WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

dllhost.exe *32 COM malware [Solved]

Started by sitepro , Oct 17 2014 12:21 PM

malware

This topic is locked

18 replies to this topic

#1 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 12:21 PM

I have seen other posts referring to this topic but no definitive answers.

I have a svchost.exe running and it seems to call or work in tandem with multiple dllhost.exe running at the same time - they are sending and receiving packets continually and also in big bursts, all while taking up cpu resources and large amounts of ram. From other posts I have run some malware tools and scans, but malware is still running.

So take me from the beginning and help me get this figured out.

Thanks

Advertisements

Register to Remove

#2 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 17 October 2014 - 12:40 PM

Hello,

This sounds like Poweliks. Lets check.

Please read this guide, and follow the instructions inside on running the two programmes.

Would you like to help others with malware removal? Join our Classroom and learn how!

#3 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 02:11 PM

ASWMBR keeps getting bogged down on certain files or folders - has been working for over 20 min now on Temporary Internet Files folder

#4 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 17 October 2014 - 02:18 PM

OK. Click Save Log and close the programme. Include the log in your next reply.

Proceed with FRST.

Would you like to help others with malware removal? Join our Classroom and learn how!

#5 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 02:29 PM

ASWMBR.txt---------------------------------------

Run date: 2014-10-17 15:00:59

-----------------------------

15:00:59.188 OS Version: Windows x64 6.1.7600

15:00:59.188 Number of processors: 2 586 0x2505

15:00:59.188 ComputerName: NATHAN-PC UserName: Nathan

15:01:03.181 Initialize success

15:01:03.197 VM: initialized successfully

15:01:03.259 VM: Intel CPU virtualization not supported

15:04:18.796 AVAST engine defs: 14101700

15:04:53.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:04:53.818 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3

15:04:54.177 Disk 0 MBR read successfully

15:04:54.193 Disk 0 MBR scan

15:04:54.193 Disk 0 Windows 7 default MBR code

15:04:54.208 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048

15:04:54.224 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176

15:04:54.224 Disk 0 Boot: NTFS code=1

15:04:54.271 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290807 MB offset 29566976

15:04:54.427 Disk 0 scanning C:\Windows\system32\drivers

15:05:03.724 Service scanning

15:05:36.687 Modules scanning

15:05:36.703 Disk 0 trace - called modules:

15:05:36.734 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

15:05:36.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142790]

15:05:36.749 3 CLASSPNP.SYS[fffff88001b3943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd2050]

15:05:40.057 AVAST engine scan C:\Windows

15:05:42.927 AVAST engine scan C:\Windows\system32

15:09:02.264 AVAST engine scan C:\Windows\system32\drivers

15:09:17.303 AVAST engine scan C:\Users\Nathan

15:20:38.868 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:20:38.884 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3

15:20:39.492 Disk 0 MBR read successfully

15:20:39.492 Disk 0 MBR scan

15:20:39.492 Disk 0 Windows 7 default MBR code

15:20:39.539 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048

15:20:39.554 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176

15:20:39.554 Disk 0 Boot: NTFS code=1

15:20:39.570 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290807 MB offset 29566976

15:20:39.773 Disk 0 scanning C:\Windows\system32\drivers

15:20:50.982 Service scanning

15:21:24.588 Modules scanning

15:21:24.588 Disk 0 trace - called modules:

15:21:24.618 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys

15:21:24.618 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142790]

15:21:24.628 3 CLASSPNP.SYS[fffff88001b3943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd2050]

15:21:26.782 AVAST engine scan C:\Windows

15:21:40.917 AVAST engine scan C:\Windows\system32

15:26:16.523 AVAST engine scan C:\Windows\system32\drivers

15:26:29.268 AVAST engine scan C:\Users\Nathan

16:20:15.401 Disk 0 MBR has been saved successfully to "C:\Users\Nathan\Downloads\MBR.dat"

16:20:15.402 The log file has been saved successfully to "C:\Users\Nathan\Downloads\aswMBR.txt"

------------------------------------------------------------------

FRST.txt

-----------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014

Ran by Nathan (administrator) on NATHAN-PC on 17-10-2014 16:22:30

Running from C:\Farbar recovery

Loaded Profile: Nathan (Available profiles: Nathan)

Platform: Windows 7 Home Premium (X64) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe

() C:\Windows\PLFSetI.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2014-08-07] (alch)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [Google Update] => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-12-18] (Google Inc.)

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [RCHotKey] => C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe [30000 2014-04-24] (RingCentral, Inc.)

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [uTorrent] => "C:\Users\Nathan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [{c97514bc-f96f-0509-955c-ec60f467cb48}] => C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe [363008 2014-08-31] ()

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {097cd6a5-0844-11e4-b4df-02f46a003c85} - E:\LG_PC_Programs.exe

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {8453939f-04ca-11e4-b41e-02f46a003c85} - F:\LG_PC_Programs.exe

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {100F961F-B4B8-4AA6-84D5-6FE1093B46EB} URL = http://search.condui...9539864422&UM=2

SearchScopes: HKCU - {1DA704DE-1311-4C5A-BDAF-9190F66A9F76} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKCU - {6E6A121D-D07C-4FF9-9905-F6D937A4B49F} URL = http://websearch.ask...E2-9A483ED457A2

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF Homepage: google.com

FF Keyword.URL: https://search.yahoo...&type=282369&p=

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Nathan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Nathan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Nathan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Nathan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF SearchPlugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-12]

Chrome:

=======

CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-17]

CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]

CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-26]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]

CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]

CHR Extension: (Google Sheets) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-17]

CHR Extension: (Google Wallet) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]

CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]

CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\TheSage\TheSage\extensions\chrome\ [2013-03-12]

CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]

CHR StartMenuInternet: Google Chrome - C:\Users\Nathan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)

U3 aswMBR; \??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Nathan\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 16:20 - 2014-10-17 16:20 - 00003248 _____ () C:\Users\Nathan\Downloads\aswMBR.txt

2014-10-17 16:20 - 2014-10-17 16:20 - 00000512 _____ () C:\Users\Nathan\Downloads\MBR.dat

2014-10-17 14:10 - 2014-10-17 14:58 - 00077000 _____ () C:\Users\Nathan\Downloads\Extras.Txt

2014-10-17 14:07 - 2014-10-17 14:56 - 00163430 _____ () C:\Users\Nathan\Downloads\OTL.Txt

2014-10-17 13:26 - 2014-10-17 13:26 - 00854448 _____ () C:\Users\Nathan\Downloads\SecurityCheck.exe

2014-10-17 13:26 - 2014-10-17 13:26 - 00602112 _____ (OldTimer Tools) C:\Users\Nathan\Downloads\OTL.exe

2014-10-17 13:23 - 2014-10-17 13:23 - 05185536 _____ (AVAST Software) C:\Users\Nathan\Downloads\aswMBR.exe

2014-10-17 11:59 - 2014-10-17 11:59 - 00000000 ____D () C:\ProcessExplorer

2014-10-17 10:48 - 2014-10-17 10:48 - 00003132 _____ () C:\Windows\System32\Tasks\{CD9C48B9-C5E6-4021-B365-9C0137F82437}

2014-10-17 09:31 - 2014-10-17 16:22 - 00000000 ____D () C:\FRST

2014-10-17 09:23 - 2014-10-17 16:22 - 00000000 ____D () C:\Farbar recovery

2014-10-17 09:23 - 2014-10-17 09:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-10-17 09:12 - 2014-10-17 09:19 - 00000000 ____D () C:\AdwCleaner

2014-10-17 00:07 - 2014-10-17 00:07 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-10-17 00:07 - 2014-10-17 00:07 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-10-17 00:04 - 2014-10-17 00:04 - 01976320 _____ () C:\Users\Nathan\Downloads\adwcleaner_4.000.exe

2014-10-17 00:01 - 2014-10-17 00:02 - 18550872 _____ () C:\Users\Nathan\Downloads\RogueKillerX64.exe

2014-09-22 21:37 - 2014-10-09 20:02 - 00000000 ____D () C:\CEO Energy

2014-09-22 15:51 - 2014-09-22 15:52 - 00000000 ____D () C:\PNC Bank

2014-09-20 23:27 - 2014-09-20 23:28 - 01037246 _____ () C:\Users\Nathan\Downloads\social-networks-auto-poster-facebook-twitter-g.zip

2014-09-20 17:24 - 2014-10-12 23:47 - 00000000 ____D () C:\Contemporary Medical

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-17 16:18 - 2013-05-26 11:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-17 15:57 - 2010-12-18 04:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA.job

2014-10-17 15:53 - 2014-07-01 09:54 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000.job

2014-10-17 15:49 - 2014-01-06 12:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-17 15:49 - 2014-01-06 12:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-17 14:59 - 2013-01-06 08:10 - 00007624 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg

2014-10-17 14:57 - 2010-12-18 04:30 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core.job

2014-10-17 11:20 - 2009-07-14 00:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-17 11:20 - 2009-07-14 00:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-17 11:16 - 2010-10-21 17:01 - 01174016 _____ () C:\Windows\WindowsUpdate.log

2014-10-17 11:15 - 2013-02-28 17:54 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Skype

2014-10-17 11:13 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-17 11:13 - 2009-07-14 00:51 - 00120773 _____ () C:\Windows\setupact.log

2014-10-17 11:07 - 2011-10-27 18:10 - 00000000 ____D () C:\YIO-5

2014-10-17 09:23 - 2013-02-28 17:54 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-10-17 09:23 - 2013-02-28 17:54 - 00000000 ____D () C:\ProgramData\Skype

2014-10-17 09:23 - 2010-08-30 07:09 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-10-17 09:21 - 2013-09-02 23:08 - 00000000 ____D () C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar

2014-10-17 09:21 - 2010-10-21 16:58 - 00029244 _____ () C:\Windows\PFRO.log

2014-10-16 23:08 - 2013-06-10 18:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\FileZilla

2014-10-15 18:00 - 2014-06-20 22:43 - 00003832 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403318590

2014-10-15 18:00 - 2014-06-20 22:43 - 00000000 ____D () C:\Program Files (x86)\Opera

2014-10-15 15:12 - 2010-12-18 04:31 - 00002378 _____ () C:\Users\Nathan\Desktop\Google Chrome.lnk

2014-10-14 15:57 - 2011-02-19 21:35 - 00000000 ____D () C:\BBFOLDER

2014-10-13 20:03 - 2014-06-16 00:12 - 00000000 ____D () C:\AuthoritySites

2014-10-13 15:44 - 2010-12-18 04:16 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Adobe

2014-10-10 11:50 - 2012-09-25 15:15 - 00000000 ____D () C:\FCConcepts

2014-10-09 19:00 - 2011-05-17 18:16 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Mozilla

2014-10-08 16:40 - 2014-07-01 09:54 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000

2014-10-05 15:41 - 2013-02-13 14:10 - 00000000 ____D () C:\Charms

2014-10-03 10:29 - 2013-05-23 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-10-03 10:27 - 2014-02-15 00:07 - 00000000 ____D () C:\Program Files\PeerBlock

2014-10-03 01:04 - 2014-05-15 22:00 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\vlc

2014-09-28 10:58 - 2014-07-22 11:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-27 18:55 - 2014-09-13 17:39 - 00000000 ____D () C:\MasterFinance

2014-09-23 17:18 - 2013-05-26 11:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-23 17:18 - 2012-04-14 18:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-23 17:18 - 2011-05-20 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-21 19:21 - 2010-08-30 07:14 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker

2014-09-18 21:06 - 2010-08-30 06:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-09-18 20:41 - 2013-04-14 11:39 - 00000287 _____ () C:\Windows\wininit.ini

Files to move or delete:

====================

C:\ProgramData\nud0repor.pad

Some content of TEMP:

====================

C:\Users\Nathan\AppData\Local\Temp\2kRTPatch.EXE

C:\Users\Nathan\AppData\Local\Temp\checktbexist.exe

C:\Users\Nathan\AppData\Local\Temp\COMAP.EXE

C:\Users\Nathan\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Nathan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe

C:\Users\Nathan\AppData\Local\Temp\JavaCertDLL.dll

C:\Users\Nathan\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe

C:\Users\Nathan\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe

C:\Users\Nathan\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\Nathan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\Nathan\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Nathan\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Nathan\AppData\Local\Temp\mconduitinstaller.exe

C:\Users\Nathan\AppData\Local\Temp\MSN22FC.exe

C:\Users\Nathan\AppData\Local\Temp\nsb64E9.exe

C:\Users\Nathan\AppData\Local\Temp\nsb7474.exe

C:\Users\Nathan\AppData\Local\Temp\nsc234D.exe

C:\Users\Nathan\AppData\Local\Temp\nscEAE9.exe

C:\Users\Nathan\AppData\Local\Temp\nsg7AFB.exe

C:\Users\Nathan\AppData\Local\Temp\nsh1736.exe

C:\Users\Nathan\AppData\Local\Temp\nsmB671.exe

C:\Users\Nathan\AppData\Local\Temp\nsn3EA9.exe

C:\Users\Nathan\AppData\Local\Temp\nsq5E90.exe

C:\Users\Nathan\AppData\Local\Temp\nsq61EB.exe

C:\Users\Nathan\AppData\Local\Temp\nsw7762.exe

C:\Users\Nathan\AppData\Local\Temp\nsxD3F6.exe

C:\Users\Nathan\AppData\Local\Temp\nsxF5C8.exe

C:\Users\Nathan\AppData\Local\Temp\oi_{D7F21A0A-4ED5-492F-B792-0DE8B07458C0}.exe

C:\Users\Nathan\AppData\Local\Temp\Quarantine.exe

C:\Users\Nathan\AppData\Local\Temp\RCClientSetup.exe

C:\Users\Nathan\AppData\Local\Temp\RCReadCookies.exe

C:\Users\Nathan\AppData\Local\Temp\SearchHelper.exe

C:\Users\Nathan\AppData\Local\Temp\SecondStepInstaller.exe

C:\Users\Nathan\AppData\Local\Temp\SPSetup.exe

C:\Users\Nathan\AppData\Local\Temp\SPStub.exe

C:\Users\Nathan\AppData\Local\Temp\sqlite3.dll

C:\Users\Nathan\AppData\Local\Temp\tbMixi.dll

C:\Users\Nathan\AppData\Local\Temp\wmpfirefoxplugin.exe

C:\Users\Nathan\AppData\Local\Temp\zlib.dll

C:\Users\Nathan\AppData\Local\Temp\_is7BA2.exe

C:\Users\Nathan\AppData\Local\Temp\_isEB38.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-17 00:42

==================== End Of Log ============================

Addition.txt

-------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014

Ran by Nathan at 2014-10-17 09:33:01

Running from C:\Farbar recovery

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)

18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)

Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)

Acer Game Console (x32 Version: - WildTangent) Hidden

Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Add or Remove Adobe Creative Suite 3 Web Premium (HKLM-x32\...\Adobe_247961ef275e20c5cb073c36394ac32) (Version: 1.0 - Adobe Systems Incorporated)

Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)

Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden

Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 2.0.2.12610 - Adobe Systems Inc.) Hidden

Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden

Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Contribute CS3 (x32 Version: 4.1 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 3 Web Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden

Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)

Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated) Hidden

Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Fireworks CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe Flash CS3 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Flash Video Encoder (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Illustrator CS3 (x32 Version: 13.0 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden

Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Server (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden

Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden

AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden

Aircraft Bluebook (HKLM-x32\...\{3DEDE4AE-7D5C-4FE3-93B3-ACE618605B53}) (Version: 13.01.00 - Penton Media, Inc.)

Aleks 3.18 (HKLM-x32\...\Aleks 3.18) (Version: - )

Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)

Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)

Avidyne Entegra Freeplay Simulator (OEM) (HKLM-x32\...\Avidyne Entegra Freeplay Simulator (OEM)) (Version: - )

Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden

Barnes & Noble Desktop Reader (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.21 - Barnesandnoble.com)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Brackets (HKLM-x32\...\{CA6586CA-1C03-488B-B791-2A4533C1B1C6}) (Version: 0.35 - brackets.io)

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)

Brother MFL-Pro Suite MFC-490CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)

ClamWin Free Antivirus 0.98.4.1 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version: - alch)

Communicator (HKLM-x32\...\{6F1BF39E-E339-4F6F-B547-EDDC280F7198}) (Version: 35.7.1389 - PhoneDotCom)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)

CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden

DigiGraph 2 (HKCU\...\DigiGraph 2) (Version: - )

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Files Compare Tool (HKLM-x32\...\{E69A76AA-71D9-4939-8EBB-8FC8BE22428D}) (Version: - )

FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)

FreeRIP 4.0 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.0 - GreenTree Applications SRL)

Google AdWords Editor (HKLM-x32\...\{C2F536D9-91E1-4B5C-8A97-9BEB2943EFD1}) (Version: 10.4.1 - Google)

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GoToMeeting 7.0.1.1796 (HKCU\...\GoToMeeting) (Version: 7.0.1.1796 - CitrixOnline)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

Java 7 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417011FF}) (Version: 7.0.110 - Oracle)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden

Java SE Development Kit 7 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170110}) (Version: 1.7.0.110 - Oracle)

Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)

LeechFTP (HKLM-x32\...\LeechFTP) (Version: - )

LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)

Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)

Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Access 2000 SR-1 Runtime (HKLM-x32\...\{00180409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden

Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

Network Recording Player (HKLM-x32\...\{0E6B3568-2337-4429-9E14-0D9D8157D45A}) (Version: 2.23.2500 - Cisco WebEx LLC)

NinjaTrader 7 (HKLM-x32\...\{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}) (Version: 7.0.1011 - NinjaTrader)

NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)

NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

Opera Stable 25.0.1614.50 (HKLM-x32\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PitchWorks remove (HKLM-x32\...\PitchWorks DX) (Version: - )

PlaneBase (HKLM-x32\...\{B9135D53-DB4B-40A6-A2DF-1ECF2BD9014F}) (Version: 2.3.14 - AIRPAC)

PlaneCD (C:\Program Files (x86)\PlaneCD\) (HKLM-x32\...\ST6UNST #2) (Version: - )

PlaneCD (HKLM-x32\...\ST6UNST #1) (Version: - )

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Programmer's Notepad 2 (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.2.0.2240 - Simon Steele)

PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)

RingCentral Call Controller (HKLM-x32\...\RingCentral) (Version: - RingCentral, Inc.)

RingCentral Softphone (HKLM-x32\...\{52F10407-8CF3-4EEB-8D4A-9AA02AE861FC}) (Version: 6.03.001.50 - RingCentral, Inc)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

TheSage (HKLM\...\TheSage) (Version: 5.1.1790 - Sequence Publishing)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

VSDC Free Video Editor version 2.1.9.227 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.9.227 - Flash-Integro LLC)

Wave Editor 3.2.1.0 (HKLM-x32\...\Wave Editor_is1) (Version: 3.2.1.0 - AbyssMedia.com)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)

Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Your Insurance Office v5.0 (HKLM-x32\...\Your Insurance Office v5.0) (Version: - )

Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-01-25 14:23 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3238AF4B-A505-4AD4-8521-548BBBDAEA76} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18] (Google Inc.)

Task: {7137B69E-153D-459D-A2AC-D0F3B8C06AC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)

Task: {9DB5A5AA-55AA-4FB6-9022-504CD22742B3} - System32\Tasks\{D8D81A32-FD14-447B-9923-39561E9EFDC1} => Chrome.exe http://ui.skype.com/...red;notincluded

Task: {A3CD94F1-7D1A-4F8A-9327-3C0D84911005} - System32\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000 => C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe [2014-10-08] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {C0A9B562-9F2E-4D17-B26D-539DCE82D1C4} - System32\Tasks\Opera scheduled Autoupdate 1403318590 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-15] (Opera Software)

Task: {CE719934-CFA9-4724-A575-75EC168FDC3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18] (Google Inc.)

Task: {E6582D6F-7D0C-4FE9-8008-1A1DAD14B1E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

Task: {FA56E34E-7E2B-487E-B394-3BDC01D8A4B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3965309216-3280889811-3830929852-1000.job => C:\Users\Nathan\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000Core.job => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3965309216-3280889811-3830929852-1000UA.job => C:\Users\Nathan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-21 19:09 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll

2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2010-10-21 17:20 - 2010-06-09 21:54 - 00206208 _____ () C:\Windows\PLFSetI.exe

2010-06-28 18:20 - 2010-06-28 18:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-06-28 18:12 - 2010-06-28 18:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2010-08-30 07:36 - 2009-05-20 02:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

2010-12-21 19:09 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2011-03-29 14:46 - 2005-02-08 16:23 - 00979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll

2011-03-29 14:46 - 2004-11-20 02:27 - 00069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd

2011-03-29 14:46 - 2004-10-11 19:21 - 00094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll

2011-03-29 14:46 - 2004-05-25 20:18 - 00057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd

2011-03-29 14:46 - 2004-11-20 02:27 - 00086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd

2011-03-29 14:46 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd

2011-03-29 14:46 - 2004-11-20 02:27 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd

2011-03-29 14:46 - 2004-05-25 20:18 - 00049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd

2011-03-29 14:46 - 2004-05-25 20:18 - 00495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd

2011-03-29 14:46 - 2004-05-25 20:20 - 00036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd

2011-03-29 14:46 - 2004-10-11 19:22 - 00315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll

2011-03-29 14:46 - 2004-11-20 02:27 - 00106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd

2011-03-29 14:46 - 2004-11-20 02:27 - 00065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd

2011-03-29 14:46 - 2004-01-15 13:45 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd

2011-03-29 14:46 - 2004-11-20 02:27 - 00077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd

2011-03-29 14:46 - 2004-11-20 02:27 - 00024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd

2011-03-29 14:46 - 2003-10-01 12:40 - 02240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd

2011-03-29 14:46 - 2003-10-01 10:43 - 03239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll

2011-03-29 14:46 - 2003-08-10 08:14 - 00061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd

2011-03-29 14:46 - 2004-05-25 20:17 - 00622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd

2011-03-29 14:46 - 2004-05-25 20:19 - 00045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd

2010-12-18 18:01 - 2010-12-18 18:01 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a416e1d402c16813f1bf26e73c004049\IsdiInterop.ni.dll

2010-08-30 06:56 - 2010-04-13 12:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3965309216-3280889811-3830929852-500 - Administrator - Disabled)

Guest (S-1-5-21-3965309216-3280889811-3830929852-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3965309216-3280889811-3830929852-1002 - Limited - Enabled)

Nathan (S-1-5-21-3965309216-3280889811-3830929852-1000 - Administrator - Enabled) => C:\Users\Nathan

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/17/2014 00:45:07 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (10/17/2014 00:44:37 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

System errors:

=============

Error: (10/17/2014 09:22:43 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dritek WMI Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Acer ePower Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The GREGService service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NTI IScheduleSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/17/2014 09:19:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Microsoft Office Sessions:

=========================

Error: (10/17/2014 00:45:07 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (10/17/2014 00:44:37 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

Error: (10/13/2014 03:35:59 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )

Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed

Trace: (null)

CodeIntegrity Errors:

===================================

Date: 2014-02-11 21:07:16.038

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-02-11 21:07:16.026

Date: 2014-02-11 21:06:39.144

Date: 2014-02-11 21:06:39.129

Date: 2014-02-10 22:46:47.209

Date: 2014-02-10 22:46:47.195

Date: 2014-02-10 22:45:55.400

Date: 2014-02-10 22:45:55.382

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz

Percentage of memory in use: 41%

Total physical RAM: 3766.71 MB

Available physical RAM: 2217.68 MB

Total Pagefile: 7531.57 MB

Available Pagefile: 5906.64 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:47.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 523FFB90)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#6 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 17 October 2014 - 02:35 PM

Please consider the following warning, and let me know how you wish to proceed.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

When should I re-format? How should I reinstall?

Help: I Got Hacked. Now What Do I Do?

Where to draw the line? When to recommend a format and reinstall?

Please let me know how you wish to proceed, and if you have any questions.

Would you like to help others with malware removal? Join our Classroom and learn how!

#7 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 02:38 PM

Well, proceed. Not sure what is being asked?

#8 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 17 October 2014 - 02:47 PM

Have a proper read of the warning and articles linked.

As stated several times, the recommended course of action is to reformat your Hard Drive and reinstall your Operating System. This essentially removes all data from your computer, and guarantees complete removal of the malware present.

However, not everyone wishes to reformat. Instead, they wish to proceed with cleaning the machine. Whilst the identified infection(s) can be removed, I cannot guarantee all malware present will be. This is due to the nature of the infection, and means your computer cannot be considered trustworthy.

Ultimately, you need to decide whether you wish to reformat or clean. The choice is yours.

Would you like to help others with malware removal? Join our Classroom and learn how!

#9 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 02:52 PM

Let's clean, for now. And i will backup and reformat later.

Will we use RogueKiller?

#10 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 17 October 2014 - 03:48 PM

Hello,

Are you aware ClamWin Free Antivirus does not provide real-time protection as files are written to your HDD? I would suggest switching to an Anti-Virus with real-time protection. If you're interested in this, please let me know and we can do so at the end of this process.

Please consider the following warning.

P2P WARNING

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware -worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology

P2P Software User Advisories

More malware is traveling on P2P networks these days

Your P2P software can be removed by following the instructions below.
Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.

Search for the aforementioned programmes, right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.

------------------------------

Will we use RogueKiller?

I see you've already run RogueKiller. Please include the log in your next reply.

STEP 1
Farbar Recovery Scan Tool (FRST) Script

(!) Navigate to C:\Farbar recovery. Right-click FRST64.exe and click Cut. Navigate to your Desktop, right-click and click Paste. All tools must be run from your Desktop.
Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
C:\Program Files (x86)\Mobile App Sync
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [{c97514bc-f96f-0509-955c-ec60f467cb48}] => C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe [363008 2014-08-31] ()
C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {097cd6a5-0844-11e4-b4df-02f46a003c85} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {8453939f-04ca-11e4-b41e-02f46a003c85} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SearchScopes: HKCU - {100F961F-B4B8-4AA6-84D5-6FE1093B46EB} URL = http://search.condui...9539864422&UM=2
SearchScopes: HKCU - {1DA704DE-1311-4C5A-BDAF-9190F66A9F76} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {6E6A121D-D07C-4FF9-9905-F6D937A4B49F} URL = http://websearch.ask...E2-9A483ED457A2
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo...&type=282369&p=
FF SearchPlugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml
CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]
2014-10-17 09:21 - 2013-09-02 23:08 - 00000000 ____D () C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar
C:\ProgramData\nud0repor.pad
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Nathan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

STEP 3
Junkware Removal Tool (JRT)

Please download Junkware Removal Tool and save the file to your Desktop.
Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Right-Click JRT.exe and select Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Are you interested in switching Anti-Virus?
RogueKiller log
Fixlog.txt
AdwCleaner[S0].txt
JRT.txt

Would you like to help others with malware removal? Join our Classroom and learn how!

Advertisements

Register to Remove

#11 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 06:01 PM

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.co...es/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Nathan [Administrator]

Mode : Scan -- Date : 10/17/2014 16:35:44

¤¤¤ Processes : 2 ¤¤¤

[Proc.Svchost] svchost.exe -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 16 ¤¤¤

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run | {c97514bc-f96f-0509-955c-ec60f467cb48} : "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe" -> Found

[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run | {c97514bc-f96f-0509-955c-ec60f467cb48} : "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe" -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Nathan\AppData\Local\Temp\aswVmm.sys) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\Nathan\AppData\Local\Temp\aswMBR.sys) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Nathan\AppData\Local\Temp\aswVmm.sys) -> Found

[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com -> Found

[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5783EDF0-2FD1-468D-82C7-ED8EA7F655C2} | DhcpNameServer : 168.95.1.1 -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5783EDF0-2FD1-468D-82C7-ED8EA7F655C2} | DhcpNameServer : 168.95.1.1 -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5783EDF0-2FD1-468D-82C7-ED8EA7F655C2} | DhcpNameServer : 168.95.1.1 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤

[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd2332e0

[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\Windows\system32\CFGMGR32.dll @ 0x7fefd23396c

[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef8a416f0

¤¤¤ Web browsers : 1 ¤¤¤

[PUM.HomePage][FIREFX:Config] mbdnjha5.default : user_pref("browser.startup.homepage", "google.com"); -> Found

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] b3cf63f686366a0f894be968d2bf4c48

[BSP] 01bc7774dca7efead93195a41bf88d39 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29362176 | Size: 100 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29566976 | Size: 290807 MB

User = LL1 ... OK

User = LL2 ... OK

============================================

RKreport_DEL_10172014_090925.log - RKreport_SCN_10172014_001445.log

#12 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 06:49 PM

Farbar is over 20 min for fixlist??

#13 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 17 October 2014 - 07:00 PM

Close FRST.

Go ahead and recreate Fixlist.txt. Open FRST and click Fix.

Would you like to help others with malware removal? Join our Classroom and learn how!

#14 sitepro

New Member

Authentic Member
10 posts

Posted 17 October 2014 - 07:08 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014

Ran by Nathan at 2014-10-17 20:22:42 Run:1

Running from C:\Users\Nathan\Desktop

Loaded Profile: Nathan (Available profiles: Nathan)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"

C:\Program Files (x86)\Mobile App Sync

C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {097cd6a5-0844-11e4-b4df-02f46a003c85} - E:\LG_PC_Programs.exe

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\...\MountPoints2: {8453939f-04ca-11e4-b41e-02f46a003c85} - F:\LG_PC_Programs.exe

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

SearchScopes: HKCU - {100F961F-B4B8-4AA6-84D5-6FE1093B46EB} URL = http://search.condui...9539864422&UM=2

SearchScopes: HKCU - {1DA704DE-1311-4C5A-BDAF-9190F66A9F76} URL = https://search.yahoo...p={searchTerms}

SearchScopes: HKCU - {6E6A121D-D07C-4FF9-9905-F6D937A4B49F} URL = http://websearch.ask...E2-9A483ED457A2

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

FF DefaultSearchEngine: Yahoo!

FF SelectedSearchEngine: Yahoo!

FF Keyword.URL: https://search.yahoo...&type=282369&p=

FF SearchPlugin: C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml

CHR HKCU\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]

CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx [2013-03-12]

2014-10-17 09:21 - 2013-09-02 23:08 - 00000000 ____D () C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar

C:\ProgramData\nud0repor.pad

CMD: ipconfig /flushdns

CMD: netsh winsock reset all

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

CMD: bitsadmin /reset /allusers

EmptyTemp:

end

*****************

HKLM => Group Policy Restriction on software restored successfully.

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MobileAppSync => value deleted successfully.

"C:\Program Files (x86)\Mobile App Sync" => File/Directory not found.

HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{c97514bc-f96f-0509-955c-ec60f467cb48} => value deleted successfully.

"C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}" directory move:

Could not move "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe" => Scheduled to move on reboot.

Could not move "C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}" directory. => Scheduled to move on reboot.

"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{097cd6a5-0844-11e4-b4df-02f46a003c85}" => Key deleted successfully.

"HKCR\CLSID\{097cd6a5-0844-11e4-b4df-02f46a003c85}" => Key not found.

"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8453939f-04ca-11e4-b41e-02f46a003c85}" => Key deleted successfully.

"HKCR\CLSID\{8453939f-04ca-11e4-b41e-02f46a003c85}" => Key not found.

"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key deleted successfully.

"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{100F961F-B4B8-4AA6-84D5-6FE1093B46EB}" => Key deleted successfully.

"HKCR\CLSID\{100F961F-B4B8-4AA6-84D5-6FE1093B46EB}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DA704DE-1311-4C5A-BDAF-9190F66A9F76}" => Key deleted successfully.

"HKCR\CLSID\{1DA704DE-1311-4C5A-BDAF-9190F66A9F76}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E6A121D-D07C-4FF9-9905-F6D937A4B49F}" => Key deleted successfully.

"HKCR\CLSID\{6E6A121D-D07C-4FF9-9905-F6D937A4B49F}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.

"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.

Firefox DefaultSearchEngine deleted successfully.

Firefox SelectedSearchEngine deleted successfully.

Firefox Keyword.URL deleted successfully.

C:\Users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\mbdnjha5.default\searchplugins\yahoo_ff.xml => Moved successfully.

"HKCU\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.

C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx => Moved successfully.

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle" => Key deleted successfully.

"C:\Users\Nathan\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx" => File/Directory not found.

C:\Users\Nathan\AppData\Local\AVG SafeGuard toolbar => Moved successfully.

C:\ProgramData\nud0repor.pad => Moved successfully.

"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.

"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

"HKU\S-1-5-21-3965309216-3280889811-3830929852-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Global, OK!

Reseting Interface, OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

There's no user specified settings to be reset.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {5D5EB998-9B11-4F6B-88A9-0142728425D9}.

0 out of 1 jobs canceled.

========= End of CMD: =========

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-17 21:07:07)<=

==> ATTENTION: System is not rebooted.

"C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}\{c97514bc-f96f-0509-955c-ec60f467cb48}.exe" => File could not move.

"C:\Users\Nathan\AppData\Local\Microsoft\{c97514bc-f96f-0509-955c-ec60f467cb48}" => Directory could not move.

==== End of Fixlog ====

#15 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 17 October 2014 - 07:13 PM

Please reboot your machine, and proceed with AdwCleaner and JRT.

Would you like to help others with malware removal? Join our Classroom and learn how!

Also tagged with one or more of these keywords: malware

Malware Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Weird behavior on my pc Started by ba_jets , 29 Jan 2024 Malware, Virus	0 replies 45,774 views	ba_jets 29 Jan 2024
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Gaming computer keeps running extremely slow and keep getting repeated Started by ShaneA94 , 08 Nov 2023 Hacked, spyware, malware	0 replies 55,905 views	ShaneA94 08 Nov 2023
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 32,358 views	Noalch 11 Dec 2022
Virus Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → How do i delete this Virus? (dllhost.exe) Started by Noalch , 11 Dec 2022 Virus, Dllhost.exe, Dllhost and 4 more...	0 replies 24,304 views	Noalch 11 Dec 2022
Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal → Pop ups keep stealing my browser and shutting my computer down. Started by Patrick's Mom , 21 Apr 2021 malware	2 replies 26,092 views	Juliet 01 May 2021

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Body Background

skin color theme

dllhost.exe *32 COM malware [Solved]

#1 sitepro

Advertisements

Register to Remove

#2 LiquidTension

#3 sitepro

#4 LiquidTension

#5 sitepro

#6 LiquidTension

#7 sitepro

#8 LiquidTension

#9 sitepro

#10 LiquidTension

Advertisements

Register to Remove

#11 sitepro

#12 sitepro

#13 LiquidTension

#14 sitepro

#15 LiquidTension

Related Topics

Also tagged with one or more of these keywords: malware

Weird behavior on my pc

Gaming computer keeps running extremely slow and keep getting repeated

How do i delete this Virus? (dllhost.exe)

How do i delete this Virus? (dllhost.exe)

Pop ups keep stealing my browser and shutting my computer down.

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

dllhost.exe *32 COM malware [Solved]

#1 sitepro

Advertisements Register to Remove

#2 LiquidTension

#3 sitepro

#4 LiquidTension

#5 sitepro

#6 LiquidTension

#7 sitepro

#8 LiquidTension

#9 sitepro

#10 LiquidTension

Advertisements Register to Remove

#11 sitepro

#12 sitepro

#13 LiquidTension

#14 sitepro

#15 LiquidTension

Related Topics

Also tagged with one or more of these keywords: malware

Weird behavior on my pc

Gaming computer keeps running extremely slow and keep getting repeated

How do i delete this Virus? (dllhost.exe)

How do i delete this Virus? (dllhost.exe)

Pop ups keep stealing my browser and shutting my computer down.

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove