Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware/iBryte.Gen7 [Solved]


  • This topic is locked This topic is locked

#1
EstherMarvel

EstherMarvel

    Member

  • Member
  • PipPip
  • 11 posts

Hello,

 

Every time I turn on my computer Avira notifies that this adware was found. I click on "delete" and Avira does so; but then again, it reappears the next day when I turn on my pc. Avira's complete scan of the system did not find it, spybot couldn't either. 

I suspect that I also have other adware installed. However, I never see annoying pop-ups and ads. 

 

I wonder what software can get rid of this thing. I'm concerned about my privacy. Please help me!

 

Thanks a lot! 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thank you very much for helping me!

 

Ive run the software here are the logs.

I just needed to tell u that when I turned on my pc Avira did not give any notifications of adware this time. Anyways, as u have quoted/said, the lack of symptoms does not guaratee a clean pc. 

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by LEO (administrator) on ACPC on 16-02-2015 19:01:53
Running from C:\Users\LEO\Desktop
Loaded Profiles: LEO (Available profiles: LEO)
Platform: Windows 7 Home Basic Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Farbar) C:\Users\LEO\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-10-30] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\Run: [Google Update] => C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-29] (Google Inc.)
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: F - F:\USBAutoRun.exe
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: {df90f9f8-0460-11e2-b93b-e4d53d968466} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: {fe5810c5-17d1-11e2-9cb1-e4d53d968466} - E:\USBAutoRun.exe
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={CCD7AB94-60CC-41CA-9580-906BD784EFA5}&mid=e71fa462af90445b8b5ddd02bce046dc-db22cb90dfff344423106266c7cc0ec077a0777d&lang=en&ds=pl011&pr=sa&d=2012-07-09 10:29:27&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{200CE854-FEBC-418E-90CD-3F82FC754050}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2208244100-4229668497-2801183709-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2208244100-4229668497-2801183709-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
 
Chrome: 
=======
CHR Profile: C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Movie2kDownloader 2) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-26] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-10-30] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-30] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-10-30] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-11] (Avira Operations GmbH & Co. KG)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 19:01 - 2015-02-16 19:03 - 00016131 _____ () C:\Users\LEO\Desktop\FRST.txt
2015-02-16 19:01 - 2015-02-16 19:01 - 02085888 _____ (Farbar) C:\Users\LEO\Desktop\FRST64 (1).exe
2015-02-16 19:00 - 2015-02-16 19:01 - 00000000 ____D () C:\FRST
2015-02-16 18:59 - 2015-02-16 18:59 - 02085888 _____ (Farbar) C:\Users\LEO\Downloads\FRST64.exe
2015-02-15 17:40 - 2015-02-15 17:40 - 00000000 _____ () C:\autoexec.bat
2015-02-14 20:45 - 2015-02-14 20:45 - 00000000 ____D () C:\7fd6535b182d99ffed07e8505af42c8d
2015-02-14 20:40 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-02-14 20:40 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-02-14 20:40 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-02-14 20:40 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-02-14 20:40 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-02-14 20:40 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-02-14 20:40 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-02-14 20:40 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-02-14 19:31 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-14 19:31 - 2015-01-14 00:09 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-14 19:31 - 2015-01-14 00:09 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-14 19:31 - 2015-01-14 00:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-14 19:31 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-14 19:31 - 2015-01-14 00:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-14 19:31 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-14 19:31 - 2015-01-14 00:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-14 19:31 - 2015-01-14 00:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-14 19:31 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-14 19:31 - 2015-01-14 00:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-14 19:31 - 2015-01-14 00:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-14 19:31 - 2015-01-14 00:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-14 19:31 - 2015-01-14 00:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-14 19:31 - 2015-01-13 23:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-14 19:31 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-14 19:31 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-14 19:31 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-14 19:31 - 2015-01-13 23:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-14 19:31 - 2015-01-13 23:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-14 19:31 - 2015-01-13 23:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-14 19:31 - 2015-01-13 23:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-14 19:31 - 2015-01-13 23:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-14 19:31 - 2015-01-13 23:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-14 19:31 - 2014-12-29 19:23 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-14 19:31 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-14 19:31 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-14 19:31 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-14 19:31 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-14 19:31 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-14 19:31 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-14 19:31 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-14 19:31 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-14 19:31 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-14 19:31 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-14 19:31 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-14 19:31 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-14 19:31 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-14 19:31 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-14 19:29 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-14 19:29 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-02-14 19:29 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-02-14 18:35 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-14 18:35 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-14 18:35 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-02-14 18:35 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-14 18:34 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-14 18:34 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-02-14 18:34 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-02-14 18:34 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-02-14 18:34 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-14 18:34 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-02-14 18:34 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-14 18:34 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-02-14 18:34 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-14 18:34 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-02-14 17:59 - 2015-02-16 18:58 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-14 17:59 - 2015-02-14 17:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-14 17:59 - 2015-02-14 17:59 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-14 17:59 - 2015-02-14 17:59 - 00000032 _____ () C:\ProgramData\Temp.log
2015-02-14 17:58 - 2015-02-14 17:58 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-14 12:54 - 2015-02-14 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-02-14 10:17 - 2009-06-10 15:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150214-101705.backup
2015-02-13 00:12 - 2015-02-13 00:12 - 00001087 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-02-13 00:12 - 2015-02-13 00:12 - 00000000 ____D () C:\ProgramData\Licenses
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 18:59 - 2009-07-13 22:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 18:59 - 2009-07-13 22:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 18:56 - 2011-12-20 07:54 - 00000000 ____D () C:\ProgramData\Temp
2015-02-16 18:55 - 2011-12-20 07:24 - 01747982 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 18:52 - 2012-05-30 18:12 - 00000000 ____D () C:\ProgramData\clear.fi
2015-02-16 18:51 - 2015-01-11 14:00 - 00002072 _____ () C:\Windows\setupact.log
2015-02-16 18:51 - 2013-11-13 10:08 - 00000916 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2015-02-16 18:51 - 2013-06-04 10:12 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-02-16 18:51 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 14:28 - 2012-06-29 07:37 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000UA.job
2015-02-16 14:13 - 2013-11-13 10:08 - 00000920 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2015-02-15 23:38 - 2011-12-20 16:13 - 00748438 _____ () C:\Windows\system32\perfh00A.dat
2015-02-15 23:38 - 2011-12-20 16:13 - 00159620 _____ () C:\Windows\system32\perfc00A.dat
2015-02-15 23:38 - 2009-07-13 23:13 - 01679842 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 20:28 - 2012-06-29 07:37 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000Core.job
2015-02-15 17:39 - 2012-05-30 17:57 - 00000000 ____D () C:\Users\LEO
2015-02-15 17:17 - 2009-07-13 22:45 - 00444280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 20:45 - 2013-07-25 09:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-14 20:39 - 2012-05-30 18:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-14 18:13 - 2011-10-13 04:43 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-02-14 18:05 - 2012-06-17 00:45 - 00000000 ____D () C:\Users\LEO\AppData\Local\Cyberlink
2015-02-14 18:02 - 2011-10-13 04:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-14 18:00 - 2012-06-13 16:10 - 00000000 ____D () C:\Users\LEO\AppData\Local\Adobe
2015-02-14 17:59 - 2011-10-13 05:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-14 15:48 - 2013-08-10 19:06 - 00000000 ____D () C:\Users\LEO\Documents\Viedos
2015-02-14 15:44 - 2012-10-19 15:35 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-02-14 12:54 - 2012-10-19 15:35 - 00001395 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-02-14 09:45 - 2013-02-05 10:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-13 00:12 - 2012-10-19 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-02-13 00:12 - 2012-10-19 19:56 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-02-12 21:05 - 2014-12-28 19:34 - 00000000 ____D () C:\Users\LEO\AppData\Local\Cuevana
2015-02-12 20:32 - 2014-05-31 11:57 - 00002322 _____ () C:\Users\LEO\Desktop\Google Chrome.lnk
2015-02-12 20:23 - 2012-06-29 07:37 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000UA
2015-02-12 20:23 - 2012-06-29 07:37 - 00003608 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000Core
2015-02-10 13:47 - 2014-02-13 16:11 - 00006991 _____ () C:\Windows\system32\debug.log
2015-01-29 17:49 - 2012-06-29 17:01 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 23:27 - 2012-10-29 12:16 - 00000000 ____D () C:\Users\LEO\AppData\Roaming\vlc
2015-01-24 16:04 - 2012-10-21 08:18 - 00000000 ____D () C:\Users\LEO\Desktop\IMA
2015-01-21 20:35 - 2012-07-13 15:33 - 00000000 ___RD () C:\Users\LEO\Desktop\Musique
 
==================== Files in the root of some directories =======
 
2013-09-28 10:21 - 2013-09-28 10:21 - 0111358 _____ () C:\Program Files\usbshow.zip
2013-04-18 08:51 - 2013-04-18 08:51 - 18420920 _____ (EdrawSoft                                                   ) C:\Program Files (x86)\$R7CWKC8.exe
2012-10-28 15:37 - 2004-06-14 02:00 - 0214016 _____ (Oxford University Press) C:\Program Files (x86)\$R9U85EK.exe
2013-02-05 10:13 - 2013-02-05 10:14 - 39353881 _____ (Acresso Software Inc.                                        ) C:\Program Files (x86)\$REKK5YQ.exe
2013-02-27 09:14 - 2013-02-27 09:15 - 3234448 _____ (Sony Corporation                                            ) C:\Program Files (x86)\$REN8FQ4.exe
2013-03-07 10:35 - 2013-03-07 10:35 - 0295128 _____ () C:\Program Files (x86)\$RLEEGXH.exe
2013-03-07 10:16 - 2013-03-07 10:16 - 3897832 _____ () C:\Program Files (x86)\$RO0OEDX.exe
2013-02-27 09:06 - 2013-02-27 09:06 - 4102112 _____ (Sony Corporation                                            ) C:\Program Files (x86)\$RR7QX4F.exe
2013-03-07 10:15 - 2013-03-07 10:15 - 0393032 _____ (Softonic                                        ) C:\Program Files (x86)\$RVIKZPZ.exe
2014-02-13 15:43 - 2014-02-13 15:43 - 0921000 _____ (Oracle Corporation) C:\Program Files (x86)\chromeinstall-7u51.exe
2014-02-13 15:38 - 2014-02-13 15:39 - 0401752 _____ (Softonic                                        ) C:\Program Files (x86)\SoftonicDownloader_para_wifi-auditor.exe
2013-07-15 09:39 - 2003-03-21 12:45 - 0250544 _____ (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2012-06-27 17:29 - 2014-10-25 19:40 - 0000503 _____ () C:\Users\LEO\AppData\Roaming\burnaware.ini
2014-01-29 11:01 - 2014-01-29 11:01 - 0000000 _____ () C:\Users\LEO\AppData\Local\{F3C1442D-149F-4407-9EF2-0662A704F3B0}
2011-12-20 07:54 - 2011-12-20 08:00 - 0015223 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-02-14 17:59 - 2015-02-14 17:59 - 0000032 _____ () C:\ProgramData\Temp.log
 
Files to move or delete:
====================
C:\Users\LEO\aircrack-ng.exe
 
 
Some content of TEMP:
====================
C:\Users\LEO\AppData\Local\Temp\avgnt.exe
C:\Users\LEO\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\LEO\AppData\Local\Temp\System.Data.SQLite52772.dll
C:\Users\LEO\AppData\Local\Temp\System.Data.SQLite82384.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-06 14:07
 
==================== End Of Log ============================

  • 0

#4
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Additional

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by LEO at 2015-02-16 19:04:19
Running from C:\Users\LEO\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.3018.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.3018.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.42.68439 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.42.68439 - Alcor Micro Corp.) Hidden
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 2.3.0 (HKLM-x32\...\Ares) (Version: 2.3.0-Build#3054 - Seekar Ltd)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{D6A47464-38FF-379F-C683-9DA1F8371810}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Biblioteca de Consulta Microsoft Encarta 2005 (HKLM-x32\...\{054500C0-64A6-4248-A026-9745C1E9E159}) (Version: 2005 - Microsoft Corporation)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 2.0.0.8 - )
Bonanza Deals (remove only) (HKLM-x32\...\Bonanza Deals) (Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BurnAware Free 4.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware Technologies)
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.31 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.1 - Comodo)
Compatibilidad con Aplicaciones de Apple (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.51 - Conexant)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cuevana Storm version 0.3b (HKLM-x32\...\{2AFB4518-E1D7-4D74-B4FC-C65AE00E531D}_is1) (Version: 0.3b - Cuevana)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dictionnaire Freelang (liste de mots) (HKLM-x32\...\{14B380D6-8205-4F9D-81D8-515235929F2A}_is1) (Version:  - Freelang)
Dictionnaire Freelang 3.74 beta (HKLM-x32\...\{F53C4192-71DE-4B21-BE03-D6F8CBB5A238}_is1) (Version:  - Freelang)
Edraw Mind Map 6.8 (HKLM-x32\...\Edraw Mind Map Freeware_is1) (Version:  - EdrawSoft)
eMule (HKLM-x32\...\eMule) (Version:  - )
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fontboard Arabic Keyboards (HKLM-x32\...\Fontboard Arabic Keyboards_is1) (Version:  - Fontboard)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Sound Recorder (HKLM-x32\...\Free Sound Recorder) (Version:  - CoolRecordEdit Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Hacer clic y ejecutar de Microsoft Office 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Hacer clic y ejecutar de Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
HDVidCodec (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
HotPotatoes v 6.3.0.3 (HKLM-x32\...\hotpot_is1) (Version:  - HalfBaked)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.14 - COWON)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L&H TTS3000 Español (HKLM-x32\...\LHTTSSPE) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.2 - Acer Inc.)
LG Internet Kit (HKLM-x32\...\{40034B11-149E-4310-AE89-BB575B02525B}) (Version: 3.2.0.1 - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
LONGMAN Dictionary of Contemporary English (HKLM-x32\...\ldoce4v2) (Version:  - )
Longman Paper (HKLM-x32\...\Longman Paper) (Version:  - )
Mahjong Towers Eternity (HKLM-x32\...\BFG-Mahjong Towers Eternity) (Version:  - )
Merriam-Webster 3.0 (HKLM-x32\...\{F3812D83-86D2-4445-A841-3E0BA4F9A11C}) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Free Mahjong v.2.0 (HKLM-x32\...\My Free Mahjong_is1) (Version: 2.0 - MyPlayCity.com)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Prezi Desktop (HKLM-x32\...\{7FAE73A4-F0BC-4B65-81CF-52C417383407}) (Version: 4.7.6 - Nombre de su organización)
QUICKfind (HKLM-x32\...\{593AFFA4-D08E-4272-BABB-420949D32A10}) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SoulSeek 157 NS 13e (HKLM-x32\...\Soulseek2) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Trial of the Gods: El Destino de Ariadne (HKLM-x32\...\BFG-Trial of the Gods - El Destino de Ariadne) (Version:  - )
Tunatic (HKLM-x32\...\Tunatic) (Version:  - )
Unicode Phonetic Keyboard (UCL) - 1.10 (HKLM\...\{A1D3C3B7-CE79-431E-B9C2-B4317E370F19}) (Version: 1.0.3.40 - University College London)
Unicode Phonetic Keyboard 1.10 and SIL Fonts (HKLM-x32\...\Unicode Phonetic Keyboard and Font_is1) (Version:  - University College London)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
28-12-2014 19:00:12 Copias de seguridad de Windows
06-01-2015 13:42:59 Copias de seguridad de Windows
11-01-2015 23:08:49 Copias de seguridad de Windows
20-01-2015 20:54:12 Copias de seguridad de Windows
28-01-2015 20:43:39 Copias de seguridad de Windows
10-02-2015 13:29:45 Copias de seguridad de Windows
14-02-2015 17:56:30 Instalado Vedio WebCam
14-02-2015 18:08:10 Configurado Vedio WebCam
14-02-2015 18:34:12 Windows Update
14-02-2015 20:37:16 Windows Update
15-02-2015 19:00:41 Copias de seguridad de Windows
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A9D73AB-F160-4B89-8387-883E4DA9F1BC} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {0D1513F0-F116-4168-839B-5AF63A76CB5F} - System32\Tasks\{DC492959-D40D-47F5-BD09-9B46FD64596E} => pcalua.exe -a "C:\Program Files (x86)\OXFORD\Uninstal.exe" -d "C:\Program Files (x86)\OXFORD"
Task: {2B1E093F-0108-4BA6-89A3-10ED1A8750B6} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {2FD285D3-8DC6-44DB-8002-165757561A51} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {340CFC91-EF2D-470A-9E9C-A5661DC972A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {497B179A-0A9A-44E9-9B98-AEFB72FD218D} - System32\Tasks\{2FF27284-3E6D-4A3E-B6CB-9AF64B7D981E} => C:\Program Files\Longman\ldoce4v2\ldoce4.exe [2006-11-09] (Mozilla, Netscape)
Task: {65A880CA-67AC-4729-B432-CEEB2435E658} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {6EF5C557-93AA-4D15-89A4-3698703D68BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8364EACB-EC98-4D9B-A1E7-411FA71D4972} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000UA => C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29] (Google Inc.)
Task: {8CBA0725-E8DB-422E-80EB-5CBBAADB0A5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000Core => C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29] (Google Inc.)
Task: {9E1E8FFB-819F-45AC-B122-B3AF6B95C248} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A22F3C02-C43E-49FF-969F-765FDFB8768B} - System32\Tasks\{2208EEDE-BA23-430A-87CD-BFE23794AB6A} => C:\Program Files\Longman\ldoce4v2\ldoce4.exe [2006-11-09] (Mozilla, Netscape)
Task: {AACFBA90-C968-484A-816E-97D2E2211035} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BDDE6318-4438-4C3D-BCDB-9EC594B0548F}.exe
Task: {AD969B53-735D-4D32-B433-EF0E0A53EE46} - System32\Tasks\{1091BFA5-DFDA-4624-AC50-097DCB9DFCB8} => C:\Program Files\Longman\ldoce4v2\ldoce4.exe [2006-11-09] (Mozilla, Netscape)
Task: {B2BD030A-E0BA-4EE6-B164-F9D5ACD3D88E} - System32\Tasks\{065BB215-8DB0-4FC7-AA68-DBA512477CA5} => pcalua.exe -a "C:\Program Files (x86)\Longman\ldoce4v2\uninstall.exe" -d "C:\Program Files (x86)\Longman\ldoce4v2"
Task: {B8A1E843-AE82-4D31-AC3E-2591D06D5A68} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B925D591-0F17-4A15-AAAC-C3294BFA23ED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BFF7CF81-0C25-4274-9584-21F259D0851D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {C7BF1AF2-E801-4F00-BA1E-86E2897BE38F} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {D645139F-A9C5-4E6B-8C77-FA773E3A08AB} - System32\Tasks\{2C3E52FF-D884-4BDA-9313-2BF51DD81147} => C:\Program Files\Longman\ldoce4v2\ldoce4.exe [2006-11-09] (Mozilla, Netscape)
Task: {F0F3EC7A-9C46-4D61-8AD7-A93C9CAEE571} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {FE3F4380-B2AE-459B-B302-7B292D3C6DBE} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {FFA8752C-B5BE-4CA1-9C95-65811437FDE1} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BDDE6318-4438-4C3D-BCDB-9EC594B0548F}.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000Core.job => C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208244100-4229668497-2801183709-1000UA.job => C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-10-30 13:38 - 2014-10-30 13:36 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-05-31 10:19 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-07-09 09:29 - 2014-10-30 13:36 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-06-21 11:52 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-21 11:52 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-21 11:52 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-21 11:52 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-21 11:52 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-30 13:38 - 2014-10-30 13:36 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2011-08-24 11:03 - 2011-08-24 11:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-08-19 07:36 - 2014-07-14 15:49 - 00049744 _____ () C:\Users\LEO\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-07-14 15:49 - 2014-07-14 15:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-12 20:32 - 2015-02-04 03:02 - 01117512 _____ () C:\Users\LEO\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-12 20:32 - 2015-02-04 03:02 - 00211272 _____ () C:\Users\LEO\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-12 20:32 - 2015-02-04 03:02 - 09170760 _____ () C:\Users\LEO\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:102394C6
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\LEO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^LEO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Update => "C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: VNT => C:\Program Files (x86)\VNT\vntldr.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2208244100-4229668497-2801183709-500 - Administrator - Disabled)
Invitado (S-1-5-21-2208244100-4229668497-2801183709-501 - Limited - Disabled)
LEO (S-1-5-21-2208244100-4229668497-2801183709-1000 - Administrator - Enabled) => C:\Users\LEO
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/16/2015 06:52:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 06:52:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 06:51:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 06:51:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2015 09:16:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/16/2015 09:16:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/16/2015 09:15:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 09:15:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 09:14:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 09:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/16/2015 06:52:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Avira Service Host se terminó de manera inesperada. Esto ha sucedido 3 veces.
 
Error: (02/16/2015 06:52:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.
 
Error: (02/16/2015 06:52:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.
 
Error: (02/16/2015 02:27:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/16/2015 09:15:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Avira Service Host se terminó de manera inesperada. Esto ha sucedido 3 veces.
 
Error: (02/16/2015 09:15:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 2 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.
 
Error: (02/16/2015 09:14:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Avira Service Host terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.
 
Error: (02/16/2015 09:12:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (02/16/2015 09:06:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio AntiVirSchedulerService.
 
Error: (02/16/2015 07:13:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio AntiVirSchedulerService.
 
 
Microsoft Office Sessions:
=========================
Error: (02/16/2015 06:52:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 06:52:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 06:51:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 06:51:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/16/2015 09:16:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\LEO\Downloads\OffercastInstaller (1).exe
 
Error: (02/16/2015 09:16:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\LEO\Downloads\OffercastInstaller.exe
 
Error: (02/16/2015 09:15:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 09:15:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 09:14:36 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicación: Avira.OE.ServiceHost.exe
Versión de Framework: v4.0.30319
Descripción: el proceso terminó debido a una excepción no controlada.
Información de la excepción: System.ComponentModel.Composition.CompositionException
Pila:
   en System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
   en System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
   en System.ComponentModel.Composition.Primitives.Export.get_Value()
   en System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
   en System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
   en Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
   en System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   en System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   en System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   en System.Threading.ThreadPoolWorkQueue.Dispatch()
   en System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (02/16/2015 09:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 38%
Total physical RAM: 3818.9 MB
Available physical RAM: 2337.11 MB
Total Pagefile: 7635.99 MB
Available Pagefile: 5736.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:262.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9D5CE2C1)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you very much for helping me!


You're quite welcome, it's my pleasure. :)
 

I just needed to tell u that when I turned on my pc Avira did not give any notifications of adware this time. Anyways, as u have quoted/said, the lack of symptoms does not guaratee a clean pc.


Ok, thank you for the information. I do see some things in the logs that need to go, and we'll start taking care of that now. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls and Chrome Extension Removal

Please uninstall the following programs as they are adware/malware related programs:
  • AVG Security Toolbar
  • Bonanza Deals
  • Google Update Helper
  • HDVidCodec
  • YTD Video Downloader 4.8.9
Remove Chrome Extensions

There is an extension in Chrome that need to be removed, please follow the instructions below to remove it.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extension Movie2kDownloader 2 by clicking the trash can icon.

If the extension I've asked you to remove is not listed, don't worry about it. Just move on to the next step. :)



Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG Secure Search
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-10-30] ()
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: F - F:\USBAutoRun.exe
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: {df90f9f8-0460-11e2-b93b-e4d53d968466} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: {fe5810c5-17d1-11e2-9cb1-e4d53d968466} - E:\USBAutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={CCD7AB94-60CC-41CA-9580-906BD784EFA5}&mid=e71fa462af90445b8b5ddd02bce046dc-db22cb90dfff344423106266c7cc0ec077a0777d&lang=en&ds=pl011&pr=sa&d=2012-07-09 10:29:27&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-10-30] (AVG Secure Search)
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\ProgramData\YTD Video Downloader
C:\Users\Public\Desktop\YTD Video Downloader.lnk
C:\Program Files (x86)\SoftonicDownloader_para_wifi-auditor.exe
C:\Users\LEO\aircrack-ng.exe
CustomCLSID: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {0A9D73AB-F160-4B89-8387-883E4DA9F1BC} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {AACFBA90-C968-484A-816E-97D2E2211035} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BDDE6318-4438-4C3D-BCDB-9EC594B0548F}.exe
Task: {C7BF1AF2-E801-4F00-BA1E-86E2897BE38F} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {FE3F4380-B2AE-459B-B302-7B292D3C6DBE} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BDDE6318-4438-4C3D-BCDB-9EC594B0548F}.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:102394C6
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#6
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hello

 

A few things to tell you: Avira tool bar did not appear on chrome extensions, therefore, it remains installed as far as I know. Bonanza Deals appeared uninstalled already. Google Update Helper was not on the list. 

 

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01

Ran by LEO at 2015-02-18 13:31:20 Run:1
Running from C:\Users\LEO\Desktop
Loaded Profiles: LEO (Available profiles: LEO)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Common Files\AVG Secure Search
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG Secure Search
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-10-30] ()
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: F - F:\USBAutoRun.exe
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: {df90f9f8-0460-11e2-b93b-e4d53d968466} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\...\MountPoints2: {fe5810c5-17d1-11e2-9cb1-e4d53d968466} - E:\USBAutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={CCD7AB94-60CC-41CA-9580-906BD784EFA5}&mid=e71fa462af90445b8b5ddd02bce046dc-db22cb90dfff344423106266c7cc0ec077a0777d&lang=en&ds=pl011&pr=sa&d=2012-07-09 10:29:27&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms} 
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-10-30] (AVG Secure Search)
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\ProgramData\YTD Video Downloader
C:\Users\Public\Desktop\YTD Video Downloader.lnk
C:\Program Files (x86)\SoftonicDownloader_para_wifi-auditor.exe
C:\Users\LEO\aircrack-ng.exe
CustomCLSID: HKU\S-1-5-21-2208244100-4229668497-2801183709-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {0A9D73AB-F160-4B89-8387-883E4DA9F1BC} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {AACFBA90-C968-484A-816E-97D2E2211035} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BDDE6318-4438-4C3D-BCDB-9EC594B0548F}.exe
Task: {C7BF1AF2-E801-4F00-BA1E-86E2897BE38F} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {FE3F4380-B2AE-459B-B302-7B292D3C6DBE} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BDDE6318-4438-4C3D-BCDB-9EC594B0548F}.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:102394C6
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => No running process found
C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe => No running process found
C:\Program Files (x86)\AVG Secure Search => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
"HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df90f9f8-0460-11e2-b93b-e4d53d968466}" => Key deleted successfully.
HKCR\CLSID\{df90f9f8-0460-11e2-b93b-e4d53d968466} => Key not found. 
"HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe5810c5-17d1-11e2-9cb1-e4d53d968466}" => Key deleted successfully.
HKCR\CLSID\{fe5810c5-17d1-11e2-9cb1-e4d53d968466} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{fe063412-bea4-4d76-8ed3-183be6220d17}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found. 
HKU\S-1-5-21-2208244100-4229668497-2801183709-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found. 
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.
"C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf" => Key deleted successfully.
C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx => Moved successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
"C:\ProgramData\YTD Video Downloader" => File/Directory not found.
"C:\Users\Public\Desktop\YTD Video Downloader.lnk" => File/Directory not found.
C:\Program Files (x86)\SoftonicDownloader_para_wifi-auditor.exe => Moved successfully.
C:\Users\LEO\aircrack-ng.exe => Moved successfully.
"HKU\S-1-5-21-2208244100-4229668497-2801183709-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A9D73AB-F160-4B89-8387-883E4DA9F1BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A9D73AB-F160-4B89-8387-883E4DA9F1BC}" => Key deleted successfully.
C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AACFBA90-C968-484A-816E-97D2E2211035}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AACFBA90-C968-484A-816E-97D2E2211035}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7BF1AF2-E801-4F00-BA1E-86E2897BE38F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7BF1AF2-E801-4F00-BA1E-86E2897BE38F}" => Key deleted successfully.
C:\Windows\System32\Tasks\BonanzaDealsUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE3F4380-B2AE-459B-B302-7B292D3C6DBE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE3F4380-B2AE-459B-B302-7B292D3C6DBE}" => Key deleted successfully.
C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsLiveUpdateTaskMachineCore" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job not found.
C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\Temp => ":102394C6" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\ProgramData\Temp => ":6F1F66C0" ADS removed successfully.
 
=========  netsh advfirewall reset =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Aceptar
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Configuraci�n IP de Windows
 
Se vaci� correctamente la cach� de resoluci�n de DNS.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 598.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:33:50 ====

  • 0

#7
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Basic x64
Ran by LEO on 18/02/2015 at 13:44:07.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_jetaudio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_jetaudio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_ares_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_ares_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_free-sound-recorder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_free-sound-recorder_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_jetaudio_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_jetaudio_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_ares_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_ares_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_free-sound-recorder_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_free-sound-recorder_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_vlc-media-player_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_vlc-media-player_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\LEO\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\LEO\appdata\local\lollipop"
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{010470CB-725E-4440-9B17-A454024CE4B5}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{222483A6-DDAB-40E9-AAE1-5B845DA3E30D}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{46E6D5A8-6B76-4072-985E-DBCE2F87F534}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{508409C8-21CB-455E-A5E4-60ABE3056345}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{71278D48-B0F8-41CA-9372-B587135F4FD3}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{7BF51173-3143-43D0-8960-11171B63A7C6}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{814BCB73-6F28-49F9-A9C3-D4081B1A5BCD}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{878C5DDE-71CD-4E92-B0BB-B11C9DC976F8}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{947C9CA4-E724-4D16-96D0-C5A8683DB376}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{9BDD8627-CF1B-486E-8DC3-395FC055F5FA}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{9D1AEAE1-4E70-4C39-A82C-3687640980CB}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{9EAF229B-A385-426C-BA74-3432B42C1271}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{AA8F6311-E7BF-4600-826B-9B21A6EE1F34}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{AD0B0351-5F33-48E6-AA62-A09B52BA9A9C}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{B18D098E-313A-439B-8578-659D128AE566}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{BE173AF9-FB79-4210-9B37-119C6718DB1A}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{C2B4644A-20A0-42E2-8E8A-C02FA270724C}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{D1392E1C-C5D5-41B3-9061-2268301A823B}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{D37A6CD4-7E50-453F-ABEE-A2B930EDD7EA}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{E8D59230-7F22-4B5E-8641-FC90A0FEACC5}
Successfully deleted: [Empty Folder] C:\Users\LEO\appdata\local\{FF69702C-EF80-4FCC-B3CC-F41EA7B1D536}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/02/2015 at 13:53:01.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#8
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

ADW

 

# AdwCleaner v4.111 - Logfile created 18/02/2015 at 14:16:08

# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : LEO - ACPC
# Running from : C:\Users\LEO\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\HDvidCodec.com
Folder Deleted : C:\Program Files (x86)\Movie2KDownloader.com
Folder Deleted : C:\Users\LEO\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\LEO\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\LEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Deleted : C:\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\LEO\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BonanzaDeals
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\BonanzaDeals
Key Deleted : HKLM\SOFTWARE\BonanzaDealsLive
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v
 
[C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={CCD7AB94-60CC-41CA-9580-906BD784EFA5}&mid=e71fa462af90445b8b5ddd02bce046dc-db22cb90dfff344423106266c7cc0ec077a0777d&lang=en&ds=pl011&pr=sa&d=2012-07-09 10:29:27&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
[C:\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-11-25&apn_dtid=%5ECMD300%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
 
-\\ Comodo Dragon v33.1.0.1
 
[C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={CCD7AB94-60CC-41CA-9580-906BD784EFA5}&mid=e71fa462af90445b8b5ddd02bce046dc-db22cb90dfff344423106266c7cc0ec077a0777d&lang=en&ds=pl011&pr=sa&d=2012-07-09 10:29:27&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
[C:\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-11-25&apn_dtid=%5ECMD300%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
 
*************************
 
AdwCleaner[R0].txt - [11505 bytes] - [18/02/2015 13:57:28]
AdwCleaner[R1].txt - [11565 bytes] - [18/02/2015 14:12:28]
AdwCleaner[S0].txt - [12105 bytes] - [18/02/2015 14:16:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12165  bytes] ##########

  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

A few things to tell you: Avira tool bar did not appear on chrome extensions, therefore, it remains installed as far as I know. Bonanza Deals appeared uninstalled already. Google Update Helper was not on the list.


Hi :)

The extension in Chrome that was to be removed was Movie2kDownloader 2, not Avira. Please check again, and see if Movie2kDownloader 2 is in the list of Chrome extensions. If so, please remove it. If not, as one of the other tools has removed it's folder, then no worries. :thumbsup:

Let's run a scan for remnants and orphans. How is the machine running?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#10
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hello! 

Im sorry for the delay the ESET scan took a long time and for some bizarre reason my browser could not show this webpage, I could nt open it with my ipad either. 

Movie2kDownloader 2 has been removed. 

 

The computer is working well, but when I turn it on I think it takes a long time to connect to the internet, probably this happened before and I hadn't noticed. Anyways I appreciate your help a lot. Thank you for helping me. 

Here are the logs. 

 

ESET

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=683eb65144095f4d812b0019c36880d4
# engine=22557
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-20 05:22:10
# local_time=2015-02-19 11:22:10 (-0600, Hora estándar central (México))
# country="Mexico"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 0 78222716 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34384 175953180 0 0
# scanned=257295
# found=26
# cleaned=0
# scan_time=22242
sh=DA970646F2DC770A2167B9573F8F09B6E514B893 ft=1 fh=3826a9249689aab4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\LEO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko\30.10_0\background\ChromeUtilPlugin.dll.vir"
sh=C45E295A4F8C57A8A26187876B852B00385AEE31 ft=1 fh=92657eb204f0f992 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=400542A1861884766C461AACC57C07F1AF07215A ft=1 fh=6c0e3a03ac63f2ed vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SoftonicDownloader_para_wifi-auditor.exe.xBAD"
sh=69FB071437A3FF3433496C9C3F03D11A11F23B07 ft=1 fh=1a690280c4a03c18 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files\BurnAware Free\burnaware_free.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=030B30D49605F6B9846CC9BC095BE83CE431DF61 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Program Files (x86)\Comodo\Dragon\extensions\ask_toolbar.crx"
sh=CEF8BAE91D4D3EC24FD95E5D614F12E61CD10245 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.B potentially unwanted application" ac=I fn="C:\Users\LEO\AppData\Roaming\Mozilla\Firefox\Profiles\user.js"
sh=F7260945B86E437EC68E428A80E6E2F04FB91C98 ft=1 fh=3bfb95e8f1384e1d vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L                    Israel Sastré\SoftonicToolbar.exe"
sh=9795AA61B3740714853CD95B9F5F7BE10603B9C9 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L                    Israel Sastré\Thoosje_Sidebar_3_0_by_Thoosje.zip"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\LEO\Desktop\ASPHIXIA\Lastest\Pics-Naval\ApnStub.exe"
sh=B5D47A7C467C8C9F0467ED0A5C5AACBC93A447AB ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win.zip"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe"
sh=17EAAC805004F50029F32A5E5BA5BA0D9C251FB7 ft=1 fh=9673574e3762d059 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Users\LEO\Documents\ApnStub1.exe"
sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\LEO\Downloads\avira_free_antivirus_en.exe"
sh=59AAE8DA608020E189DC86F81D460BB5369C70C5 ft=1 fh=46bde205ee767c89 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\LEO\Downloads\OffercastInstaller (1).exe"
sh=59AAE8DA608020E189DC86F81D460BB5369C70C5 ft=1 fh=46bde205ee767c89 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\LEO\Downloads\OffercastInstaller.exe"
sh=9B229D45DAF8E42A9E5AB80B8A8F3C1DA28BE5D9 ft=1 fh=fc29e722f48e28ff vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIDB7B.tmp"
sh=9B229D45DAF8E42A9E5AB80B8A8F3C1DA28BE5D9 ft=1 fh=fc29e722f48e28ff vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSIF10.tmp"

  • 0

Advertisements


#11
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19/02/2015
Scan Time: 04:11:14 p.m.
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.19.10
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LEO
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356714
Time Elapsed: 41 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 22
PUP.Optional.Spigot.A, C:\Program Files\yt\YTDSetup.exe, Quarantined, [67ab9b7ffb8fed495da1d55107f95ba5], 
PUP.BundleInstaller.DW, C:\Program Files (x86)\$RLEEGXH.exe, Quarantined, [fd155cbe7f0baf87745d3bf1fd042ed2], 
PUP.Optional.Softonic, C:\Program Files (x86)\$RVIKZPZ.exe, Quarantined, [5bb72feb4149f73f2ac1b874966bba46], 
PUP.Optional.Spigot.A, C:\Users\LEO\Documents\YTDSetup.exe, Quarantined, [fb17c1599bef4ee81fdf2ff7916fbf41], 
PUP.Optional.Bundle, C:\Users\LEO\Downloads\emule050a [1].exe, Quarantined, [5fb376a47b0f11254a5c6abaa65ab050], 
PUP.Optional.Softonic.A, C:\Users\LEO\Downloads\SoftonicDownloader_para_aircrack.exe, Quarantined, [cc468b8fd9b140f6b78edc6c10f132ce], 
PUP.Optional.Softonic.A, C:\Users\LEO\Downloads\SoftonicDownloader_para_anki.exe, Quarantined, [fe149d7d5d2d70c6e75ef75155ac40c0], 
PUP.Optional.Softonic.A, C:\Users\LEO\Downloads\SoftonicDownloader_para_argente-registry-cleaner.exe, Quarantined, [cb473cdef09a0e28b98c0345669b1ce4], 
PUP.Optional.Softonic.A, C:\Users\LEO\Downloads\SoftonicDownloader_para_free-sound-recorder.exe, Quarantined, [19f9b466cdbdc5713e07e068c33e18e8], 
PUP.Optional.Softonic, C:\Users\LEO\Downloads\SoftonicDownloader_para_my-picture-puzzle (1).exe, Quarantined, [6ba752c8dcae72c4d912de4e30d1d828], 
PUP.Optional.Softonic, C:\Users\LEO\Downloads\SoftonicDownloader_para_my-picture-puzzle.exe, Quarantined, [769c36e49ceee15535b6d5577190ea16], 
PUP.Optional.Softonic.A, C:\Users\LEO\Downloads\SoftonicDownloader_para_oficalc.exe, Quarantined, [12003ae0addd95a1c97c63e5a55c19e7], 
PUP.Optional.Softonic.A, C:\Users\LEO\Downloads\SoftonicDownloader_para_prezi-desktop.exe, Quarantined, [a17120fa1971fc3ac87d58f04cb5b848], 
PUP.Optional.Softonic, C:\Users\LEO\Downloads\SoftonicDownloader_para_usb-show (1).exe, Quarantined, [53bf0317c8c21a1c12d977b50af7ca36], 
PUP.Optional.Softonic, C:\Users\LEO\Downloads\SoftonicDownloader_para_usb-show.exe, Quarantined, [878bdb3f484290a68f5cc567bf4243bd], 
PUP.Optional.Softonic.A, C:\Users\LEO\Downloads\SoftonicDownloader_para_vlc-media-player.exe, Quarantined, [b45ec159b6d49a9cda6be66240c16997], 
PUP.Optional.Solimba, C:\Users\LEO\Downloads\Hot Potatoes (1).exe, Quarantined, [a2706ab0fe8c44f2428f0d20b74aad53], 
PUP.Optional.Solimba, C:\Users\LEO\Downloads\Hot Potatoes.exe, Quarantined, [a0721ffb38521a1c339e31fc669b55ab], 
PUP.BundleInstaller.OI, C:\Users\LEO\Downloads\oi_mahjongsetupexe.exe, Quarantined, [2ce62eec008ad5618057abfaf20e07f9], 
PUP.Optional.Softonic, C:\Users\LEO\Downloads\SoftonicDownloader_for_jetaudio.exe, Quarantined, [b75b81993a50d4626d7e46e620e115eb], 
PUP.AdBundler, C:\Users\LEO\Downloads\Juegos de Tablero.exe, Quarantined, [c64cdd3dbad00e28f069c8f6a06023dd], 
PUP.Optional.Bundle, C:\Users\LEO\Downloads\emule050a.exe, Quarantined, [d939bf5b4545e6509313c3616d933cc4], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#12
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 CCleaner     
 Java 7 Update 51  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 39.0.2171.95 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 

  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hello!

Im sorry for the delay the ESET scan took a long time and for some bizarre reason my browser could not show this webpage, I could nt open it with my ipad either.

Movie2kDownloader 2 has been removed.


No worries on the delay, ESET can take quite a while. Besides, we do this on a schedule that works best for you. :thumbsup:

The computer is working well, but when I turn it on I think it takes a long time to connect to the internet, probably this happened before and I hadn't noticed. Anyways I appreciate your help a lot. Thank you for helping me.


You're quite welcome for the help. :) Let's get rid of the items that ESET found and we'll take a look at your connection.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Program Files\BurnAware Free\burnaware_free.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe
C:\Program Files (x86)\Comodo\Dragon\extensions\ask_toolbar.crx
C:\Users\LEO\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L Israel Sastré\SoftonicToolbar.exe
C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L Israel Sastré\Thoosje_Sidebar_3_0_by_Thoosje.zip
C:\Users\LEO\Desktop\ASPHIXIA\Lastest\Pics-Naval\ApnStub.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win.zip
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe
C:\Users\LEO\Documents\ApnStub1.exe
C:\Users\LEO\Downloads\avira_free_antivirus_en.exeC:\Users\LEO\Downloads\OffercastInstaller (1).exe
C:\Users\LEO\Downloads\OffercastInstaller.exe
C:\Windows\Installer\MSIDB7B.tmp
C:\Windows\Installer\MSIF10.tmp
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Scan with Farbars Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

FSS.txt Log

  • 0

#14
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by LEO at 2015-02-22 10:32:41 Run:2
Running from C:\Users\LEO\Desktop
Loaded Profiles: LEO (Available profiles: LEO)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Program Files\BurnAware Free\burnaware_free.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe
C:\Program Files (x86)\Comodo\Dragon\extensions\ask_toolbar.crx
C:\Users\LEO\AppData\Roaming\Mozilla\Firefox\Profiles\user.js
C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L Israel Sastré\SoftonicToolbar.exe
C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L Israel Sastré\Thoosje_Sidebar_3_0_by_Thoosje.zip
C:\Users\LEO\Desktop\ASPHIXIA\Lastest\Pics-Naval\ApnStub.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win.zip
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe
C:\Users\LEO\Documents\ApnStub1.exe
C:\Users\LEO\Downloads\avira_free_antivirus_en.exeC:\Users\LEO\Downloads\OffercastInstaller (1).exe
C:\Users\LEO\Downloads\OffercastInstaller.exe
C:\Windows\Installer\MSIDB7B.tmp
C:\Windows\Installer\MSIF10.tmp
End
*****************
 
C:\Program Files\BurnAware Free\burnaware_free.exe => Moved successfully.
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll => Moved successfully.
C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe => Moved successfully.
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe => Moved successfully.
C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe => Moved successfully.
C:\Program Files (x86)\Comodo\Dragon\extensions\ask_toolbar.crx => Moved successfully.
C:\Users\LEO\AppData\Roaming\Mozilla\Firefox\Profiles\user.js => Moved successfully.
"C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L Israel Sastré\SoftonicToolbar.exe" => File/Directory not found.
"C:\Users\LEO\Desktop\ASPHIXIA\2. C O O R D I N A T I O N\POTATO\P E R S O N A L Israel Sastré\Thoosje_Sidebar_3_0_by_Thoosje.zip" => File/Directory not found.
C:\Users\LEO\Desktop\ASPHIXIA\Lastest\Pics-Naval\ApnStub.exe => Moved successfully.
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win.zip => Moved successfully.
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe => Moved successfully.
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe => Moved successfully.
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe => Moved successfully.
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-cygwin1.exe => Moved successfully.
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-msvcr70.exe => Moved successfully.
C:\Users\LEO\Desktop\Nueva carpeta\aircrack-ng-1-2-beta1-win\Extraer\aircrack-ng-1.2-beta1-win\dffsetup-peek.exe => Moved successfully.
C:\Users\LEO\Documents\ApnStub1.exe => Moved successfully.
"C:\Users\LEO\Downloads\avira_free_antivirus_en.exeC:\Users\LEO\Downloads\OffercastInstaller (1).exe" => File/Directory not found.
C:\Users\LEO\Downloads\OffercastInstaller.exe => Moved successfully.
C:\Windows\Installer\MSIDB7B.tmp => Moved successfully.
C:\Windows\Installer\MSIF10.tmp => Moved successfully.
 
==== End of Fixlog 10:32:48 ====

  • 0

#15
EstherMarvel

EstherMarvel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Farbar Service Scanner Version: 17-01-2015
Ran by LEO (administrator) on 22-02-2015 at 10:36:10
Running from "C:\Users\LEO\Downloads"
Microsoft Windows 7 Home Basic  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP