoint
2015-06-21 23:34 - 2013-07-02 00:51 - 00000000 ____D C:\Users\pc\AppData\Roaming\Skype
2015-06-21 13:57 - 2013-07-06 22:13 - 00000000 ____D C:\Users\pc\AppData\Roaming\vlc
2015-06-20 22:48 - 2014-10-31 09:29 - 00000000 ____D C:\Users\pc\AppData\Local\F-Secure
2015-06-20 21:50 - 2014-09-28 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-20 21:50 - 2014-03-06 01:11 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-20 21:50 - 2013-07-02 00:51 - 00000000 ____D C:\ProgramData\Skype
2015-06-20 20:58 - 2010-11-20 22:48 - 01089764 _____ C:\Windows\PFRO.log
2015-06-20 20:55 - 2015-02-15 10:55 - 00000000 ____D C:\Program Files\TampaSystem
2015-06-20 20:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\IME
2015-06-20 20:53 - 2015-05-18 18:28 - 00000024 _____ C:\Users\pc\AppData\Roaming\appdataFr25.bin
2015-06-20 20:53 - 2015-04-20 22:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-20 13:52 - 2015-05-20 08:50 - 00000000 ____D C:\Users\pc\Desktop\Old Firefox Data
2015-06-19 13:06 - 2015-05-15 16:25 - 00000112 _____ C:\ProgramData\5eH5v0.dat
2015-06-19 13:06 - 2015-03-02 09:44 - 00000000 ___HD C:\Users\Public\Temp
2015-06-17 22:25 - 2013-08-16 20:18 - 00000000 ____D C:\Users\pc\.gimp-2.8
2015-06-17 22:01 - 2013-08-16 20:21 - 00000000 ____D C:\Users\pc\AppData\Local\gtk-2.0
2015-06-17 21:46 - 2014-11-27 23:23 - 00000000 __SHD C:\Users\pc\AppData\Local\EmieBrowserModeList
2015-06-17 21:46 - 2014-04-19 15:51 - 00000000 __SHD C:\Users\pc\AppData\Local\EmieUserList
2015-06-17 21:46 - 2014-04-19 15:51 - 00000000 __SHD C:\Users\pc\AppData\Local\EmieSiteList
2015-06-17 21:27 - 2010-11-20 22:01 - 00798278 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-15 21:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2015-06-12 14:19 - 2009-07-14 05:33 - 03836984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 14:17 - 2014-12-11 04:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-12 14:17 - 2014-05-08 15:55 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-12 14:01 - 2013-07-01 11:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 09:51 - 2013-08-07 14:45 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 09:51 - 2013-07-06 23:19 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 21:11 - 2013-07-02 01:27 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-09 21:11 - 2013-07-02 01:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-24 17:12 - 2014-05-02 18:33 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-24 17:07 - 2013-06-20 16:22 - 00000000 ____D C:\Users\pc

==================== Files in the root of some directories =======

2015-05-18 18:28 - 2015-06-20 20:53 - 0000024 _____ () C:\Users\pc\AppData\Roaming\appdataFr25.bin
2015-03-02 09:49 - 2015-05-13 09:38 - 0000020 _____ () C:\Users\pc\AppData\Roaming\appdataFr3.bin
2014-03-29 20:48 - 2014-05-29 14:12 - 0000096 _____ () C:\Users\pc\AppData\Roaming\Camdata.ini
2014-03-29 20:48 - 2014-05-29 14:12 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamLayout.ini
2014-03-29 20:48 - 2014-05-29 14:12 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamShapes.ini
2014-03-29 20:40 - 2014-05-29 14:12 - 0004535 _____ () C:\Users\pc\AppData\Roaming\CamStudio.cfg
2014-05-05 22:22 - 2014-05-09 10:30 - 0000098 _____ () C:\Users\pc\AppData\Roaming\CamStudio.Producer.command
2014-05-05 22:27 - 2014-05-09 11:59 - 0000000 _____ () C:\Users\pc\AppData\Roaming\CamStudio.Producer.Data.ini
2014-05-05 22:27 - 2014-05-09 11:59 - 0001207 _____ () C:\Users\pc\AppData\Roaming\CamStudio.Producer.ini
2014-03-29 20:34 - 2014-05-28 16:05 - 0000096 _____ () C:\Users\pc\AppData\Roaming\version2.xml
2015-06-17 22:16 - 2015-06-17 22:16 - 0006347 _____ () C:\Users\pc\AppData\Local\recently-used.xbel
2015-04-23 16:10 - 2015-04-23 16:10 - 0004676 _____ () C:\Users\pc\AppData\Local\Temp-log.txt
2015-06-02 09:39 - 2015-06-02 09:39 - 0000000 _____ () C:\Users\pc\AppData\Local\Temp.dat
2015-05-15 16:25 - 2015-06-19 13:06 - 0000112 _____ () C:\ProgramData\5eH5v0.dat

Files to move or delete:
====================
C:\ProgramData\5eH5v0.dat

Some files in TEMP:
====================
C:\Users\pc\AppData\Local\Temp\Quarantine.exe
C:\Users\pc\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-15 21:27

==================== End of log ============================



#15 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 22 June 2015 - 04:33 AM

The addition file is attached to this.

Attached Files



#16 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 22 June 2015 - 04:39 AM

My pc is still slower than before.



#17 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,812 posts

Posted 22 June 2015 - 08:06 PM

Hello jim2009

If necessary, I'll give you some steps to improve the computer's speed after it is clean.

