Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop quite slow with lots of Popups [Solved]

Started by ethermac56 , Jan 15 2015 08:45 PM
laptop slow virus malware

  • This topic is locked This topic is locked

#1
ethermac56
Posted 15 January 2015 - 08:45 PM

ethermac56

    Member

  • Member
  • PipPip
  • 17 posts

My old laptop is taking several minutes to boot and recently began showing lots of new programs and messages warning me I need to call windows security experts and I need to update my video player etc.  Win 7 OS

 

log from OTL:

 

OTL logfile created on: 1/15/2015 8:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Susan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 61.65% Memory free
7.61 Gb Paging File | 6.46 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.89 Gb Total Space | 195.75 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 7.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: SUSAN-PC | User Name: Susan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/15 20:13:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Susan\Downloads\OTL.exe
PRC - [2015/01/08 18:35:57 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/08 18:35:56 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
MOD - [2015/01/08 18:35:54 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
MOD - [2015/01/08 18:35:48 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Susan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Susan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/02/05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/10 15:54:54 | 000,824,688 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/10/29 16:14:02 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 11:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/09/28 16:46:02 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2015/01/15 06:24:08 | 000,106,296 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)
SRV - [2015/01/15 06:24:08 | 000,106,296 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)
SRV - [2015/01/13 19:44:47 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/11 18:32:39 | 000,529,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe -- (Util Solution Real)
SRV - [2015/01/11 17:26:04 | 000,529,656 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Solution Real\updateSolutionReal.exe -- (Update Solution Real)
SRV - [2015/01/07 13:01:56 | 000,277,584 | ---- | M] (Better Brain) [Auto | Stopped] -- C:\Program Files (x86)\BetterBrain_1.10.0.6\Service\bbsvc.exe -- (bbsvc_1.10.0.6)
SRV - [2014/04/05 12:45:47 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/09 06:59:46 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/12/12 00:28:01 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/10/27 22:12:14 | 000,252,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/11 03:40:24 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys -- ({76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64)
DRV:64bit: - [2015/01/07 13:01:48 | 000,058,232 | ---- | M] (Better Brain) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bbnfd_1_10_0_6.sys -- (bbnfd_1_10_0_6)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/11/04 12:44:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 17:11:18 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/06/08 11:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/06/08 11:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/04/09 06:27:18 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/25 00:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 20:44:08 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/30 13:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 08:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/26 14:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/15 22:11:26 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 15:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/10/02 14:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 21:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/28 20:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 21:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 10:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 18:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 12:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/17 13:32:00 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder2.sys -- (Spyder2)
DRV - [2012/11/04 12:44:13 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D0D3E76D-0AB5-4F4B-BA42-38BC81B80673}
IE:64bit: - HKLM\..\SearchScopes\{D0D3E76D-0AB5-4F4B-BA42-38BC81B80673}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE:64bit: - HKLM\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://vosteran.com/...=1243036849&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B24B6165-CC09-48FD-97F0-918945E685B2}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{B24B6165-CC09-48FD-97F0-918945E685B2}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1243036849&ir=
IE - HKCU\..\SearchScopes,DefaultScope = {50FA7781-AE31-447F-ABED-4094CEE12925}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{4FF30A64-10E0-4949-8B46-474A1A8C68A1}: "URL" = http://www.google.co...TSNA_en___US378
IE - HKCU\..\SearchScopes\{50FA7781-AE31-447F-ABED-4094CEE12925}: "URL" = http://vosteran.com/...r=585968380&ir=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{B24B6165-CC09-48FD-97F0-918945E685B2}: "URL" = http://www.google.co...TSNA_en___US378
IE - HKCU\..\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}: "URL" = http://vosteran.com/...=1243036849&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..browser.search.selectedEngine: "Vosteran"
FF - prefs.js..browser.startup.homepage: "http://vosteran.com/...1243036849&ir="
FF - prefs.js..extensions.enabledAddons: %7B76eaa25f-d535-414d-8a8b-4bce0a94d247%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - prefs.js..keyword.URL: "http://search.yahoo....type=293224&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/04/05 12:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/04 18:49:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ConsumerInput@Compete: C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi [2014/09/23 07:12:30 | 000,510,118 | ---- | M] ()
 
[2010/08/01 16:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Extensions
[2015/01/15 06:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\extensions
[2015/01/11 17:26:04 | 000,007,139 | ---- | M] () (No name found) -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\extensions\{76eaa25f-d535-414d-8a8b-4bce0a94d247}.xpi
[2015/01/15 06:22:19 | 000,001,231 | ---- | M] () -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\searchplugins\Vosteran.xml
[2013/08/29 14:57:50 | 000,000,915 | ---- | M] () -- C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\searchplugins\yahoo.xml
[2014/04/05 12:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/05 12:45:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/09/23 07:12:30 | 000,510,118 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\CONSUMER INPUT\FIREFOX\CIFF-3.2.0-12039.XPI
[2011/04/25 00:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 01:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 00:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 00:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/04/25 01:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/04/25 01:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce\0.3.9_0\
CHR - Extension: No name found = C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2015/01/15 16:52:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll (Compete, Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Solution Real 1.0.0.6) - {1bb456da-878f-44a5-b013-4bfe0ae02fce} - C:\Program Files (x86)\Solution Real\SolutionRealbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: arise.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: arise.com ([ns] https in Trusted sites)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://javadl-esd.su...indows-i586.cab (isInstalled Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053B0C20-4E50-4910-BEB5-1F29654F2FF5}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1338A57D-11D7-41E5-A668-1D0CEEB9AC9C}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/15 16:55:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/01/15 16:55:06 | 000,000,000 | ---D | C] -- C:\windows\temp
[2015/01/15 16:42:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2015/01/15 16:42:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2015/01/15 16:27:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015/01/15 16:05:24 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2015/01/15 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Compete
[2015/01/15 15:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuneup computer
[2015/01/15 15:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuner
[2015/01/15 15:25:16 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Tuneup computer
[2015/01/15 15:24:55 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\PCTuner
[2015/01/15 06:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Consumer Input
[2015/01/15 06:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp
[2015/01/15 06:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Portable WeatherApp
[2015/01/15 06:24:33 | 000,000,000 | ---D | C] -- C:\windows\PCBHDNW
[2015/01/15 06:24:09 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Consumer Input
[2015/01/15 06:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Consumer Input
[2015/01/15 06:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BetterBrain_1.10.0.6
[2015/01/15 06:22:12 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\DigitalSites
[2015/01/15 06:22:10 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\1H1Q1V1N1N1O1R
[2015/01/11 23:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/11 23:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/11 20:39:34 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2015/01/11 20:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2015/01/11 19:58:59 | 000,000,000 | ---D | C] -- C:\windows\Temp3E0E1062-6166-3643-B178-8100810ABC33-Signatures
[2015/01/11 18:36:50 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
[2015/01/11 18:35:58 | 000,048,792 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys
[2015/01/11 18:27:36 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Roaming\UpdaterEX
[2015/01/11 18:27:35 | 000,000,000 | ---D | C] -- C:\Users\Susan\AppData\Local\Vosteran
[2015/01/11 18:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solution Real
[2015/01/07 13:01:48 | 000,058,232 | ---- | C] (Better Brain) -- C:\windows\SysNative\drivers\bbnfd_1_10_0_6.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/15 16:52:11 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2015/01/15 16:16:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/15 16:16:19 | 3063,070,720 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/15 16:15:08 | 000,000,362 | ---- | M] () -- C:\windows\tasks\CIMT_S-1-5-21-2405160577-2414623752-3231226182-1001.job
[2015/01/15 16:11:30 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/15 16:11:28 | 000,000,964 | ---- | M] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2015/01/15 15:53:12 | 000,262,939 | ---- | M] () -- C:\Users\Susan\Desktop\400px-Emperor_Sidious.png
[2015/01/15 15:44:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/15 15:31:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/15 15:29:00 | 000,000,968 | ---- | M] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2015/01/15 15:27:00 | 000,000,302 | ---- | M] () -- C:\windows\tasks\Vosteran_helper.job
[2015/01/15 15:25:20 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\PCTuner.lnk
[2015/01/15 15:11:35 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/15 15:10:23 | 000,000,130 | ---- | M] () -- C:\Users\Susan\AppData\Roaming\WB.CFG
[2015/01/15 06:35:29 | 000,000,396 | ---- | M] () -- C:\windows\tasks\CIMT_daily_S-1-5-21-2405160577-2414623752-3231226182-1001.job
[2015/01/15 06:24:34 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Weather Widget.lnk
[2015/01/15 06:14:15 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/15 06:14:15 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/13 18:27:17 | 000,000,010 | ---- | M] () -- C:\Users\Susan\AppData\Local\DSI.DAT
[2015/01/11 21:06:01 | 005,037,000 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2015/01/11 20:42:00 | 000,796,756 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/11 20:42:00 | 000,664,798 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/11 20:42:00 | 000,122,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/01/11 20:41:34 | 000,762,196 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2015/01/11 19:59:41 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2015/01/11 18:50:35 | 000,000,134 | ---- | M] () -- C:\Users\Susan\Desktop\Internet Explorer Troubleshooting.url
[2015/01/11 18:37:36 | 000,002,326 | ---- | M] () -- C:\Users\Susan\Desktop\Video Of The Day.lnk
[2015/01/11 18:37:35 | 000,002,162 | ---- | M] () -- C:\Users\Susan\Desktop\Facebook.lnk
[2015/01/11 18:36:50 | 000,002,283 | ---- | M] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk
[2015/01/11 18:36:50 | 000,002,281 | ---- | M] () -- C:\Users\Susan\Desktop\Vosteran.lnk
[2015/01/11 03:40:24 | 000,048,792 | ---- | M] (StdLib) -- C:\windows\SysNative\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys
[2015/01/07 13:01:48 | 000,058,232 | ---- | M] (Better Brain) -- C:\windows\SysNative\drivers\bbnfd_1_10_0_6.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/15 16:42:16 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2015/01/15 16:42:16 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2015/01/15 16:42:16 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2015/01/15 16:42:16 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2015/01/15 16:42:16 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2015/01/15 15:53:10 | 000,262,939 | ---- | C] () -- C:\Users\Susan\Desktop\400px-Emperor_Sidious.png
[2015/01/15 15:25:20 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\PCTuner.lnk
[2015/01/15 06:35:27 | 000,000,396 | ---- | C] () -- C:\windows\tasks\CIMT_daily_S-1-5-21-2405160577-2414623752-3231226182-1001.job
[2015/01/15 06:35:27 | 000,000,362 | ---- | C] () -- C:\windows\tasks\CIMT_S-1-5-21-2405160577-2414623752-3231226182-1001.job
[2015/01/15 06:24:34 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Weather Widget.lnk
[2015/01/15 06:24:12 | 000,000,968 | ---- | C] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2015/01/15 06:24:11 | 000,000,964 | ---- | C] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2015/01/13 18:27:17 | 000,000,010 | ---- | C] () -- C:\Users\Susan\AppData\Local\DSI.DAT
[2015/01/11 19:27:09 | 000,000,130 | ---- | C] () -- C:\Users\Susan\AppData\Roaming\WB.CFG
[2015/01/11 18:50:20 | 000,000,134 | ---- | C] () -- C:\Users\Susan\Desktop\Internet Explorer Troubleshooting.url
[2015/01/11 18:37:36 | 000,002,326 | ---- | C] () -- C:\Users\Susan\Desktop\Video Of The Day.lnk
[2015/01/11 18:37:35 | 000,002,162 | ---- | C] () -- C:\Users\Susan\Desktop\Facebook.lnk
[2015/01/11 18:36:50 | 000,002,283 | ---- | C] () -- C:\Users\Susan\Application Data\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk
[2015/01/11 18:36:50 | 000,002,281 | ---- | C] () -- C:\Users\Susan\Desktop\Vosteran.lnk
[2015/01/11 18:27:38 | 000,000,302 | ---- | C] () -- C:\windows\tasks\Vosteran_helper.job
[2013/10/29 05:32:23 | 000,000,871 | ---- | C] () -- C:\windows\Rtcwplat.INI
[2013/09/26 14:38:23 | 000,000,000 | ---- | C] () -- C:\windows\ToDisc.INI
[2011/08/18 08:01:05 | 000,000,000 | ---- | C] () -- C:\Users\Susan\AppData\Local\{39007869-378B-47F3-81EC-661C1667EC64}
[2010/10/06 12:41:09 | 000,009,008 | -H-- | C] () -- C:\Users\Susan\ZbThumbnail.info
[2010/10/06 12:40:54 | 001,582,371 | ---- | C] () -- C:\Users\Susan\IMG_2074.jpg
[2010/09/06 15:54:57 | 000,006,144 | ---- | C] () -- C:\Users\Susan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 19:23:35 | 000,008,428 | ---- | C] () -- C:\Users\Susan\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/01/15 06:22:10 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\1H1Q1V1N1N1O1R
[2010/12/07 17:09:20 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\acccore
[2011/03/10 08:45:06 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Arise
[2015/01/13 18:16:39 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\BitTorrent
[2011/01/19 22:52:25 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/16 19:06:25 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\com.zoosk.Desktop
[2013/08/25 00:27:13 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2015/01/15 15:55:33 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Compete
[2013/11/04 06:18:33 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\DAEMON Tools Lite
[2015/01/15 06:22:12 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\DigitalSites
[2014/04/26 22:49:33 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\FundySoftware
[2013/07/20 10:07:43 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\ICAClient
[2014/04/28 20:40:17 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Imagenomic
[2011/01/19 15:46:29 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\ImgBurn
[2010/05/09 10:22:32 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\iPodtoComputer
[2013/07/20 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Juniper Networks
[2012/11/03 08:59:52 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\MillersRemoteSuiteSportsEvents
[2014/02/26 17:28:36 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Octoshape
[2013/11/24 17:04:27 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\openvr
[2014/04/23 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\PDAppFlex
[2015/01/13 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Search Protection
[2010/11/19 22:37:49 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Tific
[2010/06/11 20:15:16 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Toshiba
[2015/01/15 15:25:16 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\Tuneup computer
[2015/01/13 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\UpdaterEX
[2014/01/26 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\uTorrent
[2010/05/08 22:07:16 | 000,000,000 | ---D | M] -- C:\Users\Susan\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
< End of report >
thanks in advance to any wh might take on this project.
 
 

  • 0

Advertisements

#2
Satchfan
Posted 16 January 2015 - 03:40 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Hello ethermac56 and welcome to GeeksToGo.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
FRST.txt
Addition.txt

Thanks

Satchfan

 


  • 0

#3
ethermac56
Posted 16 January 2015 - 06:26 AM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thank you  for the quick reply and offer.  I confess to one probable mistake.  I ran the first program while the machine was in Safe with network mode. 

When I reran after a normal bootup the log file was pretty clean. 
Requested logs to follow:

 

 

# AdwCleaner v4.107 - Report created 16/01/2015 at 05:42:49
# Updated 07/01/2015 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Susan - SUSAN-PC
# Running from : C:\Users\Susan\Downloads\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.18667

-\\ Mozilla Firefox v27.0.1 (en-US)

-\\ Google Chrome v39.0.2171.99

[C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=
[C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=

*************************

AdwCleaner[R0].txt - [32971 octets] - [16/01/2015 05:30:07]
AdwCleaner[R1].txt - [2935 octets] - [16/01/2015 05:40:41]
AdwCleaner[S0].txt - [33169 octets] - [16/01/2015 05:34:22]
AdwCleaner[S1].txt - [2870 octets] - [16/01/2015 05:42:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2930 octets] ##########

 

 

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Susan on Fri 01/16/2015 at  5:52:01.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}

 

~~~ Files

Successfully deleted: [File] C:\windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
Successfully deleted: [File] C:\windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Susan (administrator) on SUSAN-PC on 16-01-2015 06:11:10
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan (Available profiles: Susan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Better Brain) C:\Program Files (x86)\BetterBrain_1.10.0.6\Service\bbsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [506208 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.872
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-12-12] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorVisionStartup.lnk
ShortcutTarget: ColorVisionStartup.lnk -> C:\Program Files (x86)\ColorVision\ColorVisionStartup\ColorVisionStartup.exe (Datacolor)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {D0D3E76D-0AB5-4F4B-BA42-38BC81B80673} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {B24B6165-CC09-48FD-97F0-918945E685B2} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> DefaultScope {4FF30A64-10E0-4949-8B46-474A1A8C68A1} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {4FF30A64-10E0-4949-8B46-474A1A8C68A1} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {B24B6165-CC09-48FD-97F0-918945E685B2} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {D0D3E76D-0AB5-4F4B-BA42-38BC81B80673} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://javadl-esd.su...indows-i586.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.6.1 64.134.255.2 64.134.255.10

FireFox:
========
FF ProfilePath: C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default
FF DefaultSearchEngine: Yahoo
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: Solution Real 1.0.1 - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\Extensions\{76eaa25f-d535-414d-8a8b-4bce0a94d247}.xpi [2015-01-11]
FF HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=", "hxxp://msn.com/"
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSearchURL: Default -> http://vosteran.com/...r=1243036849=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-28]
CHR Extension: (Google Drive) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-19]
CHR Extension: (Google Search) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-19]
CHR Extension: (Google Wallet) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 bbsvc_1.10.0.6; C:\Program Files (x86)\BetterBrain_1.10.0.6\Service\bbsvc.exe [277584 2015-01-07] (Better Brain)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 bbnfd_1_10_0_6; C:\Windows\System32\drivers\bbnfd_1_10_0_6.sys [58232 2015-01-07] (Better Brain)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 Spyder2; C:\Windows\System32\DRIVERS\Spyder2.sys [15360 2007-01-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 06:11 - 2015-01-16 06:11 - 00026264 _____ () C:\Users\Susan\Desktop\FRST.txt
2015-01-16 06:11 - 2015-01-16 06:11 - 00000000 ____D () C:\FRST
2015-01-16 06:10 - 2015-01-16 06:10 - 02125312 _____ (Farbar) C:\Users\Susan\Desktop\FRST64.exe
2015-01-16 05:58 - 2015-01-16 05:58 - 02191360 _____ () C:\Users\Susan\Downloads\adwcleaner_4.107 (2).exe
2015-01-16 05:58 - 2015-01-16 05:58 - 01707939 _____ (Thisisu) C:\Users\Susan\Downloads\JRT (1).exe
2015-01-16 05:58 - 2015-01-16 05:58 - 01116672 _____ (Farbar) C:\Users\Susan\Downloads\FRST.exe
2015-01-16 05:56 - 2015-01-16 05:56 - 00001848 _____ () C:\Users\Susan\Desktop\JRT.txt
2015-01-16 05:54 - 2015-01-16 05:54 - 00000000 ____D () C:\Users\Susan\AppData\Local\PCTuner1
2015-01-16 05:51 - 2015-01-16 05:51 - 00000000 ____D () C:\windows\ERUNT
2015-01-16 05:50 - 2015-01-16 05:51 - 01707939 _____ (Thisisu) C:\Users\Susan\Downloads\JRT.exe
2015-01-16 05:50 - 2015-01-16 05:50 - 00003018 _____ () C:\Users\Susan\Desktop\AdwCleaner[S1].txt
2015-01-16 05:49 - 2015-01-16 05:50 - 02191360 _____ () C:\Users\Susan\Downloads\adwcleaner_4.107 (1).exe
2015-01-16 05:30 - 2015-01-16 05:42 - 00000000 ____D () C:\AdwCleaner
2015-01-16 05:29 - 2015-01-16 05:29 - 02191360 _____ () C:\Users\Susan\Downloads\adwcleaner_4.107.exe
2015-01-16 05:18 - 2015-01-16 05:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Susan\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-15 20:21 - 2015-01-15 20:21 - 00091080 _____ () C:\Users\Susan\Downloads\Extras.Txt
2015-01-15 20:20 - 2015-01-15 20:20 - 00116412 _____ () C:\Users\Susan\Downloads\OTL.Txt
2015-01-15 20:13 - 2015-01-15 20:13 - 00602112 _____ (OldTimer Tools) C:\Users\Susan\Downloads\OTL.exe
2015-01-15 16:55 - 2015-01-15 16:55 - 00032389 _____ () C:\ComboFix.txt
2015-01-15 16:42 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-15 16:42 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-15 16:42 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-15 16:42 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-15 16:42 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-15 16:42 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-15 16:42 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-15 16:27 - 2015-01-15 16:55 - 00000000 ____D () C:\Qoobox
2015-01-15 16:25 - 2015-01-15 16:26 - 05609736 ____R (Swearware) C:\Users\Susan\Downloads\ComboFix.exe
2015-01-15 16:05 - 2015-01-15 16:53 - 00000000 ____D () C:\windows\erdnt
2015-01-15 15:55 - 2015-01-15 15:55 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Compete
2015-01-15 15:25 - 2015-01-15 15:25 - 00003684 _____ () C:\windows\System32\Tasks\boosterpop
2015-01-15 15:25 - 2015-01-15 15:25 - 00003682 _____ () C:\windows\System32\Tasks\IEError
2015-01-15 15:25 - 2015-01-15 15:25 - 00003498 _____ () C:\windows\System32\Tasks\AI_Updater
2015-01-15 15:25 - 2015-01-15 15:25 - 00001938 _____ () C:\Users\Public\Desktop\PCTuner.lnk
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Tuneup computer
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuner
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer
2015-01-15 15:24 - 2015-01-15 15:24 - 00000000 ____D () C:\Users\Susan\AppData\Local\PCTuner
2015-01-15 06:35 - 2015-01-16 06:12 - 00000362 _____ () C:\windows\Tasks\CIMT_S-1-5-21-2405160577-2414623752-3231226182-1001.job
2015-01-15 06:35 - 2015-01-15 06:35 - 00003398 _____ () C:\windows\System32\Tasks\CIMT_daily_S-1-5-21-2405160577-2414623752-3231226182-1001
2015-01-15 06:35 - 2015-01-15 06:35 - 00003276 _____ () C:\windows\System32\Tasks\CIMT_S-1-5-21-2405160577-2414623752-3231226182-1001
2015-01-15 06:35 - 2015-01-15 06:35 - 00000396 _____ () C:\windows\Tasks\CIMT_daily_S-1-5-21-2405160577-2414623752-3231226182-1001.job
2015-01-15 06:35 - 2015-01-15 06:35 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-01-15 06:30 - 2015-01-15 06:30 - 00368256 _____ (RegNow.com) C:\Users\Susan\Downloads\Download_MaxSDRDM.exe
2015-01-15 06:24 - 2015-01-15 06:24 - 00003652 _____ () C:\windows\System32\Tasks\IE_ERR4WDR
2015-01-15 06:24 - 2015-01-15 06:24 - 00003628 _____ () C:\windows\System32\Tasks\HDNINSTSCHD
2015-01-15 06:24 - 2015-01-15 06:24 - 00003494 _____ () C:\windows\System32\Tasks\UPDTEXE4_WDR
2015-01-15 06:24 - 2015-01-15 06:24 - 00001980 _____ () C:\Users\Public\Desktop\Weather Widget.lnk
2015-01-15 06:24 - 2015-01-15 06:24 - 00000000 ____D () C:\windows\PCBHDNW
2015-01-15 06:24 - 2015-01-15 06:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp
2015-01-15 06:24 - 2015-01-15 06:24 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp
2015-01-15 06:22 - 2015-01-15 06:22 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\1H1Q1V1N1N1O1R
2015-01-15 06:22 - 2015-01-15 06:22 - 00000000 ____D () C:\Program Files (x86)\BetterBrain_1.10.0.6
2015-01-15 06:21 - 2015-01-15 06:21 - 00796912 _____ ( ) C:\Users\Susan\Downloads\FileOpenerSetup.exe
2015-01-13 18:27 - 2015-01-13 18:27 - 00000010 _____ () C:\Users\Susan\AppData\Local\DSI.DAT
2015-01-11 23:01 - 2015-01-15 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 23:01 - 2015-01-13 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 19:59 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-01-11 19:59 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-01-11 19:59 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-01-11 19:59 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-01-11 19:59 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-01-11 19:59 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-01-11 19:59 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-01-11 19:59 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-01-11 19:59 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-01-11 19:59 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-01-11 19:58 - 2015-01-11 19:59 - 00000000 ____D () C:\windows\Temp3E0E1062-6166-3643-B178-8100810ABC33-Signatures
2015-01-11 19:48 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-01-11 19:48 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-01-11 19:44 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2015-01-11 19:44 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2015-01-11 19:44 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2015-01-11 19:44 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2015-01-11 19:44 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2015-01-11 19:44 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2015-01-11 19:44 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2015-01-11 19:44 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2015-01-11 19:34 - 2014-11-21 05:35 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 12289024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 09058816 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 02467328 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 01541632 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-01-11 19:34 - 2014-11-21 05:34 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-01-11 19:34 - 2014-11-21 05:33 - 00495616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-01-11 19:34 - 2014-11-21 05:33 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-01-11 19:34 - 2014-11-21 05:33 - 00174592 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-01-11 19:34 - 2014-11-21 05:33 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-01-11 19:34 - 2014-11-21 05:33 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-01-11 19:34 - 2014-11-21 05:32 - 01538048 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-01-11 19:34 - 2014-11-21 04:44 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-01-11 19:34 - 2014-11-21 04:43 - 06026240 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-01-11 19:34 - 2014-11-21 04:43 - 01267712 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-01-11 19:34 - 2014-11-21 04:43 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-01-11 19:34 - 2014-11-21 04:43 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-01-11 19:34 - 2014-11-21 04:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-01-11 19:34 - 2014-11-21 04:43 - 00064512 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-01-11 19:34 - 2014-11-21 04:43 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-01-11 19:34 - 2014-11-21 04:42 - 11019264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-01-11 19:34 - 2014-11-21 04:42 - 02086912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-01-11 19:34 - 2014-11-21 04:42 - 00345600 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-01-11 19:34 - 2014-11-21 04:42 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-01-11 19:34 - 2014-11-21 04:42 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-01-11 19:34 - 2014-11-21 04:41 - 01466368 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-01-11 19:34 - 2014-11-21 04:41 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-01-11 19:34 - 2014-11-21 04:41 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-01-11 19:34 - 2014-11-21 04:41 - 00016384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-01-11 19:34 - 2014-11-21 04:23 - 00482816 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-01-11 19:34 - 2014-11-21 03:28 - 00386048 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-01-11 19:34 - 2014-11-21 02:55 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-01-11 19:34 - 2014-11-21 01:53 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-01-11 19:27 - 2015-01-15 15:10 - 00000130 _____ () C:\Users\Susan\AppData\Roaming\WB.CFG
2015-01-11 19:18 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-01-11 19:18 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-01-11 19:18 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-01-11 19:18 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-01-11 19:18 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-01-11 19:18 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-01-11 19:18 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-01-11 19:18 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-01-11 19:18 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-01-11 19:18 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2015-01-11 19:18 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2015-01-11 19:18 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2015-01-11 19:18 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2015-01-11 19:18 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2015-01-11 19:18 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2015-01-11 19:18 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2015-01-11 19:18 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2015-01-11 19:18 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2015-01-11 19:17 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-01-11 19:17 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-01-11 19:17 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-01-11 19:17 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-01-11 19:17 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-01-11 19:17 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2015-01-11 19:17 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-01-11 19:17 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-01-11 19:17 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-01-11 19:17 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-01-11 19:17 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-01-11 19:16 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-01-11 19:16 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-01-11 19:16 - 2014-03-04 03:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-11 19:16 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2015-01-11 19:16 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-01-11 19:16 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2015-01-11 19:16 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2015-01-11 19:16 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2015-01-11 19:16 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2015-01-11 19:16 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2015-01-11 19:16 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2015-01-11 19:16 - 2014-03-04 03:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-11 19:16 - 2014-03-04 03:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-11 19:16 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2015-01-11 19:16 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2015-01-11 19:16 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2015-01-11 19:16 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2015-01-11 19:16 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2015-01-11 19:16 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2015-01-11 19:16 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2015-01-11 19:16 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-01-11 19:15 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-01-11 19:15 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-01-11 19:15 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-01-11 19:15 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-01-11 19:15 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-01-11 19:15 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-01-11 19:15 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-01-11 19:15 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-01-11 19:15 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-01-11 19:15 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-01-11 19:15 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-01-11 19:15 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-01-11 19:15 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-01-11 19:15 - 2014-04-11 20:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-01-11 19:15 - 2014-04-11 20:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-01-11 19:15 - 2014-04-11 20:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-01-11 19:15 - 2014-04-11 20:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-01-11 19:15 - 2014-04-11 20:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-01-11 19:13 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-01-11 19:13 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-01-11 19:13 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-01-11 19:13 - 2014-10-29 20:04 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-11 19:13 - 2014-10-29 19:46 - 00428544 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-11 19:13 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-01-11 19:13 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-01-11 19:13 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-01-11 19:13 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-01-11 19:13 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-01-11 19:13 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-01-11 19:13 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2015-01-11 19:13 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2015-01-11 19:13 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2015-01-11 19:13 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2015-01-11 19:13 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2015-01-11 19:13 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2015-01-11 19:13 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2015-01-11 19:13 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2015-01-11 19:13 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-01-11 19:13 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-01-11 19:13 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-01-11 19:13 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-01-11 19:13 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-01-11 19:13 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-01-11 19:13 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-01-11 19:13 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-01-11 19:13 - 2011-02-25 00:19 - 02871808 _____ (Microsoft Corporation) C:\windows\explorer.exe
2015-01-11 19:13 - 2011-02-24 23:30 - 02616320 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2015-01-11 19:12 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-01-11 19:12 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-01-11 19:12 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-01-11 19:12 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-01-11 19:12 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-11 19:12 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-01-11 19:12 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-01-11 19:12 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-01-11 19:12 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-11 19:12 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-11 19:12 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-11 19:12 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-11 19:12 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-01-11 19:12 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-01-11 19:12 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-11 19:12 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-01-11 19:12 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-01-11 19:12 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-11 19:12 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-11 19:12 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-01-11 19:12 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-11 19:12 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-01-11 19:12 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-01-11 19:12 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-01-11 19:12 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-01-11 19:12 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-01-11 19:12 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-01-11 19:12 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-01-11 19:12 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-01-11 19:12 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-01-11 19:12 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-01-11 19:12 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-01-11 19:12 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-01-11 19:12 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-01-11 19:12 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-01-11 19:12 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-01-11 19:12 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-01-11 19:12 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-01-11 19:12 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-01-11 19:12 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-01-11 19:12 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-01-11 19:12 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2015-01-11 19:12 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2015-01-11 19:12 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2015-01-11 19:12 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-01-11 19:12 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-01-11 19:12 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-01-11 19:12 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-01-11 19:12 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-01-11 19:12 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-01-11 19:12 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-01-11 19:12 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-01-11 19:12 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-01-11 19:12 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-01-11 19:12 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-01-11 19:12 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-01-11 19:12 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-01-11 19:12 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-01-11 19:12 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-01-11 19:12 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-01-11 19:12 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-01-11 19:12 - 2014-01-28 20:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-11 19:12 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-11 19:12 - 2014-01-27 20:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-01-11 19:12 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-01-11 19:12 - 2013-12-31 17:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2015-01-11 19:12 - 2013-12-31 17:04 - 00420008 _____ () C:\windows\system32\locale.nls
2015-01-11 19:12 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2015-01-11 19:12 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2015-01-11 19:12 - 2012-02-11 00:36 - 00559104 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2015-01-11 19:12 - 2012-02-11 00:36 - 00067072 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2015-01-11 19:11 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-01-11 19:11 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-01-11 19:11 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-01-11 19:11 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-01-11 19:11 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2015-01-11 19:11 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2015-01-11 19:11 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-01-11 19:11 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2015-01-11 19:11 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2015-01-11 19:11 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2015-01-11 19:11 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-01-11 19:11 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-01-11 19:11 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2015-01-11 19:11 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2015-01-11 19:11 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2015-01-11 19:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-01-11 19:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-01-11 18:52 - 2015-01-11 18:53 - 04904874 _____ () C:\Users\Susan\Downloads\Windows6.1-KB2731771-x86.msu
2015-01-11 18:52 - 2015-01-11 18:52 - 01662478 _____ () C:\Users\Susan\Downloads\Windows6.1-KB2729094-v2-x86.msu
2015-01-11 18:50 - 2015-01-11 18:50 - 00000134 _____ () C:\Users\Susan\Desktop\Internet Explorer Troubleshooting.url
2015-01-11 18:37 - 2015-01-16 05:34 - 00001016 _____ () C:\Users\Susan\Desktop\Video Of The Day.lnk
2015-01-11 18:36 - 2015-01-11 18:36 - 00002281 _____ () C:\Users\Susan\Desktop\Vosteran.lnk
2015-01-11 18:27 - 2015-01-16 05:01 - 00000302 _____ () C:\windows\Tasks\Vosteran_helper.job
2015-01-11 18:27 - 2015-01-11 18:27 - 00003242 _____ () C:\windows\System32\Tasks\Vosteran_helper
2015-01-11 18:26 - 2015-01-11 21:34 - 00012820 _____ () C:\windows\IE11_main.log
2015-01-11 18:26 - 2015-01-11 18:25 - 02077392 _____ (Microsoft Corporation) C:\Users\Susan\Downloads\IE11-Windows6.1.exe
2015-01-11 18:12 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-01-11 18:12 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-01-11 18:12 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-01-11 18:12 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-01-11 18:11 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-01-11 18:11 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-01-11 18:11 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-01-11 18:11 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-01-11 18:11 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-01-11 18:11 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-01-11 18:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-01-11 18:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-01-11 18:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-01-11 18:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-01-07 13:01 - 2015-01-07 13:01 - 00058232 _____ (Better Brain) C:\windows\system32\Drivers\bbnfd_1_10_0_6.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 06:08 - 2010-08-06 10:24 - 00000000 ____D () C:\Users\Susan\AppData\Local\CrashDumps
2015-01-16 05:56 - 2013-07-14 06:13 - 01534924 _____ () C:\windows\WindowsUpdate.log
2015-01-16 05:55 - 2009-07-13 22:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 05:55 - 2009-07-13 22:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 05:53 - 2010-05-08 21:44 - 00000000 ____D () C:\Users\Susan\AppData\Local\Adobe
2015-01-16 05:44 - 2013-06-21 13:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 05:43 - 2014-01-26 09:33 - 00021780 _____ () C:\windows\PFRO.log
2015-01-16 05:43 - 2014-01-05 04:29 - 00007285 _____ () C:\windows\setupact.log
2015-01-16 05:43 - 2010-05-08 20:44 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 05:43 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 05:02 - 2010-05-08 20:44 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 16:55 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2015-01-15 16:52 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2015-01-15 16:51 - 2010-05-08 22:06 - 00000000 ____D () C:\Users\Susan
2015-01-15 16:11 - 2009-07-13 23:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-01-15 15:11 - 2014-04-05 09:14 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-15 06:10 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-15 06:09 - 2012-03-06 10:39 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\vlc
2015-01-13 19:44 - 2013-06-21 13:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 19:44 - 2012-08-08 18:05 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 19:44 - 2012-02-18 21:43 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 18:30 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-13 18:18 - 2010-12-25 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-01-13 18:16 - 2014-04-05 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-13 18:16 - 2012-03-03 16:14 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-13 18:16 - 2010-12-25 00:28 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\Malwarebytes
2015-01-13 18:16 - 2010-12-25 00:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 18:16 - 2010-12-25 00:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-13 18:16 - 2010-05-09 10:36 - 00000000 ____D () C:\Users\Susan\AppData\Roaming\BitTorrent
2015-01-13 18:15 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2015-01-13 18:12 - 2009-12-12 00:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-11 21:07 - 2009-07-13 20:34 - 00000601 _____ () C:\windows\win.ini
2015-01-11 21:06 - 2009-07-13 22:45 - 05037000 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-11 21:05 - 2013-04-28 06:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-11 21:05 - 2013-04-28 06:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-11 21:00 - 2009-07-14 01:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-11 21:00 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-01-11 21:00 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\Dism
2015-01-11 20:49 - 2010-02-01 02:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-11 20:42 - 2009-07-13 23:13 - 00796756 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-11 20:41 - 2011-02-20 10:23 - 00762196 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-11 20:23 - 2014-01-26 12:37 - 00000000 ____D () C:\windows\system32\MRT
2015-01-11 19:59 - 2012-05-08 02:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-11 19:59 - 2011-08-20 03:49 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-11 19:59 - 2011-02-20 10:23 - 00001945 _____ () C:\windows\epplauncher.mif
2015-01-11 19:59 - 2011-02-20 10:22 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-11 19:56 - 2013-04-28 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-07 00:30 - 2010-05-08 20:23 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Susan\AppData\Local\Temp\Quarantine.exe
C:\Users\Susan\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-07 09:06

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Susan at 2015-01-16 06:12:10
Running from C:\Users\Susan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Better Brain 1.10.0.6 (HKLM-x32\...\BetterBrain_1.10.0.6) (Version: 1.10.0.6 - Better Brain)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.1.3.10972 - doubleTwist Corporation)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fundy Designer version 1.6.13 (HKLM-x32\...\{2EB6CDD7-506F-4D1A-989A-27DC85A11739}_is1) (Version: 1.6.13 - Fundy Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
iPhone/iTouch/iPod to Computer Transfer 7.5.0 (HKLM-x32\...\Cucusoft iPhone/iTouch/iPod to Computer Transfer_is1) (Version:  - Cucusoft, Inc.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 17 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150170}) (Version: 1.5.0.170 - Sun Microsystems, Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\Neoteris_Host_Checker) (Version: 7.1.8.20737 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (HKLM-x32\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.17087 - Juniper Networks)
Juniper Networks Network Connect 7.1.8 (HKLM-x32\...\Juniper Network Connect 7.1.8) (Version: 7.1.8.20737 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\Juniper_Setup_Client) (Version: 7.1.8.19851 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\Juniper_Term_Services) (Version: 7.1.8.20737 - Juniper Networks)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
PCTuner (HKLM-x32\...\{D9153832-BD97-41FD-A4F3-A135E204B7A2}) (Version: 1.0.0.0 - Tuneup computer)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
RSA SecurID Software Token (HKLM-x32\...\{0F894917-79EE-4BC3-9C3A-E267BF40F524}) (Version: 3.0.7.0000 - RSA Security)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spyder2express (HKLM-x32\...\Spyder2express) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.11.0 - Synaptics Incorporated)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.1 - Topaz Labs, LLC)
Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.5.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation)
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
TouchCopy 09 (HKLM-x32\...\{08760061-E666-4903-BEBB-5227FC91B82C}) (Version: 9.61 - Wide Angle Software)
TuneSync (HKLM-x32\...\{F806881A-0076-4FA3-AB0F-A033355750EF}) (Version: 2.0.12 - Highwind Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WeatherApp (HKLM-x32\...\{40060F30-F802-40C3-AA01-D084924B60C7}) (Version: 1.0.0.0 - Portable WeatherApp)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

22-05-2014 20:06:37 Restore Operation
24-05-2014 16:33:58 Windows Update
30-05-2014 21:20:24 Windows Update
30-05-2014 21:29:09 Windows Update
04-10-2014 11:49:16 Windows Update
12-11-2014 21:40:31 Windows Update
11-01-2015 18:11:20 Windows Update
11-01-2015 19:42:21 Windows Update
11-01-2015 21:35:03 Windows Modules Installer
13-01-2015 18:07:37 Restore Operation
14-01-2015 21:08:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-08-27 20:08 - 2015-01-15 16:52 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02E47533-007B-423A-A243-55FC95A76A9C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: {05A2A093-D53E-4696-9976-71C10C4B34E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {19B90345-9509-4897-A828-9D8FC9066456} - System32\Tasks\HDNINSTSCHD => C:\windows\PCBHDNW\hdnInstaller.exe [2014-12-15] ()
Task: {20FE6481-DAD1-48EC-9F7C-6EB92F4A2C33} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {22B212A8-4E2E-4670-B357-6ADFD116D13C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {28F82589-A170-4253-AE15-7E9657FD7E55} - System32\Tasks\AdobeAAMUpdater-1.0-Susan-PC-Susan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {523833E6-49A2-4270-B9AB-3F63A7C63173} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe [2014-12-15] ()
Task: {5D06295B-43CA-437B-B467-D07071A44E46} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe [2014-12-11] (Popialert)
Task: {71AFB403-C187-4DFD-81B5-9068807C4218} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe [2014-12-11] (Probsalert)
Task: {748BA60E-939B-4B43-ACB8-B92B74B10D8A} - System32\Tasks\CIMT_daily_S-1-5-21-2405160577-2414623752-3231226182-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {8F80BF00-155C-4A65-AE2B-615C4E79F044} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe [2014-12-15] (Portable WeatherApp)
Task: {9C316141-BB43-470F-83C8-BB8FE345602F} - System32\Tasks\CIMT_S-1-5-21-2405160577-2414623752-3231226182-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {A27FF689-45EC-4A13-B673-3EE6DA81178C} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {A35763AB-1CB7-4ACE-9C90-765C3A87E0A2} - System32\Tasks\Vosteran_helper => C:\Users\Susan\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe
Task: {B1805164-96CB-4421-89F5-1CC0ACE05E47} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B58FC07D-E063-4FD9-9232-948AD60C2B63} - System32\Tasks\{E935FD72-494A-4D1C-B740-22CAD1BEBD55} => pcalua.exe -a D:\motsetup.exe -d D:\
Task: {EA2CBC77-3E7D-42C1-BD45-6040E682B5F5} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe [2014-12-11] (Tuneup computer)
Task: {F3EF7A08-D196-4223-9B31-7F3A5A91D863} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\CIMT_daily_S-1-5-21-2405160577-2414623752-3231226182-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\windows\Tasks\CIMT_S-1-5-21-2405160577-2414623752-3231226182-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Vosteran_helper.job => C:\Users\Susan\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe

==================== Loaded Modules (whitelisted) =============

2009-10-18 17:20 - 2009-10-18 17:20 - 07959864 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 15:26 - 2009-11-03 15:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-12-12 00:22 - 2009-06-22 17:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 21:08 - 2009-03-12 21:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 19:38 - 2009-07-25 19:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-10-30 19:20 - 2009-10-30 19:20 - 00417592 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-03-20 10:24 - 2014-03-20 10:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-03-20 10:24 - 2014-03-20 10:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-18 22:22 - 2014-03-18 22:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Susan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TuneSync => "C:\Program Files (x86)\Highwind Software\TuneSync\TuneSync.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Susan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-2405160577-2414623752-3231226182-500 - Administrator - Disabled)
Guest (S-1-5-21-2405160577-2414623752-3231226182-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2405160577-2414623752-3231226182-1002 - Limited - Enabled)
Susan (S-1-5-21-2405160577-2414623752-3231226182-1001 - Administrator - Enabled) => C:\Users\Susan

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 06:08:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.18667, time stamp: 0x546efead
Faulting module name: mshtml.dll, version: 8.0.7601.18667, time stamp: 0x546f221a
Exception code: 0xc0000005
Fault offset: 0x00000000000ad820
Faulting process id: 0x184
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-01-15 16:51:22.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-15 16:51:22.094
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 47%
Total physical RAM: 3894.9 MB
Available physical RAM: 2033.21 MB
Total Pagefile: 7787.98 MB
Available Pagefile: 5689.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:195.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31AC024B)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

==================== End Of Log ============================


  • 0

#4
Satchfan
Posted 16 January 2015 - 09:37 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

That got rid of some but you still have Vosteran on you computer, (thanks to Chrome), so there is still work to be done.


P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

It almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

Also, uninstall PCTuneup.

===================================================

I notice you have run ComboFix which is not recommended. ComboFix is a VERY powerful tool that can reduce a computer to a useless piece of metal without expert guidance.

While you may see ComboFix being used quite often without incident, the tool should NEVER be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

Please send the log from when you ran it. ComboFix logs are located at c:\combofix.txt, older logs are at c:\qoobox\combofix2.txt, c:\qoobox\ComboFix3.txt etc

===================================================

There are some remnants of AVG on your computer so please download and run AVG Removal Tool from here.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.


HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> DefaultScope {4FF30A64-10E0-4949-8B46-474A1A8C68A1} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {4FF30A64-10E0-4949-8B46-474A1A8C68A1} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {B24B6165-CC09-48FD-97F0-918945E685B2} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {D0D3E76D-0AB5-4F4B-BA42-38BC81B80673} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Extension: Solution Real 1.0.1 - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\Extensions\{76eaa25f-d535-414d-8a8b-4bce0a94d247}.xpi [2015-01-11]
FF HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi [Not Found]
Chrome:
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=", "hxxp://msn.com/"
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSearchURL: Default -> http://vosteran.com/...r=1243036849=
2015-01-11 18:37 - 2015-01-16 05:34 - 00001016 _____ () C:\Users\Susan\Desktop\Video Of The Day.lnk
2015-01-11 18:36 - 2015-01-11 18:36 - 00002281 _____ () C:\Users\Susan\Desktop\Vosteran.lnk
2015-01-11 18:27 - 2015-01-16 05:01 - 00000302 _____ () C:\windows\Tasks\Vosteran_helper.job
2015-01-11 18:27 - 2015-01-11 18:27 - 00003242 _____ () C:\windows\System32\Tasks\Vosteran_helper
2015-01-11 18:26 - 2015-01-11 21:34 - 00012820 _____ () C:\windows\IE11_main.log
Task: {A35763AB-1CB7-4ACE-9C90-765C3A87E0A2} - System32\Tasks\Vosteran_helper => C:\Users\Susan\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe
Task: C:\windows\Tasks\Vosteran_helper.job => C:\Users\Susan\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe
C:\Users\Susan\Desktop\Video Of The Day.lnk
C:\Users\Susan\Desktop\Vosteran.lnk
C:\windows\Tasks\Vosteran_helper.job
C:\windows\System32\Tasks\Vosteran_helper
C:\windows\IE11_main.log
C:\Users\Susan\AppData\Local\Vosteran

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

ComboFix.txt
Fixlog.txt
Mbam.txt

Can you tell me if there are any remaining problems.

Satchfan

 


  • 0

#5
ethermac56
Posted 16 January 2015 - 07:09 PM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Satchfan,

 

Although I see an icon for uTorrent in the Programs list it does not show on the list of Programs that can be uninstalled.

 

Malwarebytes Antimalware will not run as I get a error message and can not be uninstalled as I get a message saying a certain file is missing.  When I try to download the program again it fails.

 

PC Tuner uninstalled.

 

 

Let me try and get on the infected machine and proceed as directed from there.


  • 0

#6
ethermac56
Posted 16 January 2015 - 08:19 PM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Contents of fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by Susan at 2015-01-16 20:04:42 Run:1
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan (Available profiles: Susan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> DefaultScope {4FF30A64-10E0-4949-8B46-474A1A8C68A1} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {4FF30A64-10E0-4949-8B46-474A1A8C68A1} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {B24B6165-CC09-48FD-97F0-918945E685B2} URL = http://www.google.co...TSNA_en___US378
SearchScopes: HKU\S-1-5-21-2405160577-2414623752-3231226182-1001 -> {D0D3E76D-0AB5-4F4B-BA42-38BC81B80673} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
FF Extension: Solution Real 1.0.1 - C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\Extensions\{76eaa25f-d535-414d-8a8b-4bce0a94d247}.xpi [2015-01-11]
FF HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi
FF Extension: No Name - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi [Not Found]
Chrome:
CHR HomePage: Default -> hxxp://vosteran.com/?f=1&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ggfc_15_03_ch&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0Dzyzz0DyDtC0FyE0DyBtN0D0Tzu0StCtCtCtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtDzyzzzytC0ByDtG0FyBzyzztG0D0C0FzztGzztC0AtDtGtAtBzztA0Czy0AtA0B0ByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyE0C0ByDtAyEtGzzyE0A0BtGyEyB0EyBtG0A0D0DzytGtD0D0E0E0FtB0FyC0FtAzyyE2Q&cr=1243036849&ir=", "hxxp://msn.com/"
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR DefaultSearchURL: Default -> http://vosteran.com/...r=1243036849=
2015-01-11 18:37 - 2015-01-16 05:34 - 00001016 _____ () C:\Users\Susan\Desktop\Video Of The Day.lnk
2015-01-11 18:36 - 2015-01-11 18:36 - 00002281 _____ () C:\Users\Susan\Desktop\Vosteran.lnk
2015-01-11 18:27 - 2015-01-16 05:01 - 00000302 _____ () C:\windows\Tasks\Vosteran_helper.job
2015-01-11 18:27 - 2015-01-11 18:27 - 00003242 _____ () C:\windows\System32\Tasks\Vosteran_helper
2015-01-11 18:26 - 2015-01-11 21:34 - 00012820 _____ () C:\windows\IE11_main.log
Task: {A35763AB-1CB7-4ACE-9C90-765C3A87E0A2} - System32\Tasks\Vosteran_helper => C:\Users\Susan\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe
Task: C:\windows\Tasks\Vosteran_helper.job => C:\Users\Susan\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe
C:\Users\Susan\Desktop\Video Of The Day.lnk
C:\Users\Susan\Desktop\Vosteran.lnk
C:\windows\Tasks\Vosteran_helper.job
C:\windows\System32\Tasks\Vosteran_helper
C:\windows\IE11_main.log
C:\Users\Susan\AppData\Local\Vosteran
*****************

"HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4FF30A64-10E0-4949-8B46-474A1A8C68A1}" => Key deleted successfully.
HKCR\CLSID\{4FF30A64-10E0-4949-8B46-474A1A8C68A1} => Key not found.
"HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B24B6165-CC09-48FD-97F0-918945E685B2}" => Key deleted successfully.
HKCR\CLSID\{B24B6165-CC09-48FD-97F0-918945E685B2} => Key not found.
"HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0D3E76D-0AB5-4F4B-BA42-38BC81B80673}" => Key deleted successfully.
HKCR\CLSID\{D0D3E76D-0AB5-4F4B-BA42-38BC81B80673} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\Extensions\{76eaa25f-d535-414d-8a8b-4bce0a94d247}.xpi => Moved successfully.
HKU\S-1-5-21-2405160577-2414623752-3231226182-1001\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value deleted successfully.
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi not found.
Chrome: => Error: No automatic fix found for this entry.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Users\Susan\Desktop\Video Of The Day.lnk => Moved successfully.
C:\Users\Susan\Desktop\Vosteran.lnk => Moved successfully.
"C:\windows\Tasks\Vosteran_helper.job" => File/Directory not found.
C:\windows\System32\Tasks\Vosteran_helper => Moved successfully.
C:\windows\IE11_main.log => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A35763AB-1CB7-4ACE-9C90-765C3A87E0A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35763AB-1CB7-4ACE-9C90-765C3A87E0A2}" => Key deleted successfully.
C:\Windows\System32\Tasks\Vosteran_helper not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran_helper" => Key deleted successfully.
C:\windows\Tasks\Vosteran_helper.job not found.
"C:\Users\Susan\Desktop\Video Of The Day.lnk" => File/Directory not found.
"C:\Users\Susan\Desktop\Vosteran.lnk" => File/Directory not found.
"C:\windows\Tasks\Vosteran_helper.job" => File/Directory not found.
"C:\windows\System32\Tasks\Vosteran_helper" => File/Directory not found.
"C:\windows\IE11_main.log" => File/Directory not found.
"C:\Users\Susan\AppData\Local\Vosteran" => File/Directory not found.

==== End of Fixlog 20:04:42 ====

.txt from Farbar

 

 

Contents of log from Combofix:

 

ComboFix 15-01-08.01 - Susan 01/16/2015  20:11:57.4.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2741 [GMT -6:00]
Running from: c:\users\Susan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-17 to 2015-01-17  )))))))))))))))))))))))))))))))
.
.
2015-01-17 02:16 . 2015-01-17 02:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-17 02:16 . 2015-01-17 02:16 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-01-17 00:55 . 2015-01-17 00:55 -------- d-----w- c:\program files (x86)\Tuneup computer A1PCCleaner
2015-01-17 00:54 . 2015-01-17 00:54 -------- d-----w- c:\users\Susan\AppData\Local\A1PCCleaner
2015-01-16 12:11 . 2015-01-17 02:04 -------- d-----w- C:\FRST
2015-01-16 11:55 . 2014-12-15 10:13 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B452FF51-7111-4AF8-B8F3-2D5229BE6A7D}\mpengine.dll
2015-01-16 11:51 . 2015-01-16 11:51 -------- d-----w- c:\windows\ERUNT
2015-01-16 11:30 . 2015-01-16 11:42 -------- d-----w- C:\AdwCleaner
2015-01-15 21:55 . 2015-01-15 21:55 -------- d-----w- c:\users\Susan\AppData\Roaming\Compete
2015-01-15 21:25 . 2015-01-17 01:05 -------- d-----w- c:\program files (x86)\Tuneup computer
2015-01-15 21:25 . 2015-01-15 21:25 -------- d-----w- c:\users\Susan\AppData\Roaming\Tuneup computer
2015-01-15 21:24 . 2015-01-15 21:24 -------- d-----w- c:\users\Susan\AppData\Local\PCTuner
2015-01-15 12:35 . 2015-01-15 12:35 -------- d-----w- c:\program files (x86)\Setup Support for Consumer Input
2015-01-15 12:24 . 2015-01-15 12:24 -------- d-----w- c:\program files (x86)\Portable WeatherApp
2015-01-15 12:24 . 2015-01-15 12:24 -------- d-----w- c:\windows\PCBHDNW
2015-01-15 12:22 . 2015-01-15 12:22 -------- d-----w- c:\program files (x86)\BetterBrain_1.10.0.6
2015-01-15 12:22 . 2015-01-15 12:22 -------- d-----w- c:\users\Susan\AppData\Roaming\1H1Q1V1N1N1O1R
2015-01-15 03:09 . 2014-12-15 10:13 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-14 00:47 . 2014-09-10 21:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0D0D9F3-913A-4B20-B571-BB8AB36BE037}\gapaengine.dll
2015-01-12 05:01 . 2015-01-14 00:16 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-01-12 02:39 . 2015-01-12 02:39 -------- d-----w- c:\windows\Migration
2015-01-12 01:59 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2015-01-12 01:59 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-01-12 01:59 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-01-12 01:59 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2015-01-12 01:59 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-01-12 01:59 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-01-12 01:59 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-01-12 01:59 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-01-12 01:59 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2015-01-12 01:59 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-01-12 01:58 . 2015-01-12 01:59 -------- d-----w- c:\windows\Temp3E0E1062-6166-3643-B178-8100810ABC33-Signatures
2015-01-12 01:48 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-01-12 01:48 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-01-12 01:44 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-01-12 01:44 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-01-12 01:44 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-01-12 01:44 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-01-12 01:44 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-01-12 01:44 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-01-12 01:44 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-01-12 01:44 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-01-12 01:18 . 2013-12-04 02:16 658432 ----a-w- c:\windows\system32\RMActivate_isv.exe
2015-01-12 01:17 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2015-01-12 01:17 . 2014-07-17 01:39 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-01-12 01:17 . 2014-07-17 02:07 3722240 ----a-w- c:\windows\system32\mstscax.dll
2015-01-12 01:17 . 2014-07-17 02:07 1118720 ----a-w- c:\windows\system32\mstsc.exe
2015-01-12 01:17 . 2014-07-17 01:39 1051136 ----a-w- c:\windows\SysWow64\mstsc.exe
2015-01-12 01:17 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2015-01-12 01:17 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2015-01-12 01:17 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2015-01-12 01:17 . 2014-07-17 01:39 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-01-12 01:17 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2015-01-12 01:17 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-01-12 01:15 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-01-12 01:13 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2015-01-12 01:12 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2015-01-12 01:11 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2015-01-12 01:05 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-01-12 01:05 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-01-12 00:12 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2015-01-12 00:12 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2015-01-12 00:12 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2015-01-12 00:12 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2015-01-12 00:11 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2015-01-12 00:11 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2015-01-12 00:11 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2015-01-12 00:11 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-01-12 00:11 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2015-01-12 00:11 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-01-12 00:11 . 2014-05-14 15:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2015-01-12 00:11 . 2014-05-14 15:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-01-12 00:11 . 2014-05-14 15:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-01-12 00:11 . 2014-05-14 15:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-01-07 19:01 . 2015-01-07 19:01 58232 ----a-w- c:\windows\system32\drivers\bbnfd_1_10_0_6.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 01:44 . 2012-08-09 00:05 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 01:44 . 2012-02-19 03:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-07 06:30 . 2010-05-09 02:23 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-11-27 22:40 . 2014-01-26 18:37 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-18 20:56 . 2014-11-18 20:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2013-02-20 16:02 . 2013-02-20 16:02 4126720 ----a-w- c:\program files (x86)\GUTAD20.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-03-21 2691480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...=90&ver=9.0.872" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files (x86)\ColorVision\ColorVisionStartup\ColorVisionStartup.exe /delay 30 /pause 5 [2009-3-12 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
R2 bbsvc_1.10.0.6;Better Brain 1.10.0.6 Client Service;c:\program files (x86)\BetterBrain_1.10.0.6\Service\bbsvc.exe;c:\program files (x86)\BetterBrain_1.10.0.6\Service\bbsvc.exe [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder2.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 bbnfd_1_10_0_6;bbnfd_1_10_0_6;c:\windows\system32\drivers\bbnfd_1_10_0_6.sys;c:\windows\SYSNATIVE\drivers\bbnfd_1_10_0_6.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-15 21:10 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 01:44]
.
2015-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09 03:26]
.
2015-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09 03:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-03-20 16:24 667808 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-03-20 16:24 667808 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-03-20 16:24 667808 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: arise.com
Trusted Zone: arise.com\ns
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-03-03 16:14; [email protected]; c:\users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\ltqckq7g.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-16  20:18:02
ComboFix-quarantined-files.txt  2015-01-17 02:18
ComboFix2.txt  2015-01-17 01:53
ComboFix3.txt  2015-01-15 22:55
.
Pre-Run: 210,709,348,352 bytes free
Post-Run: 210,639,540,224 bytes free
.
- - End Of File - - 0F5A521CF93A9DE5E94AE039F9381F18

 

I also successfully ran the tool to remove remnants of AVG...

 

 


  • 0

#7
Satchfan
Posted 17 January 2015 - 01:24 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Let’s try forcing the uninstall of Malwarebytes and re-install it.

Download Revo Uninstaller
 

  • double click the installation file on the desktop to run the installer
  • let it install to the default location
  • double click the new Revo Uninstaller Icon on the desktop to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.
 

  • locate the program you are uninstalling <Malwarebytes
  • right-click the icon then choose Uninstall
  • click Yes to the warning and choose the Uninstall Mode
  • choose the Advanced option and then click Next
  • this will launch the programs built in uninstaller. Be patient it can take several seconds
  • once the uninstaller is done click Next
  • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
  • once this scan is done click Next
  • you will then be presented of the leftover entries found by Revo Uninstaller
  • look at ALL of the entries to ensure they relate to the uninstall
  • next, click Select All > Delete to remove the entries
  • click Next
  • if there are any program file folders left over you will be presented with a list to be removed
  • again look at ALL of the entries to ensure they are related to the uninstall
  • click Select All > Delete to remove the entries
  • click Finish to go back to the uninstall list
  • when you have removed it, close the program.

Click here to download a new version and then try running it again.

Satchfan

 

 


  • 0

#8
ethermac56
Posted 17 January 2015 - 08:30 AM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

AntiMalwarebytes scan log..there is a scan log and a protection log.  This is the protection log...the second log posted will be the scan log..one of those shouyld be the correct one.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/17/2015
Scan Time: 7:36:04 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.17.02
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Susan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392595
Time Elapsed: 24 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 54
PUP.Optional.BetterBuy.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bbsvc_1.10.0.6, Quarantined, [f1854bad98f13cfa1efaa44ea45da55b],
PUP.Optional.BetterBuy.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bbnfd_1_10_0_6, Quarantined, [9dd9dd1b761343f30315c62cea17ce32],
PUP.Optional.BetterBuy.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BetterBrain_1.10.0.6, Quarantined, [116557a1a8e1162075a3797934cdd62a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [b2c446b23d4c93a3ceb494237f84dd23],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [fe788a6e4940de583e4403b423e0c53b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [14627d7b8dfc90a6285abdfa7e85817f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [0c6a797f1a6fb185fa88b304b64d9868],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [d0a6fcfc4c3d34020f738b2c8380f808],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [abcb7781484176c00f732d8abb4814ec],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [86f0a6524841f6403d452f88a55e8d73],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [b1c59464cabfc07691f1f1c682817d83],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [81f510e81475f541443e318639ca03fd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [d89ebe3a0e7b52e449396d4a19ea12ee],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [a1d5e216444594a2a2e0189f9e654fb1],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [591d52a6e8a159dd50329d1a3cc7ae52],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [e98ddc1c17720b2b364c5d5a4cb710f0],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [5f1749afd2b7eb4bcfb3fcbb54af946c],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [344221d7761341f58ff3bcfbab586898],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [f581d325c8c1be78255d437462a14fb1],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [3046817754359e98ee94585f8b785ea2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [6a0cb34546433ef89fe3189f3dc61de3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [1d59da1e1f6a38fe344ea215d0331de3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [571f37c10782af871e6492259370c040],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [bfb7ea0e3653979f037ff0c716edca36],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [88eeec0c5f2a5bdbdfa376417f843bc5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [7303797f5435c6703d45f6c12ad9bb45],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [175f33c57613db5b84fea80f907334cc],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\vosteran.exe, Quarantined, [85f1a454c8c1290de0ccb5bd73901de3],
PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.6, Quarantined, [2155b246563376c008e1e98eef14867a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [2a4cb147503948ee404246711ae9c23e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [2b4b599fa3e6a98d582a9324df241be5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [93e3e612216890a6354d744334cf926e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [502605f37b0e37ff1c660aadcc37a35d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [7bfb45b30d7cd066e49ef8bf10f3d22e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [fd797f797b0ef93d5f232196897ae917],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [b3c35c9c6227a591f2906b4c847f26da],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [ea8c5e9a3e4b3402c5bdbcfb1ee50ef2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [b5c109ef9aef93a30d750bace61d946c],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [e98dcc2c563371c5cdb57b3cca391ae6],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [4333f80008816bcb542e3a7dee1505fb],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [116574842663e6505b2709aefc0712ee],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [7df9a94f12771224afd3a512c340b64a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [1264ef09107987af255d4c6bde2558a8],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [babc0aee9fea62d4ec967b3ccb387888],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [aec81eda0188ed496c16caed06fdeb15],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [1264c7311d6c8da93c46d3e4679c9769],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [ff776d8b7e0b92a4750dd2e5a65de11f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [c1b56494f6938fa75e241b9cd52e19e7],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [a7cfc830bacfbc7a6e144176fe05e020],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [0c6a35c3444512246b178a2d90733dc3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [a6d0d8204940ab8bf38fcdea9d6611ef],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [3244a850ea9fcd69f78ba215a95a33cd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [b2c4b840bdcc90a6f1918037e71c24dc],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\vosteran.exe, Quarantined, [41350eeaa8e11125228a086a0df631cf],

Registry Values: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [c6b0e1178603a78ff9a4d4228b79a957]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\Service, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],

Files: 21
PUP.Optional.BetterBuy.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\Service\bbsvc.exe, Quarantined, [f1854bad98f13cfa1efaa44ea45da55b],
PUP.Optional.BetterBuy.A, C:\Windows\System32\drivers\bbnfd_1_10_0_6.sys, Quarantined, [9dd9dd1b761343f30315c62cea17ce32],
PUP.Optional.InstallCore, C:\Users\Susan\AppData\Roaming\1H1Q1V1N1N1O1R\File Opener Packages\uninstaller.exe, Quarantined, [81f546b21c6d76c041764cc254aeab55],
PUP.Optional.BetterBuy.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\Uninstall.exe, Quarantined, [116557a1a8e1162075a3797934cdd62a],
PUP.Optional.Vosteran.A, C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.vosteransearch.com_0.localstorage, Quarantined, [5026a4543257082e1ac6d69a798afa06],
PUP.Optional.Vosteran.A, C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.vosteransearch.com_0.localstorage-journal, Quarantined, [433352a6ff8aea4c13cdf08031d28779],
PUP.Optional.Vosteran.A, C:\Users\Susan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk, Quarantined, [d5a127d19decfd39dbcf92e0da29a25e],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\terms-of-service.rtf, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\buildcrx-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\nsJSON-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\Nustache-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\UAC-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

NOw scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/17/2015
Scan Time: 7:36:04 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.17.02
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Susan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392595
Time Elapsed: 24 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 54
PUP.Optional.BetterBuy.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bbsvc_1.10.0.6, Quarantined, [f1854bad98f13cfa1efaa44ea45da55b],
PUP.Optional.BetterBuy.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bbnfd_1_10_0_6, Quarantined, [9dd9dd1b761343f30315c62cea17ce32],
PUP.Optional.BetterBuy.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BetterBrain_1.10.0.6, Quarantined, [116557a1a8e1162075a3797934cdd62a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [b2c446b23d4c93a3ceb494237f84dd23],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [fe788a6e4940de583e4403b423e0c53b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [14627d7b8dfc90a6285abdfa7e85817f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [0c6a797f1a6fb185fa88b304b64d9868],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [d0a6fcfc4c3d34020f738b2c8380f808],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [abcb7781484176c00f732d8abb4814ec],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [86f0a6524841f6403d452f88a55e8d73],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [b1c59464cabfc07691f1f1c682817d83],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [81f510e81475f541443e318639ca03fd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [d89ebe3a0e7b52e449396d4a19ea12ee],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [a1d5e216444594a2a2e0189f9e654fb1],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [591d52a6e8a159dd50329d1a3cc7ae52],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [e98ddc1c17720b2b364c5d5a4cb710f0],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [5f1749afd2b7eb4bcfb3fcbb54af946c],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [344221d7761341f58ff3bcfbab586898],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [f581d325c8c1be78255d437462a14fb1],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [3046817754359e98ee94585f8b785ea2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [6a0cb34546433ef89fe3189f3dc61de3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [1d59da1e1f6a38fe344ea215d0331de3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [571f37c10782af871e6492259370c040],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [bfb7ea0e3653979f037ff0c716edca36],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [88eeec0c5f2a5bdbdfa376417f843bc5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [7303797f5435c6703d45f6c12ad9bb45],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [175f33c57613db5b84fea80f907334cc],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\vosteran.exe, Quarantined, [85f1a454c8c1290de0ccb5bd73901de3],
PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.6, Quarantined, [2155b246563376c008e1e98eef14867a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [2a4cb147503948ee404246711ae9c23e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [2b4b599fa3e6a98d582a9324df241be5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [93e3e612216890a6354d744334cf926e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [502605f37b0e37ff1c660aadcc37a35d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [7bfb45b30d7cd066e49ef8bf10f3d22e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [fd797f797b0ef93d5f232196897ae917],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [b3c35c9c6227a591f2906b4c847f26da],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [ea8c5e9a3e4b3402c5bdbcfb1ee50ef2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [b5c109ef9aef93a30d750bace61d946c],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [e98dcc2c563371c5cdb57b3cca391ae6],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [4333f80008816bcb542e3a7dee1505fb],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [116574842663e6505b2709aefc0712ee],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [7df9a94f12771224afd3a512c340b64a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [1264ef09107987af255d4c6bde2558a8],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [babc0aee9fea62d4ec967b3ccb387888],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [aec81eda0188ed496c16caed06fdeb15],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [1264c7311d6c8da93c46d3e4679c9769],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [ff776d8b7e0b92a4750dd2e5a65de11f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [c1b56494f6938fa75e241b9cd52e19e7],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [a7cfc830bacfbc7a6e144176fe05e020],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [0c6a35c3444512246b178a2d90733dc3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [a6d0d8204940ab8bf38fcdea9d6611ef],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [3244a850ea9fcd69f78ba215a95a33cd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [b2c4b840bdcc90a6f1918037e71c24dc],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\vosteran.exe, Quarantined, [41350eeaa8e11125228a086a0df631cf],

Registry Values: 1
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [c6b0e1178603a78ff9a4d4228b79a957]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\Service, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],

Files: 21
PUP.Optional.BetterBuy.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\Service\bbsvc.exe, Quarantined, [f1854bad98f13cfa1efaa44ea45da55b],
PUP.Optional.BetterBuy.A, C:\Windows\System32\drivers\bbnfd_1_10_0_6.sys, Quarantined, [9dd9dd1b761343f30315c62cea17ce32],
PUP.Optional.InstallCore, C:\Users\Susan\AppData\Roaming\1H1Q1V1N1N1O1R\File Opener Packages\uninstaller.exe, Quarantined, [81f546b21c6d76c041764cc254aeab55],
PUP.Optional.BetterBuy.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\Uninstall.exe, Quarantined, [116557a1a8e1162075a3797934cdd62a],
PUP.Optional.Vosteran.A, C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.vosteransearch.com_0.localstorage, Quarantined, [5026a4543257082e1ac6d69a798afa06],
PUP.Optional.Vosteran.A, C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.vosteransearch.com_0.localstorage-journal, Quarantined, [433352a6ff8aea4c13cdf08031d28779],
PUP.Optional.Vosteran.A, C:\Users\Susan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vosteran.lnk, Quarantined, [d5a127d19decfd39dbcf92e0da29a25e],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll, Quarantined, [cda96197ea9fb3831c0bfc619d660cf4],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\terms-of-service.rtf, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\buildcrx-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\nsJSON-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\Nustache-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],
PUP.Optional.BetterBrain.A, C:\Program Files (x86)\BetterBrain_1.10.0.6\3rd Party Licenses\UAC-license.txt, Quarantined, [7ef807f1c1c8221415c97fe8c043936d],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#9
ethermac56
Posted 17 January 2015 - 08:32 AM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Forgot to mention that I quarantined everything but did note delete any of the items that AntiMalwarebytes found.


  • 0

#10
Satchfan
Posted 17 January 2015 - 09:38 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Well that certainly cleaned up a lot more.

 

How is the computer behaving?


  • 0

Advertisements

#11
ethermac56
Posted 17 January 2015 - 12:27 PM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Seems to be OK at this point.  All the popups have stopped.  Booting up quicker.  Time to start protecting it again from bad things.  Your reccomendations?  I use Micrsoft Security Essentials which seem to have done an adequate job until recently.


  • 0

#12
Satchfan
Posted 17 January 2015 - 04:38 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Let’s run a final scan to see if there’s anything left.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats

     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:



o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan
 

 


  • 0

#13
ethermac56
Posted 17 January 2015 - 06:40 PM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

ESET scan results

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\76eaa25fd535414d8a8b.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\76eaa25fd535414d8a8b64.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe.vir a variant of Win64/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe.vir a variant of Win32/BrowseFox.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\SolutionReal.expextdll.dll.vir a variant of Win64/BrowseFox.CJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe.vir a variant of Win64/BrowseFox.CL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\{76eaa25f-d535-414d-8a8b-4bce0a94d247}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\{76eaa25f-d535-414d-8a8b-4bce0a94d247}64.dll.vir a variant of Win64/BrowseFox.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.Bromon.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.BroStats.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Solution Real\bin\plugins\SolutionReal.FFUpdate.dll.vir a variant of MSIL/BrowseFox.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Susan\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Susan\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Susan\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Susan\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Susan\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.Z potentially unwanted application
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\{76eaa25f-d535-414d-8a8b-4bce0a94d247}Gw64.sys.vir a variant of Win64/BrowseFox.CG potentially unwanted application
C:\Program Files (x86)\Tuneup computer A1PCCleaner\PCTunerFG.exe a variant of MSIL/RegProCleaner.A potentially unwanted application
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\ProgramData\InstallMate\{B8E3ACF3-CD8A-4EF3-AC18-85A863008E05}\_Setupx.dll Win32/InstalleRex.T potentially unwanted application
C:\Users\All Users\InstallMate\{B8E3ACF3-CD8A-4EF3-AC18-85A863008E05}\_Setupx.dll Win32/InstalleRex.T potentially unwanted application
 


  • 0

#14
Satchfan
Posted 18 January 2015 - 01:45 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Please copy all text in the code box below and paste it into Notepad:
 


@echo off
del /f /s /q "C:\Program Files (x86)\Tuneup computer A1PCCleaner”
del /f /s /q “C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll”
del /f /s /q “C:\Program Files (x86)\Windows Live\Messenger\riched20.dll”
del /f /s /q “C:\ProgramData\InstallMate\{B8E3ACF3-CD8A-4EF3-AC18-85A863008E05}\_Setupx.dll”
del /f /s /q “C:\Users\All Users\InstallMate\{B8E3ACF3-CD8A-4EF3-AC18-85A863008E05}\_Setupx.dll”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting what has already been quarantined: whatever is in these folders can't cause any harm and will be removed when we tidy up.

Can you tell me if you have any remaining problems and if there are none, I’ll send instructions to tidy up.

Satchfan
 

 


  • 0

#15
ethermac56
Posted 18 January 2015 - 12:18 PM

ethermac56

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

No further problems noted..ready for cleanup.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP