Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

dllhost.exe *32 COM malware [Solved]

malware

  • This topic is locked This topic is locked
18 replies to this topic

#1 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 12:21 PM

I have seen other posts referring to this topic but no definitive answers.

I have a svchost.exe running and it seems to call or work in tandem with multiple dllhost.exe running at the same time - they are sending and receiving packets continually and also in big bursts, all while taking up cpu resources and large amounts of ram.  From other posts I have run some malware tools and scans, but malware is still running.

So take me from the beginning and help me get this figured out.

Thanks


    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 17 October 2014 - 12:40 PM

Hello, 

 

This sounds like Poweliks. Lets check. 

 

Please read this guide, and follow the instructions inside on running the two programmes. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 02:11 PM

ASWMBR keeps getting bogged down on certain files or folders - has been working for over 20 min now on Temporary Internet Files folder



#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 17 October 2014 - 02:18 PM

OK. Click Save Log and close the programme. Include the log in your next reply. 

 

Proceed with FRST. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 02:29 PM

ASWMBR.txt---------------------------------------

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-17 15:00:59
-----------------------------
15:00:59.188    OS Version: Windows x64 6.1.7600 
15:00:59.188    Number of processors: 2 586 0x2505
15:00:59.188    ComputerName: NATHAN-PC  UserName: Nathan
15:01:03.181    Initialize success
15:01:03.197    VM: initialized successfully
15:01:03.259    VM: Intel CPU virtualization not supported 
15:04:18.796    AVAST engine defs: 14101700
15:04:53.803    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:04:53.818    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
15:04:54.177    Disk 0 MBR read successfully
15:04:54.193    Disk 0 MBR scan
15:04:54.193    Disk 0 Windows 7 default MBR code
15:04:54.208    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
15:04:54.224    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 29362176
15:04:54.224    Disk 0 Boot: NTFS     code=1
15:04:54.271    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290807 MB offset 29566976
15:04:54.427    Disk 0 scanning C:\Windows\system32\drivers
15:05:03.724    Service scanning
15:05:36.687    Modules scanning
15:05:36.703    Disk 0 trace - called modules:
15:05:36.734    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:05:36.734    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142790]
15:05:36.749    3 CLASSPNP.SYS[fffff88001b3943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd2050]
15:05:40.057    AVAST engine scan C:\Windows
15:05:42.927    AVAST engine scan C:\Windows\system32
15:09:02.264    AVAST engine scan C:\Windows\system32\drivers
15:09:17.303    AVAST engine scan C:\Users\Nathan
15:20:38.868    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:20:38.884    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
15:20:39.492    Disk 0 MBR read successfully
15:20:39.492    Disk 0 MBR scan
15:20:39.492    Disk 0 Windows 7 default MBR code
15:20:39.539    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
15:20:39.554    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 29362176
15:20:39.554    Disk 0 Boot: NTFS     code=1
15:20:39.570    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290807 MB offset 29566976
15:20:39.773    Disk 0 scanning C:\Windows\system32\drivers
15:20:50.982    Service scanning
15:21:24.588    Modules scanning
15:21:24.588    Disk 0 trace - called modules:
15:21:24.618    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys 
15:21:24.618    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142790]
15:21:24.628    3 CLASSPNP.SYS[fffff88001b3943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd2050]
15:21:26.782    AVAST engine scan C:\Windows
15:21:40.917    AVAST engine scan C:\Windows\system32
15:26:16.523    AVAST engine scan C:\Windows\system32\drivers
15:26:29.268    AVAST engine scan C:\Users\Nathan
16:20:15.401    Disk 0 MBR has been saved successfully to "C:\Users\Nathan\Downloads\MBR.dat"
16:20:15.402    The log file has been saved successfully to "C:\Users\Nathan\Downloads\aswMBR.txt"
 
------------------------------------------------------------------
 
 
 
FRST.txt
 
-----------------------
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Nathan (administrator) on NATHAN-PC on 17-10-2014 16:22:30
Running from C:\Farbar recovery
Loaded Profile: Nathan (Available profiles: Nathan)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-08-07] (alch)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [Google Update] => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-18] (Google Inc.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [RCHotKey] => C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe [30000 2014-04-24] (RingCentral, Inc.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [uTorrent] => "C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [{c97514bc-f96f-0509-955c-ec60f467cb48}] => C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe [363008 2014-08-31] ()
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {097cd6a5-0844-11e4-b4df-02f46a003c85} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {8453939f-04ca-11e4-b41e-02f46a003c85} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {100F961F-B4B8-4AA6-84D5-6FE1093B46EB} URL = http://search.condui...9539864422&UM=2
SearchScopes: HKCU - {1DA704DE-1311-4C5A-BDAF-9190F66A9F76} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {6E6A121D-D07C-4FF9-9905-F6D937A4B49F} URL = http://websearch.ask...E2-9A483ED457A2
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Nathan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nathan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nathan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]
CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Google Sheets) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\TheSage\TheSage\extensions\chrome\ [2013-03-12]
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
CHR StartMenuInternet: Google Chrome - C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
U3 aswMBR; \??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Nathan\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 16:20 - 2014-10-17 16:20 - 00003248 _____ () C:\Users\Nathan\Downloads\aswMBR.txt
2014-10-17 16:20 - 2014-10-17 16:20 - 00000512 _____ () C:\Users\Nathan\Downloads\MBR.dat
2014-10-17 14:10 - 2014-10-17 14:58 - 00077000 _____ () C:\Users\Nathan\Downloads\Extras.Txt
2014-10-17 14:07 - 2014-10-17 14:56 - 00163430 _____ () C:\Users\Nathan\Downloads\OTL.Txt
2014-10-17 13:26 - 2014-10-17 13:26 - 00854448 _____ () C:\Users\Nathan\Downloads\SecurityCheck.exe
2014-10-17 13:26 - 2014-10-17 13:26 - 00602112 _____ (OldTimer Tools) C:\Users\Nathan\Downloads\OTL.exe
2014-10-17 13:23 - 2014-10-17 13:23 - 05185536 _____ (AVAST Software) C:\Users\Nathan\Downloads\aswMBR.exe
2014-10-17 11:59 - 2014-10-17 11:59 - 00000000 ____D () C:\ProcessExplorer
2014-10-17 10:48 - 2014-10-17 10:48 - 00003132 _____ () C:\Windows\System32\Tasks\{CD9C48B9-C5E6-4021-B365-9C0137F82437}
2014-10-17 09:31 - 2014-10-17 16:22 - 00000000 ____D () C:\FRST
2014-10-17 09:23 - 2014-10-17 16:22 - 00000000 ____D () C:\Farbar recovery
2014-10-17 09:23 - 2014-10-17 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-17 09:12 - 2014-10-17 09:19 - 00000000 ____D () C:\AdwCleaner
2014-10-17 00:07 - 2014-10-17 00:07 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 00:07 - 2014-10-17 00:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-17 00:04 - 2014-10-17 00:04 - 01976320 _____ () C:\Users\Nathan\Downloads\adwcleaner_4.000.exe
2014-10-17 00:01 - 2014-10-17 00:02 - 18550872 _____ () C:\Users\Nathan\Downloads\RogueKillerX64.exe
2014-09-22 21:37 - 2014-10-09 20:02 - 00000000 ____D () C:\CEO Energy
2014-09-22 15:51 - 2014-09-22 15:52 - 00000000 ____D () C:\PNC Bank
2014-09-20 23:27 - 2014-09-20 23:28 - 01037246 _____ () C:\Users\Nathan\Downloads\social-networks-auto-poster-facebook-twitter-g.zip
2014-09-20 17:24 - 2014-10-12 23:47 - 00000000 ____D () C:\Contemporary Medical
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 16:18 - 2013-05-26 11:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 15:57 - 2010-12-18 04:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA.job
2014-10-17 15:53 - 2014-07-01 09:54 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000.job
2014-10-17 15:49 - 2014-01-06 12:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 15:49 - 2014-01-06 12:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 14:59 - 2013-01-06 08:10 - 00007624 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg
2014-10-17 14:57 - 2010-12-18 04:30 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core.job
2014-10-17 11:20 - 2009-07-14 00:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:20 - 2009-07-14 00:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:16 - 2010-10-21 17:01 - 01174016 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 11:15 - 2013-02-28 17:54 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Skype
2014-10-17 11:13 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 11:13 - 2009-07-14 00:51 - 00120773 _____ () C:\Windows\setupact.log
2014-10-17 11:07 - 2011-10-27 18:10 - 00000000 ____D () C:\YIO-5
2014-10-17 09:23 - 2013-02-28 17:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-17 09:23 - 2013-02-28 17:54 - 00000000 ____D () C:\ProgramData\Skype
2014-10-17 09:23 - 2010-08-30 07:09 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-17 09:21 - 2013-09-02 23:08 - 00000000 ____D () C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar
2014-10-17 09:21 - 2010-10-21 16:58 - 00029244 _____ () C:\Windows\PFRO.log
2014-10-16 23:08 - 2013-06-10 18:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\FileZilla
2014-10-15 18:00 - 2014-06-20 22:43 - 00003832 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403318590
2014-10-15 18:00 - 2014-06-20 22:43 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-15 15:12 - 2010-12-18 04:31 - 00002378 _____ () C:\Users\Nathan\Desktop\Google Chrome.lnk
2014-10-14 15:57 - 2011-02-19 21:35 - 00000000 ____D () C:\BBFOLDER
2014-10-13 20:03 - 2014-06-16 00:12 - 00000000 ____D () C:\AuthoritySites
2014-10-13 15:44 - 2010-12-18 04:16 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Adobe
2014-10-10 11:50 - 2012-09-25 15:15 - 00000000 ____D () C:\FCConcepts
2014-10-09 19:00 - 2011-05-17 18:16 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Mozilla
2014-10-08 16:40 - 2014-07-01 09:54 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000
2014-10-05 15:41 - 2013-02-13 14:10 - 00000000 ____D () C:\Charms
2014-10-03 10:29 - 2013-05-23 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 10:27 - 2014-02-15 00:07 - 00000000 ____D () C:\Program Files\PeerBlock
2014-10-03 01:04 - 2014-05-15 22:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\vlc
2014-09-28 10:58 - 2014-07-22 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 18:55 - 2014-09-13 17:39 - 00000000 ____D () C:\MasterFinance
2014-09-23 17:18 - 2013-05-26 11:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 17:18 - 2012-04-14 18:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 17:18 - 2011-05-20 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-21 19:21 - 2010-08-30 07:14 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-09-18 21:06 - 2010-08-30 06:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-18 20:41 - 2013-04-14 11:39 - 00000287 _____ () C:\Windows\wininit.ini
 
Files to move or delete:
====================
C:\ProgramData\nud0repor.pad
 
 
Some content of TEMP:
====================
C:\Users\Nathan\AppData\Local\Temp\2kRTPatch.EXE
C:\Users\Nathan\AppData\Local\Temp\checktbexist.exe
C:\Users\Nathan\AppData\Local\Temp\COMAP.EXE
C:\Users\Nathan\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nathan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Nathan\AppData\Local\Temp\JavaCertDLL.dll
C:\Users\Nathan\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Nathan\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Nathan\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Nathan\AppData\Local\Temp\MSN22FC.exe
C:\Users\Nathan\AppData\Local\Temp\nsb64E9.exe
C:\Users\Nathan\AppData\Local\Temp\nsb7474.exe
C:\Users\Nathan\AppData\Local\Temp\nsc234D.exe
C:\Users\Nathan\AppData\Local\Temp\nscEAE9.exe
C:\Users\Nathan\AppData\Local\Temp\nsg7AFB.exe
C:\Users\Nathan\AppData\Local\Temp\nsh1736.exe
C:\Users\Nathan\AppData\Local\Temp\nsmB671.exe
C:\Users\Nathan\AppData\Local\Temp\nsn3EA9.exe
C:\Users\Nathan\AppData\Local\Temp\nsq5E90.exe
C:\Users\Nathan\AppData\Local\Temp\nsq61EB.exe
C:\Users\Nathan\AppData\Local\Temp\nsw7762.exe
C:\Users\Nathan\AppData\Local\Temp\nsxD3F6.exe
C:\Users\Nathan\AppData\Local\Temp\nsxF5C8.exe
C:\Users\Nathan\AppData\Local\Temp\oi_{D7F21A0A-4ED5-492F-B792-0DE8B07458C0}.exe
C:\Users\Nathan\AppData\Local\Temp\Quarantine.exe
C:\Users\Nathan\AppData\Local\Temp\RCClientSetup.exe
C:\Users\Nathan\AppData\Local\Temp\RCReadCookies.exe
C:\Users\Nathan\AppData\Local\Temp\SearchHelper.exe
C:\Users\Nathan\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Nathan\AppData\Local\Temp\SPSetup.exe
C:\Users\Nathan\AppData\Local\Temp\SPStub.exe
C:\Users\Nathan\AppData\Local\Temp\sqlite3.dll
C:\Users\Nathan\AppData\Local\Temp\tbMixi.dll
C:\Users\Nathan\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Nathan\AppData\Local\Temp\zlib.dll
C:\Users\Nathan\AppData\Local\Temp\_is7BA2.exe
C:\Users\Nathan\AppData\Local\Temp\_isEB38.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 00:42
 
==================== End Of Log ============================
 
 
 
 
Addition.txt
 
-------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Nathan at 2014-10-17 09:33:01
Running from C:\Farbar recovery
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version:  - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Add or Remove Adobe Creative Suite 3 Web Premium (HKLM-x32\...\Adobe_247961ef275e20c5cb073c36394ac32) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS3 (x32 Version: 4.1 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Web Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Aircraft Bluebook (HKLM-x32\...\{3DEDE4AE-7D5C-4FE3-93B3-ACE618605B53}) (Version: 13.01.00 - Penton Media, Inc.)
Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version:  - )
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avidyne Entegra Freeplay Simulator (OEM) (HKLM-x32\...\Avidyne Entegra Freeplay Simulator (OEM)) (Version:  - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brackets (HKLM-x32\...\{CA6586CA-1C03-488B-B791-2A4533C1B1C6}) (Version: 0.35 - brackets.io)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
ClamWin Free Antivirus 0.98.4.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Communicator (HKLM-x32\...\{6F1BF39E-E339-4F6F-B547-EDDC280F7198}) (Version: 35.7.1389 - PhoneDotCom)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
DigiGraph 2 (HKCU\...\DigiGraph 2) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Files Compare Tool (HKLM-x32\...\{E69A76AA-71D9-4939-8EBB-8FC8BE22428D}) (Version:  - )
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FreeRIP 4.0 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.0 - GreenTree Applications SRL)
Google AdWords Editor (HKLM-x32\...\{C2F536D9-91E1-4B5C-8A97-9BEB2943EFD1}) (Version: 10.4.1 - Google)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 7.0.1.1796 (HKCU\...\GoToMeeting) (Version: 7.0.1.1796 - CitrixOnline)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LeechFTP  (HKLM-x32\...\LeechFTP) (Version:  - )
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{00180409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Network Recording Player (HKLM-x32\...\{0E6B3568-2337-4429-9E14-0D9D8157D45A}) (Version: 2.23.2500 - Cisco WebEx LLC)
NinjaTrader 7 (HKLM-x32\...\{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}) (Version: 7.0.1011 - NinjaTrader)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version:  - )
PlaneBase (HKLM-x32\...\{B9135D53-DB4B-40A6-A2DF-1ECF2BD9014F}) (Version: 2.3.14 - AIRPAC)
PlaneCD (C:\Program Files (x86)\PlaneCD\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
PlaneCD (HKLM-x32\...\ST6UNST #1) (Version:  - )
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Programmer's Notepad 2 (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.2.0.2240 - Simon Steele)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
RingCentral Call Controller (HKLM-x32\...\RingCentral) (Version:  - RingCentral, Inc.)
RingCentral Softphone (HKLM-x32\...\{52F10407-8CF3-4EEB-8D4A-9AA02AE861FC}) (Version: 6.03.001.50 - RingCentral, Inc)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TheSage (HKLM\...\TheSage) (Version: 5.1.1790 - Sequence Publishing)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VSDC Free Video Editor version 2.1.9.227 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.9.227 - Flash-Integro LLC)
Wave Editor 3.2.1.0 (HKLM-x32\...\Wave Editor_is1) (Version: 3.2.1.0 - AbyssMedia.com)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Your Insurance Office v5.0 (HKLM-x32\...\Your Insurance Office v5.0) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-01-25 14:23 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3238AF4B-A505-4AD4-8521-548BBBDAEA76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18] (Google Inc.)
Task: {7137B69E-153D-459D-A2AC-D0F3B8C06AC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: {9DB5A5AA-55AA-4FB6-9022-504CD22742B3} - System32\Tasks\{D8D81A32-FD14-447B-9923-39561E9EFDC1} => Chrome.exe http://ui.skype.com/...red;notincluded
Task: {A3CD94F1-7D1A-4F8A-9327-3C0D84911005} - System32\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000 => C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe [2014-10-08] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C0A9B562-9F2E-4D17-B26D-539DCE82D1C4} - System32\Tasks\Opera scheduled Autoupdate 1403318590 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)
Task: {CE719934-CFA9-4724-A575-75EC168FDC3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18] (Google Inc.)
Task: {E6582D6F-7D0C-4FE9-8008-1A1DAD14B1E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {FA56E34E-7E2B-487E-B394-3BDC01D8A4B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000.job => C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core.job => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA.job => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-12-21 19:09 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-10-21 17:20 - 2010-06-09 21:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-06-28 18:20 - 2010-06-28 18:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 18:12 - 2010-06-28 18:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-08-30 07:36 - 2009-05-20 02:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2010-12-21 19:09 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-03-29 14:46 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2011-03-29 14:46 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2011-03-29 14:46 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2011-03-29 14:46 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2011-03-29 14:46 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2011-03-29 14:46 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2011-03-29 14:46 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2011-03-29 14:46 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2011-03-29 14:46 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2011-03-29 14:46 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2011-03-29 14:46 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2011-03-29 14:46 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2011-03-29 14:46 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2011-03-29 14:46 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2011-03-29 14:46 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2011-03-29 14:46 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
2010-12-18 18:01 - 2010-12-18 18:01 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a416e1d402c16813f1bf26e73c004049\IsdiInterop.ni.dll
2010-08-30 06:56 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3965309216-3280889811-3830929852-500 - Administrator - Disabled)
Guest (S-1-5-21-3965309216-3280889811-3830929852-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3965309216-3280889811-3830929852-1002 - Limited - Enabled)
Nathan (S-1-5-21-3965309216-3280889811-3830929852-1000 - Administrator - Enabled) => C:\Users\Nathan
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/17/2014 00:45:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (10/17/2014 00:44:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
 
System errors:
=============
Error: (10/17/2014 09:22:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dritek WMI Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Acer ePower Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GREGService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NTI IScheduleSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (10/17/2014 00:45:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
 
Error: (10/17/2014 00:44:37 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-11 21:07:16.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-11 21:07:16.026
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-11 21:06:39.144
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-11 21:06:39.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-10 22:46:47.209
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-10 22:46:47.195
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-10 22:45:55.400
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-10 22:45:55.382
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 41%
Total physical RAM: 3766.71 MB
Available physical RAM: 2217.68 MB
Total Pagefile: 7531.57 MB
Available Pagefile: 5906.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:47.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 523FFB90)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 17 October 2014 - 02:35 PM

Please consider the following warning, and let me know how you wish to proceed.
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 02:38 PM

Well, proceed. Not sure what is being asked?



#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 17 October 2014 - 02:47 PM

Have a proper read of the warning and articles linked. 

 

As stated several times, the recommended course of action is to reformat your Hard Drive and reinstall your Operating System. This essentially removes all data from your computer, and guarantees complete removal of the malware present. 

 

However, not everyone wishes to reformat. Instead, they wish to proceed with cleaning the machine. Whilst the identified infection(s) can be removed, I cannot guarantee all malware present will be. This is due to the nature of the infection, and means your computer cannot be considered trustworthy. 

 

Ultimately, you need to decide whether you wish to reformat or clean. The choice is yours. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#9 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 02:52 PM

Let's clean, for now.   And i will backup and reformat later.

Will we use RogueKiller?



#10 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 17 October 2014 - 03:48 PM

Hello, 
 
Are you aware ClamWin Free Antivirus does not provide real-time protection as files are written to your HDD? I would suggest switching to an Anti-Virus with real-time protection. If you're interested in this, please let me know and we can do so at the end of this process. 
 
Please consider the following warning.
 

goGMWSt.gifP2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware -wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programmes, right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
------------------------------
 

Will we use RogueKiller?

I see you've already run RogueKiller. Please include the log in your next reply. 

 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • (!) Navigate to C:\Farbar recovery. Right-click FRST64.exe and click Cut. Navigate to your Desktop, right-click and click Paste. All tools must be run from your Desktop.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
    C:\Program Files (x86)\Mobile App Sync
    HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [{c97514bc-f96f-0509-955c-ec60f467cb48}] => C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe [363008 2014-08-31] ()
    C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}
    HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {097cd6a5-0844-11e4-b4df-02f46a003c85} - E:\LG_PC_Programs.exe
    HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {8453939f-04ca-11e4-b41e-02f46a003c85} - F:\LG_PC_Programs.exe
    HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    SearchScopes: HKCU - {100F961F-B4B8-4AA6-84D5-6FE1093B46EB} URL = http://search.condui...9539864422&UM=2
    SearchScopes: HKCU - {1DA704DE-1311-4C5A-BDAF-9190F66A9F76} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKCU - {6E6A121D-D07C-4FF9-9905-F6D937A4B49F} URL = http://websearch.ask...E2-9A483ED457A2
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    FF DefaultSearchEngine: Yahoo!
    FF SelectedSearchEngine: Yahoo!
    FF Keyword.URL: https://search.yahoo...&type=282369&p=
    FF SearchPlugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml
    CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
    CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
    2014-10-17 09:21 - 2013-09-02 23:08 - 00000000 ____D () C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar
    C:\ProgramData\nud0repor.pad
    CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Are you interested in switching Anti-Virus?
  • RogueKiller log
  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

    Advertisements

Register to Remove


#11 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 06:01 PM

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Nathan [Administrator]
Mode : Scan -- Date : 10/17/2014  16:35:44
 
¤¤¤ Processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 16 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run | {c97514bc-f96f-0509-955c-ec60f467cb48} : "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run | {c97514bc-f96f-0509-955c-ec60f467cb48} : "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe"  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Nathan\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Nathan\AppData\Local\Temp\aswVmm.sys) -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5783EDF0-2FD1-468D-82C7-ED8EA7F655C2} | DhcpNameServer : 168.95.1.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5783EDF0-2FD1-468D-82C7-ED8EA7F655C2} | DhcpNameServer : 168.95.1.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5783EDF0-2FD1-468D-82C7-ED8EA7F655C2} | DhcpNameServer : 168.95.1.1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd2332e0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd23396c
[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef8a416f0
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] mbdnjha5.default : user_pref("browser.startup.homepage", "google.com"); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] b3cf63f686366a0f894be968d2bf4c48
[BSP] 01bc7774dca7efead93195a41bf88d39 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29566976 | Size: 290807 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_10172014_090925.log - RKreport_SCN_10172014_001445.log


#12 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 06:49 PM

Farbar is over 20 min for fixlist??



#13 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 17 October 2014 - 07:00 PM

Close FRST. 

Go ahead and recreate Fixlist.txt. Open FRST and click Fix. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#14 sitepro

sitepro

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 October 2014 - 07:08 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Nathan at 2014-10-17 20:22:42 Run:1
Running from C:\Users\Nathan\Desktop
Loaded Profile: Nathan (Available profiles: Nathan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
C:\Program Files (x86)\Mobile App Sync
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [{c97514bc-f96f-0509-955c-ec60f467cb48}] => C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe [363008 2014-08-31] ()
C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {097cd6a5-0844-11e4-b4df-02f46a003c85} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {8453939f-04ca-11e4-b41e-02f46a003c85} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SearchScopes: HKCU - {100F961F-B4B8-4AA6-84D5-6FE1093B46EB} URL = http://search.condui...9539864422&UM=2
SearchScopes: HKCU - {1DA704DE-1311-4C5A-BDAF-9190F66A9F76} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {6E6A121D-D07C-4FF9-9905-F6D937A4B49F} URL = http://websearch.ask...E2-9A483ED457A2
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF SearchPlugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
2014-10-17 09:21 - 2013-09-02 23:08 - 00000000 ____D () C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar
C:\ProgramData\nud0repor.pad
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MobileAppSync => value deleted successfully.
"C:\Program Files (x86)\Mobile App Sync" => File/Directory not found.
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{c97514bc-f96f-0509-955c-ec60f467cb48} => value deleted successfully.
 
"C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}" directory move:
 
Could not move "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe" => Scheduled to move on reboot.
Could not move "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}" directory. => Scheduled to move on reboot.
 
"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{097cd6a5-0844-11e4-b4df-02f46a003c85}" => Key deleted successfully.
"HKCR\CLSID\{097cd6a5-0844-11e4-b4df-02f46a003c85}" => Key not found.
"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8453939f-04ca-11e4-b41e-02f46a003c85}" => Key deleted successfully.
"HKCR\CLSID\{8453939f-04ca-11e4-b41e-02f46a003c85}" => Key not found.
"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.
"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{100F961F-B4B8-4AA6-84D5-6FE1093B46EB}" => Key deleted successfully.
"HKCR\CLSID\{100F961F-B4B8-4AA6-84D5-6FE1093B46EB}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DA704DE-1311-4C5A-BDAF-9190F66A9F76}" => Key deleted successfully.
"HKCR\CLSID\{1DA704DE-1311-4C5A-BDAF-9190F66A9F76}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E6A121D-D07C-4FF9-9905-F6D937A4B49F}" => Key deleted successfully.
"HKCR\CLSID\{6E6A121D-D07C-4FF9-9905-F6D937A4B49F}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.
C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.
"C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx" => File/Directory not found.
C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar => Moved successfully.
C:\ProgramData\nud0repor.pad => Moved successfully.
"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {5D5EB998-9B11-4F6B-88A9-0142728425D9}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-17 21:07:07)<=
 
==> ATTENTION: System is not rebooted.
"C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe" => File could not move.
"C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}" => Directory could not move.
 
==== End of Fixlog ====


#15 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 17 October 2014 - 07:13 PM

Please reboot your machine, and proceed with AdwCleaner and JRT.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics




Also tagged with one or more of these keywords: malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users