First of all you need to create a Restore point. Give it a name that you will understand. Something like---before running tools.
For information on how to create a Restore point please go here: How to create Restore Point.

Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy.
Paste this into the open Notepad.

start

ShortcutTarget: superoptimizersetup.lnk -> C:\ProgramData\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-799363693-3917888606-2371878282-1000 -> No Name - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-04-20] <==== ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 Glorious Trade; C:\Program Files\Glorious Trade\Glorious Trade.exe [8015970 2015-06-17] () [File not signed] <==== ATTENTION
C:\Program Files\Glorious Trade\Glorious Trade.exe

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your Desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Scan Archives and Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please post:
FRST log
ESet log

Any further problems?


Rocket Grannie
 
a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#18 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 23 June 2015 - 04:46 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by pc at 2015-06-23 10:44:54 Run:1
Running from C:\Users\pc\Desktop
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

ShortcutTarget: superoptimizersetup.lnk -> C:\ProgramData\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-799363693-3917888606-2371878282-1000 -> No Name - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-04-20] <==== ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 Glorious Trade; C:\Program Files\Glorious Trade\Glorious Trade.exe [8015970 2015-06-17] () [File not signed] <==== ATTENTION
C:\Program Files\Glorious Trade\Glorious Trade.exe

end
*****************

C:\ProgramData\{3000ee0b-9d01-dede-3000-0ee0b9d0b82e}\superoptimizersetup.exe not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-799363693-3917888606-2371878282-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} => value removed successfully.
HKCR\CLSID\{4D46ED77-1429-4CF6-8F63-C84B5D710BAF} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
C:\Program Files\mozilla firefox\firefox.cfg => moved successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Glorious Trade => Service stopped successfully.
Glorious Trade => Service removed successfully.
C:\Program Files\Glorious Trade\Glorious Trade.exe => moved successfully.

==== End of Fixlog 10:44:55 ====



#19 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 23 June 2015 - 08:33 AM

C:\AdwCleaner\Quarantine\C\Program Files\Systweak Support Dock\amazoninstallerstub.exe.vir Win32/Systweak.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Systweak Support Dock\setups\adrsetupfromdock.exe.vir a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir MSIL/DomaIQ.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\pc\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe.vir a variant of Win32/ELEX.BF potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\netfilter.sys.vir a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/Somoto.N potentially unwanted application deleted - quarantined
C:\Users\pc\Desktop\Old Firefox Data\a9300rn5.default\extensions\fftoolbar2014@etech.com\chrome\content\toolbar.js Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\Users\pc\Desktop\Old Firefox Data\vvfnkxvj.default-1432108227586\extensions\fftoolbar2014@etech.com\chrome\content\toolbar.js Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSI4DF1.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\Windows\Installer\MSIE006.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting - quarantined
C:\Windows\Installer\MSI64A2.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSI64A2.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSI64A2.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSICDEA.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSICDEA.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\MSICDEA.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted application cleaned by deleting - quarantined



#20 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,812 posts

Posted 23 June 2015 - 07:38 PM

Hello jim2009.

Now some updates.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.


Download and save to your Desktop the latest version of the Java Runtime Environment (JRE) from
 here.


It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel and open Programs and features.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).  
They will have this icon next to them:  javaicon.gif
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

Adobe Flash is out of date. Please go here and upgrade to the latest version.

Open AdwCleaner and click "Uninstall"
Please delete all the tools' folders from the Desktop.

System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

To reset System Restore Points:

  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.    
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows 7 can be found here.

How's the computer running now?


Rocket Grannie
 


a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#21 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 24 June 2015 - 09:28 AM

other than the tools on desktop there are some softwares installed on control panel (mbam and eset for example). can i uninstall them now?



#22 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,812 posts

Posted 24 June 2015 - 05:55 PM

Hello

 

other than the tools on desktop there are some softwares installed on control panel (mbam and eset for example). can i uninstall them now?

 

Yes.

 

Are there any further problems?

 

 

Rocket Grannie


a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#23 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 25 June 2015 - 07:56 AM

I could not follow

"Go to Start > All Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore."

 

so I did the following :

 

To create a restore point

    Open System by clicking the Start button , right-clicking Computer, and then clicking Properties.
    In the left pane, click System protection. ...
    Click the System Protection tab, and then click Create.
    In the System Protection dialog box, type a description, and then click Create.



#24 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,812 posts

Posted 25 June 2015 - 05:53 PM

Are there any further problems?


a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#25 jim2009

jim2009

    Member

  • Helper Trainee
  • Pip
  • 21 posts

Posted 27 June 2015 - 06:55 AM

The speed of my Pc is ok and there are no problems  now but I welcome if you give me some steps to improve the computer's speed after it is clean.



#26 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,812 posts

Posted 27 June 2015 - 07:09 PM

Hello

 

Your logs appear to be clean.

 

Some suggestions to improve the computer's speed.

For Windows Seven go here

Take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it. Help! My computer is slow!

You may also find this helpful: Slow Computer?
 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.
As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

Note: All of the programs I am suggesting are either free or have free versions.

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

Keep MalwareBytes Anti-Malware updated and run it regularly.
Please Note: Only the paid for version has real time capabilities.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.
Note: If you are running Avast, it has an automatic updater built in.

Windows needs to be kept up-to-date.
 
Windows Updates are available from here

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative.  In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.

If you are interested, Firefox may be downloaded from here
Chrome is available here
 
Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems!

Safe Surfing:

Rocket Grannie.  
 


a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#27 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,812 posts

Posted 10 January 2017 - 05:57 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
a95.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!